From 2fc2902022cece4f97352aaf413df9b6731b69ed Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Fri, 3 Sep 2010 11:36:59 +0000
Subject: Base64 encode passowrd fields for safer operations. Suggested-by:
 Efonne(IRC)

---
 usr/local/www/vpn_pppoe_edit.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'usr/local/www/vpn_pppoe_edit.php')

diff --git a/usr/local/www/vpn_pppoe_edit.php b/usr/local/www/vpn_pppoe_edit.php
index be28b04..39de7fb 100755
--- a/usr/local/www/vpn_pppoe_edit.php
+++ b/usr/local/www/vpn_pppoe_edit.php
@@ -203,7 +203,7 @@ if ($_POST) {
 		$users = array();
 		for($x=0; $x<4999; $x++) {
 			if ($_POST["username{$x}"]) {
-				$usernam = $_POST["username{$x}"] . ":" . $_POST["password{$x}"];
+				$usernam = $_POST["username{$x}"] . ":" . base64_encode($_POST["password{$x}"]);
 				if ($_POST["ip{$x}"])
 					$usernam .= ":" . $_POST["ip{$x}"];
 				$users[] = $usernam;
@@ -539,7 +539,7 @@ function enable_change(enable_over) {
 				foreach($item as $ww) {
 					$wws = explode(":", $ww);
 					$user = $wws[0];
-					$passwd = $wws[1];
+					$passwd = base64_decode($wws[1]);
 					$ip = $wws[2];
                         		$tracker = $counter;
 		?>
-- 
cgit v1.1