From fe197ab4402c8e8eba5704c9c1d83af1fb0d2c05 Mon Sep 17 00:00:00 2001 From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com> Date: Thu, 25 Jul 2019 12:22:42 -0400 Subject: [PATCH 01/14] Added CyberPanel password changing plugin --- .../ChangePasswordCyberPanel.php | 139 ++++++++++++++++++ plugins/change-password-cyberpanel/LICENSE | 20 +++ plugins/change-password-cyberpanel/README | 1 + plugins/change-password-cyberpanel/README.md | 10 ++ plugins/change-password-cyberpanel/VERSION | 1 + plugins/change-password-cyberpanel/index.php | 44 ++++++ 6 files changed, 215 insertions(+) create mode 100644 plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php create mode 100644 plugins/change-password-cyberpanel/LICENSE create mode 100644 plugins/change-password-cyberpanel/README create mode 100644 plugins/change-password-cyberpanel/README.md create mode 100644 plugins/change-password-cyberpanel/VERSION create mode 100644 plugins/change-password-cyberpanel/index.php diff --git a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php new file mode 100644 index 000000000..63833845b --- /dev/null +++ b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php @@ -0,0 +1,139 @@ +mHost = $mHost; + return $this; + } + + /** + * @param string $mUser + * + * @return \ChangePasswordCyberPanel + */ + public function SetmUser($mUser) + { + $this->mUser = $mUser; + return $this; + } + + /** + * @param string $mPass + * + * @return \ChangePasswordCyberPanel + */ + public function SetmPass($mPass) + { + $this->mPass = $mPass; + return $this; + } + + /** + * @param \MailSo\Log\Logger $oLogger + * + * @return \ChangePasswordCyberPanel + */ + public function SetLogger($oLogger) + { + if ($oLogger instanceof \MailSo\Log\Logger) + { + $this->oLogger = $oLogger; + } + + return $this; + } + + /** + * @param \RainLoop\Account $oAccount + * + * @return bool + */ + public function PasswordChangePossibility($oAccount) + { + return $oAccount && $oAccount->Email(); + } + + /** + * @param \RainLoop\Account $oAccount + * @param string $sPrevPassword + * @param string $sNewPassword + * + * @return bool + */ + public function ChangePassword(\RainLoop\Account $oAccount, $sPrevPassword, $sNewPassword) + { + if ($this->oLogger) + { + $this->oLogger->Write('Try to change password for '.$oAccount->Email()); + } + + $bResult = false; + $db = mysqli_connect($this->mHost, $this->mUser, $this->mPass, 'cyberpanel'); + + try + { + $sEmail = $oAccount->Email(); + $sEmailUser = \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail); + $sEmailDomain = \MailSo\Base\Utils::GetDomainFromEmail($sEmail); + + $password_check_query = "SELECT * FROM e_users WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'"; + + $result = mysqli_query($db, $password_check_query); + $password_check = mysqli_fetch_assoc($result); + + if (password_verify($sPrevPassword, substr($password_check['password'], 7))) { + $hashed_password = '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT); + $password_update_query = "UPDATE e_users SET password = '$hashed_password' WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'"; + mysqli_query($db, $password_update_query); + $bResult = true; + if ($this->oLogger) + { + $this->oLogger->Write('Success! Password was changed.'); + } + } else { + $bResult = false; + if ($this->oLogger) + { + $this->oLogger->Write('Something went wrong. Either the current password is incorrect or new password does not match the criteria.'); + } + } + } + catch (\Exception $oException) + { + $bResult = false; + if ($this->oLogger) + { + $this->oLogger->WriteException($oException); + } + } + + return $bResult; + } +} diff --git a/plugins/change-password-cyberpanel/LICENSE b/plugins/change-password-cyberpanel/LICENSE new file mode 100644 index 000000000..67b1540b2 --- /dev/null +++ b/plugins/change-password-cyberpanel/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2019 David Forbush + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/plugins/change-password-cyberpanel/README b/plugins/change-password-cyberpanel/README new file mode 100644 index 000000000..c2bce7a2e --- /dev/null +++ b/plugins/change-password-cyberpanel/README @@ -0,0 +1 @@ +You can change passwords with