diff --git a/includes/mp3act_functions.php b/includes/mp3act_functions.php
index b06bbb0..c97d8b9 100755
--- a/includes/mp3act_functions.php
+++ b/includes/mp3act_functions.php
@@ -74,7 +74,7 @@ function sendPassword($email){
}else{
$row = mysql_fetch_array($result);
$random_password = substr(md5(uniqid(microtime())), 0, 6);
- $query = "UPDATE mp3act_users SET password=PASSWORD(\"$random_password\") WHERE user_id=$row[user_id]";
+ $query = "UPDATE mp3act_users SET password=SHA1(\"$random_password\") WHERE user_id=$row[user_id]";
mysql_query($query);
$msg = "$email,\n\nYou have requested a new password for the mp3act server you are a member of. Your password has been reset to a new random password. When you login please change your password to a new one of your choice.\n\n";
$msg .= "Username: $row[username]\nPassword: $random_password\n\nLogin here: $GLOBALS[http_url]$GLOBALS[uri_path]/login.php";
@@ -808,7 +808,7 @@ function adminAddUser($firstname='',$lastname='',$username='',$email='',$level='
return 0;
$query = "INSERT INTO mp3act_users VALUES
(NULL,\"".$username."\",\"".$firstname."\",\"".$lastname."\",
- PASSWORD(\"".$pass."\"),$level,NOW(),1,\"".$email."\",\"streaming\",0,\"s\",\"$md5\",\"\",\"\",1,\"\",\"\",\"\",0)";
+ SHA1(\"".$pass."\"),$level,NOW(),1,\"".$email."\",\"streaming\",0,\"s\",\"$md5\",\"\",\"\",1,\"\",\"\",\"\",0)";
if(mysql_query($query)){
return 1;
}
@@ -949,7 +949,7 @@ function editUser($type,$input1,$input2,$input3,$input4,$input5,$input6,$input7)
break;
case 'pass':
if(!empty($input1)){
- $query = "UPDATE mp3act_users SET password=PASSWORD(\"$input2\") WHERE user_id=$_SESSION[sess_userid]";
+ $query = "UPDATE mp3act_users SET password=SHA1(\"$input2\") WHERE user_id=$_SESSION[sess_userid]";
mysql_query($query);
return 1;
}
@@ -1694,4 +1694,4 @@ function resetDatabase(){
return 1;
}
-?>
\ No newline at end of file
+?>
diff --git a/install.php b/install.php
index 8ff16b9..b62c9eb 100755
--- a/install.php
+++ b/install.php
@@ -418,7 +418,7 @@ function installed(){
}
echo "Login to your new mp3act server
";
$random_password = substr(md5(uniqid(microtime())), 0, 6);
- $query = "INSERT INTO `mp3act_users` VALUES (NULL, 'admin', 'Admin', 'User', PASSWORD(\"$random_password\"), 10, NOW(), 1, '', 'streaming', 0, 's', '21232f297a57a5a743894a0e4a801fc3', '', '0000-00-00 00:00:00', 1,'','','',0)";
+ $query = "INSERT INTO `mp3act_users` VALUES (NULL, 'admin', 'Admin', 'User', SHA1(\"$random_password\"), 10, NOW(), 1, '', 'streaming', 0, 's', '21232f297a57a5a743894a0e4a801fc3', '', '0000-00-00 00:00:00', 1,'','','',0)";
mysqli_query($dbh, $query);
echo "
Username: Admin
Password: $random_password (Please change this password as soon as you login.)
";
diff --git a/login.php b/login.php
index 5504bb9..fdc50d7 100755
--- a/login.php
+++ b/login.php
@@ -17,10 +17,10 @@
$query = "SELECT * FROM mp3act_users
WHERE username='$_POST[username]' AND
- password=PASSWORD('$_POST[password]') AND active=1 LIMIT 1";
+ password=SHA1('$_POST[password]') AND active=1 LIMIT 1";
$result = mysqli_query($dbh, $query);
- if(mysqli_num_rows($result) > 0){
+ if(mysqli_num_rows($result)){
$userinfo = mysqli_fetch_array($result);
$_SESSION['sess_username'] = $userinfo['username'];
diff --git a/register.php b/register.php
index dfc5887..a2a65d0 100755
--- a/register.php
+++ b/register.php
@@ -19,7 +19,7 @@
$md5 = md5($_POST['register']['new_username']);
$query = "INSERT INTO mp3act_users VALUES
(NULL,\"".$_POST['register']['new_username']."\",\"".$_POST['register']['firstname']."\",\"".$_POST['register']['lastname']."\",
- PASSWORD(\"".$_POST['register']['password']."\"),1,NOW(),1,\"".$_POST['register']['email']."\",\"streaming\",0,\"s\",\"$md5\",\"\",\"\",1,\"\",\"\",0)";
+ SHA1(\"".$_POST['register']['password']."\"),1,NOW(),1,\"".$_POST['register']['email']."\",\"streaming\",0,\"s\",\"$md5\",\"\",\"\",1,\"\",\"\",0)";
if(mysqli_query($dbh, $query)){
if(!empty($_POST['invite_code'])){