mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-06-22 19:01:43 +02:00
Consolidate password updates and remove debug output, i think
This commit is contained in:
parent
233e9f7101
commit
9be5a8982d
@ -59,20 +59,7 @@
|
|||||||
}
|
}
|
||||||
if($this->db->f('account_pwd'))
|
if($this->db->f('account_pwd'))
|
||||||
{
|
{
|
||||||
/* Start with the first char after {SHA} */
|
return $this->sha_compare($passwd,$this->db->f('account_pwd'));
|
||||||
$hash = base64_decode(substr($this->db->f('account_pwd'),5));
|
|
||||||
$new_hash = mhash(MHASH_SHA1, $passwd);
|
|
||||||
// echo '<br> DB: ' . base64_encode($orig_hash) . '<br>FORM: ' . base64_encode($new_hash);
|
|
||||||
|
|
||||||
if(strcmp($hash,$new_hash) == 0)
|
|
||||||
{
|
|
||||||
$this->previous_login = $this->db->f('account_lastlogin');
|
|
||||||
return True;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return False;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'ssha':
|
case 'ssha':
|
||||||
@ -90,24 +77,7 @@
|
|||||||
}
|
}
|
||||||
if($this->db->f('account_pwd'))
|
if($this->db->f('account_pwd'))
|
||||||
{
|
{
|
||||||
/* Start with the first char after {SSHA} */
|
return $this->ssha_compare($passwd,$this->db->f('account_pwd'));
|
||||||
$hash = base64_decode(substr($this->db->f('account_pwd'), 6));
|
|
||||||
|
|
||||||
// SHA-1 hashes are 160 bits long
|
|
||||||
$orig_hash = substr($hash, 0, 20);
|
|
||||||
$salt = substr($hash, 20);
|
|
||||||
$new_hash = mhash(MHASH_SHA1, $passwd . $salt);
|
|
||||||
// echo '<br> DB: ' . base64_encode($orig_hash) . '<br>FORM: ' . base64_encode($new_hash);exit;
|
|
||||||
|
|
||||||
if(strcmp($orig_hash,$new_hash) == 0)
|
|
||||||
{
|
|
||||||
$this->previous_login = $this->db->f('account_lastlogin');
|
|
||||||
return True;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return False;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'md5_crypt':
|
case 'md5_crypt':
|
||||||
@ -128,29 +98,7 @@
|
|||||||
}
|
}
|
||||||
if($this->db->f('account_pwd'))
|
if($this->db->f('account_pwd'))
|
||||||
{
|
{
|
||||||
$saltlen = array(
|
return $this->crypt_compare($passwd,$this->db->f('account_pwd'),$type);
|
||||||
'blowfish_crypt' => 16,
|
|
||||||
'md5_crypt' => 12,
|
|
||||||
'ext_crypt' => 9,
|
|
||||||
'crypt' => 2
|
|
||||||
);
|
|
||||||
$hash = $this->db->f('account_pwd');
|
|
||||||
|
|
||||||
// PHP's crypt(): salt + hash
|
|
||||||
// notice: "The encryption type is triggered by the salt argument."