CyberPanel \ No newline at end of file diff --git a/plugins/change-password-cyberpanel/README.md b/plugins/change-password-cyberpanel/README.md new file mode 100644 index 000000000..937fe265e --- /dev/null +++ b/plugins/change-password-cyberpanel/README.md @@ -0,0 +1,10 @@ +Rainloop change password cyberpanel plugin +============================================ + +This plugin adds change password capability to Rainloop webmail for servers running CyberPanel web panel software. + +##### Installation is simple: + +1. Drop the change-password-cyberpanel folder in the plugins directory (eg. _RainLoopDir_/data/data_xxxxx/_default/plugins/*) +2. In rainloop admin panel go to Plugins, and activate change-password-cyberpanel. +3. Enter CyberPanel SQL user details on the plugin config screen. diff --git a/plugins/change-password-cyberpanel/VERSION b/plugins/change-password-cyberpanel/VERSION new file mode 100644 index 000000000..9f8e9b69a --- /dev/null +++ b/plugins/change-password-cyberpanel/VERSION @@ -0,0 +1 @@ +1.0 \ No newline at end of file diff --git a/plugins/change-password-cyberpanel/index.php b/plugins/change-password-cyberpanel/index.php new file mode 100644 index 000000000..65b71bcd5 --- /dev/null +++ b/plugins/change-password-cyberpanel/index.php @@ -0,0 +1,44 @@ +addHook('main.fabrica', 'MainFabrica'); + } + + /** + * @param string $sName + * @param mixed $oProvider + */ + public function MainFabrica($sName, &$oProvider) + { + switch ($sName) + { + case 'change-password': + include_once __DIR__.'/ChangePasswordCyberPanel.php'; + $oProvider = new ChangePasswordCyberPanel(); + $oProvider + ->SetLogger($this->Manager()->Actions()->Logger()) + ->SetmHost($this->Config()->Get('plugin', 'mHost', '')) + ->SetmUser($this->Config()->Get('plugin', 'mUser', '')) + ->SetmPass($this->Config()->Get('plugin', 'mPass', '')) + ; + break; + } + } + + /** + * @return array + */ + public function configMapping() + { + return array( + \RainLoop\Plugins\Property::NewInstance('mHost')->SetLabel('MySQL Host') + ->SetDefaultValue('127.0.0.1'), + \RainLoop\Plugins\Property::NewInstance('mUser')->SetLabel('MySQL User'), + \RainLoop\Plugins\Property::NewInstance('mPass')->SetLabel('MySQL Password') + ->SetType(\RainLoop\Enumerations\PluginPropertyType::PASSWORD) + ); + } +} From 36059e960d1ddf6d5d84285423791a5213826b21 Mon Sep 17 00:00:00 2001 From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com> Date: Thu, 25 Jul 2019 16:52:26 -0400 Subject: [PATCH 02/14] Cleaned up code formatting from upload --- .../ChangePasswordCyberPanel.php | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php index 63833845b..776bac1c7 100644 --- a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php +++ b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php @@ -102,28 +102,28 @@ class ChangePasswordCyberPanel implements \RainLoop\Providers\ChangePassword\Cha $sEmail = $oAccount->Email(); $sEmailUser = \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail); $sEmailDomain = \MailSo\Base\Utils::GetDomainFromEmail($sEmail); - + $password_check_query = "SELECT * FROM e_users WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'"; + + $result = mysqli_query($db, $password_check_query); + $password_check = mysqli_fetch_assoc($result); - $result = mysqli_query($db, $password_check_query); - $password_check = mysqli_fetch_assoc($result); - - if (password_verify($sPrevPassword, substr($password_check['password'], 7))) { - $hashed_password = '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT); - $password_update_query = "UPDATE e_users SET password = '$hashed_password' WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'"; - mysqli_query($db, $password_update_query); - $bResult = true; + if (password_verify($sPrevPassword, substr($password_check['password'], 7))) { + $hashed_password = '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT); + $password_update_query = "UPDATE e_users SET password = '$hashed_password' WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'"; + mysqli_query($db, $password_update_query); + $bResult = true; if ($this->oLogger) { $this->oLogger->Write('Success! Password was changed.'); } - } else { + } else { $bResult = false; if ($this->oLogger) { $this->oLogger->Write('Something went wrong. Either the current password is incorrect or new password does not match the criteria.'); } - } + } } catch (\Exception $oException) { From 81449eb59d1924f9696ee04d721e2db37c0f530d Mon Sep 17 00:00:00 2001 From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com> Date: Thu, 25 Jul 2019 16:53:09 -0400 Subject: [PATCH 03/14] Update ChangePasswordCyberPanel.php --- .../change-password-cyberpanel/ChangePasswordCyberPanel.