mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-02-23 21:51:14 +01:00
Add SMD5 hashing for sql and ldap based on my debian experience today
This commit is contained in:
Miles Lott
parent
f3539ef370
commit
04067c7a04
@ -100,12 +100,21 @@
|
|||||||
*/
|
*/
|
||||||
$e_password = '{md5}' . base64_encode(pack("H*",md5($password)));
|
$e_password = '{md5}' . base64_encode(pack("H*",md5($password)));
|
||||||
break;
|
break;
|
||||||
|
case 'smd5':
|
||||||
|
if(!function_exists('mhash'))
|
||||||
|
{
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
$salt = $this->randomstring(8);
|
||||||
|
$hash = mhash(MHASH_MD5, $password . $salt);
|
||||||
|
$e_password = '{SMD5}' . base64_encode($hash . $salt);
|
||||||
|
break;
|
||||||
case 'sha':
|
case 'sha':
|
||||||
if(!function_exists('mhash'))
|
if(!function_exists('mhash'))
|
||||||
{
|
{
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
$e_password = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $userpass));
|
$e_password = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password));
|
||||||
break;
|
break;
|
||||||
case 'ssha':
|
case 'ssha':
|
||||||
if(!function_exists('mhash'))
|
if(!function_exists('mhash'))
|
||||||
@ -163,6 +172,14 @@
|
|||||||
}
|
}
|
||||||
$this->error = 'no ext crypt';
|
$this->error = 'no ext crypt';
|
||||||
break;
|
break;
|
||||||
|
case 'smd5':
|
||||||
|
if(!function_exists('mhash'))
|
||||||
|
{
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
$salt = $this->randomstring(8);
|
||||||
|
$hash = mhash(MHASH_MD5, $password . $salt);
|
||||||
|
return '{SMD5}' . base64_encode($hash . $salt);
|
||||||
case 'sha':
|
case 'sha':
|
||||||
if(!function_exists('mhash'))
|
if(!function_exists('mhash'))
|
||||||
{
|
{
|
||||||
@ -188,6 +205,27 @@
|
|||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
@function smd5_compare
|
||||||
|
@abstract compare SHA-encrypted passwords for authentication
|
||||||
|
@param $form_val user input value for comparison
|
||||||
|
@param $db_val stored value (from database)
|
||||||
|
@return boolean True on successful comparison
|
||||||
|
*/
|
||||||
|
function smd5_compare($form_val,$db_val)
|
||||||
|
{
|
||||||
|
/* Start with the first char after {SMD5} */
|
||||||
|
$hash = base64_decode(substr($db_val,6));
|
||||||
|
$new_hash = mhash(MHASH_MD5,$form_val);
|
||||||
|
//echo '<br> DB: ' . base64_encode($orig_hash) . '<br>FORM: ' . base64_encode($new_hash);
|
||||||
|
|
||||||
|
if(strcmp($hash,$new_hash) == 0)
|
||||||
|
{
|
||||||
|
return True;
|
||||||
|
}
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@function sha_compare
|
@function sha_compare
|
||||||
@abstract compare SHA-encrypted passwords for authentication
|
@abstract compare SHA-encrypted passwords for authentication
|
||||||
|
|||||||
@ -44,6 +44,24 @@
|
|||||||
: 'md5';
|
: 'md5';
|
||||||
switch($type)
|
switch($type)
|
||||||
{
|
{
|
||||||
|
case 'smd5':
|
||||||
|
$this->db->query("SELECT account_lid,account_pwd FROM phpgw_accounts WHERE account_lid = '$username' AND "
|
||||||
|
. " account_type='u' AND "
|
||||||
|
. " account_status ='A'",__LINE__,__FILE__);
|
||||||
|
$this->db->next_record();
|
||||||
|
|
||||||
|
if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
|
||||||
|
{
|
||||||
|
if($this->db->f('account_lid') != $username)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if($this->db->f('account_pwd'))
|
||||||
|
{
|
||||||
|
return $this->smd5_compare($passwd,$this->db->f('account_pwd'));
|
||||||
|
}
|
||||||
|
break;
|
||||||
case 'sha':
|
case 'sha':
|
||||||
$this->db->query("SELECT account_lid,account_pwd FROM phpgw_accounts WHERE account_lid = '$username' AND "
|
$this->db->query("SELECT account_lid,account_pwd FROM phpgw_accounts WHERE account_lid = '$username' AND "
|
||||||
. " account_type='u' AND "
|
. " account_type='u' AND "
|
||||||
@ -175,6 +193,27 @@
|
|||||||
: 'md5';
|
: 'md5';
|
||||||
switch($type)
|
switch($type)
|
||||||
{
|
{
|
||||||
|
case 'smd5':
|
||||||
|
$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id
|
||||||
|
. "' AND " // . " account_type='u' AND "
|
||||||
|
. " account_status ='A'",__LINE__,__FILE__);
|
||||||
|
$this->db->next_record();
|
||||||
|
if($this->db->f('account_pwd'))
|
||||||
|
{
|
||||||
|
if(!$admin)
|
||||||
|
{
|
||||||
|
/* Check the old_passwd to make sure this is legal */
|
||||||
|
if(!$this->smd5_compare($old_passwd,$this->db->f('account_pwd')))
|
||||||
|
{
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* old password ok, or admin called the function from
|
||||||
|
* the admin application (no old passwd available).
|
||||||
|
*/
|
||||||
|
return $this->_update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin,__FILE__);
|
||||||
|
}
|
||||||
|
return False;
|
||||||
case 'sha':
|
case 'sha':
|
||||||
$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id
|
$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id
|
||||||
. "' AND " // . " account_type='u' AND "
|
. "' AND " // . " account_type='u' AND "
|
||||||
|
|||||||
@ -113,6 +113,7 @@
|
|||||||
if(@function_exists('mhash'))
|
if(@function_exists('mhash'))
|
||||||
{
|
{
|
||||||
$hashes += array(
|
$hashes += array(
|
||||||
|
'smd5' => 'smd5',
|
||||||
'sha' => 'sha',
|
'sha' => 'sha',
|
||||||
'ssha' => 'ssha'
|
'ssha' => 'ssha'
|
||||||
);
|
);
|
||||||
@ -162,6 +163,7 @@
|
|||||||
if(@function_exists('mhash'))
|
if(@function_exists('mhash'))
|
||||||
{
|
{
|
||||||
$hashes += array(
|
$hashes += array(
|
||||||
|
'smd5' => 'smd5',
|
||||||
'sha' => 'sha',
|
'sha' => 'sha',
|
||||||
'ssha' => 'ssha'
|
'ssha' => 'ssha'
|
||||||
);
|
);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user