|
|
||||||
$salt = substr($hash, 0, (int)$saltlen[$type]);
|
|
||||||
$new_hash = crypt($passwd, $salt);
|
|
||||||
// echo "$hash<br>" . $new_hash;
|
|
||||||
|
|
||||||
if(strcmp($hash,$new_hash) == 0)
|
|
||||||
{
|
|
||||||
$this->previous_login = $this->db->f('account_lastlogin');
|
|
||||||
return True;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return False;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'md5':
|
case 'md5':
|
||||||
@ -212,15 +160,16 @@
|
|||||||
|
|
||||||
function change_password($old_passwd, $new_passwd, $account_id = '')
|
function change_password($old_passwd, $new_passwd, $account_id = '')
|
||||||
{
|
{
|
||||||
|
$admin = True;
|
||||||
// Don't allow password changes for other accounts when using XML-RPC
|
// Don't allow password changes for other accounts when using XML-RPC
|
||||||
if(!$account_id || $GLOBALS['phpgw_info']['flags']['currentapp'] == 'login')
|
if(!$account_id || $GLOBALS['phpgw_info']['flags']['currentapp'] == 'login')
|
||||||
{
|
{
|
||||||
|
$admin = False;
|
||||||
$account_id = $GLOBALS['phpgw_info']['user']['account_id'];
|
$account_id = $GLOBALS['phpgw_info']['user']['account_id'];
|
||||||
}
|
}
|
||||||
$encrypted_passwd = $this->encrypt_sql($new_passwd);
|
$encrypted_passwd = $this->encrypt_sql($new_passwd);
|
||||||
echo 'old: ' . $old_passwd . 'new: ' . $new_passwd . ' ' . $account_id;
|
|
||||||
echo $encrypted_passwd;exit;
|
|
||||||
|
|
||||||
|
/* Grab configured type, or default to md5() (old method) */
|
||||||
$type = @$GLOBALS['phpgw_info']['server']['sql_encryption_type']
|
$type = @$GLOBALS['phpgw_info']['server']['sql_encryption_type']
|
||||||
? strtolower($GLOBALS['phpgw_info']['server']['sql_encryption_type'])
|
? strtolower($GLOBALS['phpgw_info']['server']['sql_encryption_type'])
|
||||||
: 'md5';
|
: 'md5';
|
||||||
@ -233,28 +182,20 @@
|
|||||||
$this->db->next_record();
|
$this->db->next_record();
|
||||||
if($this->db->f('account_pwd'))
|
if($this->db->f('account_pwd'))
|
||||||
{
|
{
|
||||||
/* Start with the first char after {SHA} */
|
if(!$admin)
|
||||||
$hash = base64_decode(substr($this->db->f('account_pwd'),5));
|
|
||||||
$new_hash = mhash(MHASH_SHA1, $old_passwd);
|
|
||||||
if(strcmp($orig_hash,$new_hash) == 0)
|
|
||||||
{
|
{
|
||||||
/* old password ok */
|
/* Check the old_passwd to make sure this is legal */
|
||||||
$this->db->query("UPDATE phpgw_accounts SET account_pwd='" . $encrypted_passwd . "',"
|
if(!$this->sha_compare($old_passwd,$this->db->f('account_pwd')))
|
||||||
. "account_lastpwd_change='" . time()
|
|
||||||
. "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
|
|
||||||
$this->db->next_record();
|
|
||||||
if($this->db->affected_rows())
|
|
||||||
{
|
|
||||||
$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
|
|
||||||
return $encrypted_passwd;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
/* old password ok, or admin called the function from
|
||||||
|
* the admin application (no old passwd available).
|
||||||
|
*/
|
||||||
|
return $this->_update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin,__FILE__);
|
||||||
}
|
}
|
||||||
break;
|
return False;
|
||||||
case 'ssha':
|
case 'ssha':
|
||||||
$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id
|
$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id
|
||||||
. "' AND " // . " account_type='u' AND "
|
. "' AND " // . " account_type='u' AND "
|
||||||
@ -262,32 +203,20 @@
|
|||||||
$this->db->next_record();
|
$this->db->next_record();
|
||||||
if($this->db->f('account_pwd'))
|
if($this->db->f('account_pwd'))
|
||||||
{
|
{
|
||||||
/* Start with the first char after {SSHA} */
|
if(!$admin)
|
||||||
$hash = base64_decode(substr($this->db->f('account_pwd'), 6));
|
|
||||||
|
|
||||||
// SHA-1 hashes are 160 bits long
|
|
||||||
$orig_hash = substr($hash, 0, 20);
|
|
||||||
$salt = substr($hash, 20);
|
|
||||||
$new_hash = mhash(MHASH_SHA1, $old_passwd . $salt);
|
|
||||||
if(strcmp($orig_hash,$new_hash) == 0)
|
|
||||||
{
|
{
|
||||||
/* old password ok */
|
/* Check the old_passwd to make sure this is legal */
|
||||||
$this->db->query("UPDATE phpgw_accounts SET account_pwd='" . $encrypted_passwd . "',"
|
if(!$this->ssha_compare($old_passwd,$this->db->f('account_pwd')))
|
||||||
. "account_lastpwd_change='" . time()
|
|
||||||
. "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
|
|
||||||
$this->db->next_record();
|
|
||||||
if($this->db->affected_rows())
|
|
||||||
{
|
|
||||||
$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
|
|
||||||
return $encrypted_passwd;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
/* old password ok, or admin called the function from
|
||||||
|
* the admin application (no old passwd available).