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php index 776bac1c7..0474807df 100644 --- a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php +++ b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php @@ -104,9 +104,8 @@ class ChangePasswordCyberPanel implements \RainLoop\Providers\ChangePassword\Cha $sEmailDomain = \MailSo\Base\Utils::GetDomainFromEmail($sEmail); $password_check_query = "SELECT * FROM e_users WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'"; - - $result = mysqli_query($db, $password_check_query); - $password_check = mysqli_fetch_assoc($result); + $result = mysqli_query($db, $password_check_query); + $password_check = mysqli_fetch_assoc($result); if (password_verify($sPrevPassword, substr($password_check['password'], 7))) { $hashed_password = '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT); From 4b00ef72d41646a7a5c95fdef0b5070e21aa64d8 Mon Sep 17 00:00:00 2001 From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com> Date: Thu, 25 Jul 2019 16:54:15 -0400 Subject: [PATCH 04/14] Update index.php --- plugins/change-password-cyberpanel/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/change-password-cyberpanel/index.php b/plugins/change-password-cyberpanel/index.php index 65b71bcd5..7547c18a2 100644 --- a/plugins/change-password-cyberpanel/index.php +++ b/plugins/change-password-cyberpanel/index.php @@ -24,7 +24,7 @@ class ChangePasswordCyberPanelPlugin extends \RainLoop\Plugins\AbstractPlugin ->SetmUser($this->Config()->Get('plugin', 'mUser', '')) ->SetmPass($this->Config()->Get('plugin', 'mPass', '')) ; - break; + break; } } From a6e70256ea825cd8fba78d0feea372069a2586ba Mon Sep 17 00:00:00 2001 From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com> Date: Fri, 26 Jul 2019 09:33:31 -0400 Subject: [PATCH 05/14] Added escaping of special characters --- .../ChangePasswordCyberPanel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php index 0474807df..ff13fade3 100644 --- a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php +++ b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php @@ -99,16 +99,16 @@ class ChangePasswordCyberPanel implements \RainLoop\Providers\ChangePassword\Cha try { - $sEmail = $oAccount->Email(); - $sEmailUser = \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail); - $sEmailDomain = \MailSo\Base\Utils::GetDomainFromEmail($sEmail); + $sEmail = mysqli_real_escape_string($db, $oAccount->Email()); + $sEmailUser = mysqli_real_escape_string($db, \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail)); + $sEmailDomain = mysqli_real_escape_string($db, \MailSo\Base\Utils::GetDomainFromEmail($sEmail)); $password_check_query = "SELECT * FROM e_users WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'"; $result = mysqli_query($db, $password_check_query); $password_check = mysqli_fetch_assoc($result); if (password_verify($sPrevPassword, substr($password_check['password'], 7))) { - $hashed_password = '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT); + $hashed_password = mysqli_real_escape_string($db, '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT)) $password_update_query = "UPDATE e_users SET password = '$hashed_password' WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'"; mysqli_query($db, $password_update_query); $bResult = true; From e84c2742e8ffa08dab18b15e736d75777844bf33 Mon Sep 17 00:00:00 2001 From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com> Date: Fri, 26 Jul 2019 09:34:55 -0400 Subject: [PATCH 06/14] Fixed minor typo --- plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php index ff13fade3..0abfd6cb3 100644 --- a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php +++ b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php @@ -108,7 +108,7 @@ class ChangePasswordCyberPanel implements \RainLoop\Providers\ChangePassword\Cha $password_check = mysqli_fetch_assoc($result); if (password_verify($sPrevPassword, substr($password_check['password'], 7))) { - $hashed_password = mysqli_real_escape_string($db, '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT)) + $hashed_password = mysqli_real_escape_string($db, '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT)); $password_update_query = "UPDATE e_users SET password = '$hashed_password' WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'"; mysqli_query($db, $password_update_query); $bResult = true; From e157fb02a59dfe01fd3fef71f286d143b3b67fee Mon Sep 17 00:00:00 2001 From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com> Date: Fri, 26 Jul 2019 09:59:05 -0400 Subject: [PATCH 07/14] Update ChangePasswordCyberPanel.php --- .../change-password-cyberpanel/ChangePasswordCyberPanel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php index 0abfd6cb3..f79bd2149 100644 --- a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php +++ b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php @@ -114,13 +114,13 @@ class ChangePasswordCyberPanel implements \RainLoop\Providers\ChangePassword\Cha $bResult = true; if ($this->oLogger) { - $this->oLogger->Write('Success! Password was changed.'); + $this->oLogger->Write('Success! The password was changed.'); } } else { $bResult = false; if ($this->oLogger) { - $this->oLogger->Write('Something went wrong. Either the current password is incorrect or new password does not match the criteria.'); + $this->oLogger->Write('Something went wrong. Either the current password is incorrect or the new password does not match the criteria.'); } } } From d4fdac74e6b6a6cd981bf091b3f1ba232b455afe Mon Sep 17 00:00:00 2001 From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com> Date: Fri, 26 Jul 2019 10:02:15 -0400 Subject: [PATCH 08/14] Tweaked wording and edited grammar --- plugins/change-password-cyberpanel/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugins/change-password-cyberpanel/README.md b/plugins/change-password-cyberpanel/README.md index 937fe265e..31786d7ad 100644 --- a/plugins/change-password-cyberpanel/README.md +++ b/plugins/change-password-cyberpanel/README.md @@ -1,10 +1,10 @@ -Rainloop change password cyberpanel plugin +RainLoop Cyberpanel Password Changing Plugin ============================================ -This plugin adds change password capability to Rainloop webmail for servers running CyberPanel web panel software. +This plugin adds password changing capability to RainLoop webmail for servers running CyberPanel web panel software. ##### Installation is simple: -1. Drop the change-password-cyberpanel folder in the plugins directory (eg. _RainLoopDir_/data/data_xxxxx/_default/plugins/*) -2. In rainloop admin panel go to Plugins, and activate change-password-cyberpanel. -3. Enter CyberPanel SQL user details on the plugin config screen. +1. Place the change-password-cyberpanel folder in the plugins directory (eg. _RainLoopDir_/data/data_xxxxx/_default/plugins/*) +2. In RainLoop administration panel, go to Plugins and activate change-password-cyberpanel. +3. Enter CyberPanel's SQL user details on the plugin configuration screen. From 03e4f4fc9c1c915ed7b3de1c90457e94f7b7bc6d Mon Sep 17 00:00:00 2001 From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com> Date: Fri, 26 Jul 2019 10:02:25 -0400 Subject: [PATCH 09/14] Update README.md --- plugins/change-password-cyberpanel/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/change-password-cyberpanel/README.md b/plugins/change-password-cyberpanel/README.md index 31786d7ad..9e0482d56 100644 --- a/plugins/change-password-cyberpanel/README.md +++ b/plugins/change-password-cyberpanel/README.md @@ -1,4 +1,4 @@ -RainLoop Cyberpanel Password Changing Plugin +RainLoop CyberPanel Password Changing Plugin ============================================ This plugin adds password changing capability to RainLoop webmail for servers running CyberPanel web panel software. From cf63417374a0b64d5e35114ad0775e346a5de948 Mon Sep 17 00:00:00 2001 From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com> Date: