[ewiki] bugreport + fix

• From: Timm Zwickel <t@xxxxxxxxxxxxxxx>
• To: ewiki@xxxxxxxxxxxxx
• Date: Tue, 9 Dec 2003 14:09:18 +0100

Hi there!

If I am not mistaken there is a bug in function ewiki_auth_user() in ewiki.php 
concerning authentication via crypt():

@~line 2532 it says: 

    || ($enc_pw == crypt($password, substr($_pw, 0, 2)))

it should be:

    || ($enc_pw == crypt($password, substr($enc_pw, 0, 2)))

i.e. $enc_pw instead of $_pw. There were no errors so far, since "_pw" was 
taken to be an empty string, which also works for crypt() theoretically - but 
you need the "salt". Solong, timm

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription