From 659fa7f23bb28d316ec6c99a538ee74bc7ffc0a3 Mon Sep 17 00:00:00 2001 From: Matthew Grooms Date: Sun, 3 Aug 2008 17:54:35 +0000 Subject: Cleanup authentication code. The basic auth method, the passwd, htpasswd and pam backing functions have been removed. The basic auth method was legacy code and the backing functions were redundant with no added value that I could see. A simplified replacement backing function named local_backed has been added that authenticates to the local configuration info which should be identical to system pwdb credentials. Since the htpassword file is no longer required, sync_webgui_passwords and its wrapper function system_password_configure have been removed. The local account management functions were renamed for consistency. A few minor bugs related to setting local passwords have also been corrected. --- usr/local/www/wizards/setup_wizard.xml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'usr/local/www/wizards') diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml index e6b46bc..1cf882c 100644 --- a/usr/local/www/wizards/setup_wizard.xml +++ b/usr/local/www/wizards/setup_wizard.xml @@ -418,14 +418,10 @@ if($_POST['adminpassword'] != "") { if($_POST['adminpassword'] == $_POST['adminpasswordagain']) { - $fd = popen("/usr/sbin/pw usermod -n root -H 0", "w"); - $salt = md5(time()); - $crypted_pw = crypt($_POST['adminpassword'],$salt); - fwrite($fd, $crypted_pw); - pclose($fd); - $config['system']['password'] = crypt($_POST['adminpassword']); + $admin_user =& getUserEntryByUID(0); + local_user_set_password($admin_user, $_POST['adminpassword']); + local_user_set($admin_user); write_config(); - system_password_configure(); } else { print_info_box_np("Passwords do not match! Please press back in your browser window and correct."); die; -- cgit v1.1