Fri, 26 Jul 2019 10:04:00 -0400 Subject: [PATCH 10/14] Update README --- plugins/change-password-cyberpanel/README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/change-password-cyberpanel/README b/plugins/change-password-cyberpanel/README index c2bce7a2e..0d410bb23 100644 --- a/plugins/change-password-cyberpanel/README +++ b/plugins/change-password-cyberpanel/README @@ -1 +1 @@ -You can change passwords with CyberPanel \ No newline at end of file +This plugin allows you to change passwords of email accounts managed by CyberPanel web panel software From d683da256fcc4af783820e5f4d801ca25376a1a6 Mon Sep 17 00:00:00 2001 From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com> Date: Fri, 26 Jul 2019 10:06:07 -0400 Subject: [PATCH 11/14] Update README.md --- plugins/change-password-cyberpanel/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/change-password-cyberpanel/README.md b/plugins/change-password-cyberpanel/README.md index 9e0482d56..6bf3ae2d0 100644 --- a/plugins/change-password-cyberpanel/README.md +++ b/plugins/change-password-cyberpanel/README.md @@ -5,6 +5,6 @@ This plugin adds password changing capability to RainLoop webmail for servers ru ##### Installation is simple: -1. Place the change-password-cyberpanel folder in the plugins directory (eg. _RainLoopDir_/data/data_xxxxx/_default/plugins/*) +1. Place the change-password-cyberpanel folder in the plugins directory (e.g. _RainLoopDir_/data/data_xxxxx/_default/plugins/*). 2. In RainLoop administration panel, go to Plugins and activate change-password-cyberpanel. 3. Enter CyberPanel's SQL user details on the plugin configuration screen. From d75641c36725cfdf863fca7e7e1b1299fdf80fc8 Mon Sep 17 00:00:00 2001 From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com> Date: Fri, 26 Jul 2019 15:56:43 -0400 Subject: [PATCH 12/14] Update ChangePasswordCyberPanel.php --- plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php index f79bd2149..031aef08a 100644 --- a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php +++ b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php @@ -120,7 +120,7 @@ class ChangePasswordCyberPanel implements \RainLoop\Providers\ChangePassword\Cha $bResult = false; if ($this->oLogger) { - $this->oLogger->Write('Something went wrong. Either the current password is incorrect or the new password does not match the criteria.'); + $this->oLogger->Write('Something went wrong. Either the current password is incorrect or the new password does not meet the criteria.'); } } } From 4640e1941bf79d0862dccfa6fe2fc51b199cde01 Mon Sep 17 00:00:00 2001 From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com> Date: Wed, 31 Jul 2019 15:46:44 -0400 Subject: [PATCH 13/14] Increased cost/rounds to 12 for enhanced security --- plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php index 031aef08a..150ed5edb 100644 --- a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php +++ b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php @@ -108,7 +108,7 @@ class ChangePasswordCyberPanel implements \RainLoop\Providers\ChangePassword\Cha $password_check = mysqli_fetch_assoc($result); if (password_verify($sPrevPassword, substr($password_check['password'], 7))) { - $hashed_password = mysqli_real_escape_string($db, '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT)); + $hashed_password = mysqli_real_escape_string($db, '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT, ['cost' => 12,])); $password_update_query = "UPDATE e_users SET password = '$hashed_password' WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'"; mysqli_query($db, $password_update_query); $bResult = true; From 4c1a7a41a89846a7a37c3288fc632a1b9d83b1c7 Mon Sep 17 00:00:00 2001 From: hifihedgehog <16614343+hifihedgehog@users.noreply.github.com> Date: Wed, 31 Jul 2019 15:48:28 -0400 Subject: [PATCH 14/14] Update VERSION --- plugins/change-password-cyberpanel/VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/change-password-cyberpanel/VERSION b/plugins/change-password-cyberpanel/VERSION index 9f8e9b69a..9459d4ba2 100644 --- a/plugins/change-password-cyberpanel/VERSION +++ b/plugins/change-password-cyberpanel/VERSION @@ -1 +1 @@ -1.0 \ No newline at end of file +1.1