|
||||||
|
*/
|
||||||
|
return $this->_update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin,__FILE__);
|
||||||
}
|
}
|
||||||
break;
|
return False;
|
||||||
case 'crypt':
|
case 'crypt':
|
||||||
case 'ext_crypt':
|
case 'ext_crypt':
|
||||||
case 'md5_crypt':
|
case 'md5_crypt':
|
||||||
@ -298,55 +227,68 @@
|
|||||||
$this->db->next_record();
|
$this->db->next_record();
|
||||||
if($this->db->f('account_pwd'))
|
if($this->db->f('account_pwd'))
|
||||||
{
|
{
|
||||||
$saltlen = array(
|
if(!$admin)
|
||||||
'blowfish_crypt' => 16,
|
|
||||||
'md5_crypt' => 12,
|
|
||||||
'ext_crypt' => 9,
|
|
||||||
'crypt' => 2
|
|
||||||
);
|
|
||||||
$hash = $this->db->f('account_pwd');
|
|
||||||
|
|
||||||
// PHP's crypt(): salt + hash
|
|
||||||
// notice: "The encryption type is triggered by the salt argument."
|
|
||||||
$salt = substr($hash, 0, (int)$saltlen[$type]);
|
|
||||||
$new_hash = crypt($old_passwd, $salt);
|
|
||||||
// echo "$hash<br>" . $new_hash;
|
|
||||||
|
|
||||||
if(strcmp($hash,$new_hash) == 0)
|
|
||||||
{
|
{
|
||||||
/* old password ok */
|
/* Check the old_passwd to make sure this is legal */
|
||||||
$this->db->query("UPDATE phpgw_accounts SET account_pwd='" . $encrypted_passwd . "',"
|
if(!$this->crypt_compare($old_passwd,$this->db->f('account_pwd'),$type))
|
||||||
. "account_lastpwd_change='" . time()
|
|
||||||
. "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
|
|
||||||
$this->db->next_record();
|
|
||||||
if($this->db->affected_rows())
|
|
||||||
{
|
|
||||||
$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
|
|
||||||
return $encrypted_passwd;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
/* old password ok, or admin called the function from
|
||||||
|
* the admin application (no old passwd available).
|
||||||
|
*/
|
||||||
|
return $this->_update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin,__FILE__);
|
||||||
}
|
}
|
||||||
return False;
|
return False;
|
||||||
case 'md5':
|
case 'md5':
|
||||||
default:
|
default:
|
||||||
$pwd_check = " AND account_pwd='" . $GLOBALS['phpgw']->common->sql_encrypt_password($old_passwd) . "'";
|
$pwd_check = '';
|
||||||
|
if(!$admin)
|
||||||
|
{
|
||||||
|
$pwd_check = " AND account_pwd='" . $GLOBALS['phpgw']->common->sql_encrypt_password($old_passwd) . "'";
|
||||||
|
}
|
||||||
$this->db->query("UPDATE phpgw_accounts SET account_pwd='" . $encrypted_passwd . "',"
|
$this->db->query("UPDATE phpgw_accounts SET account_pwd='" . $encrypted_passwd . "',"
|
||||||
. "account_lastpwd_change='" . time() . "' WHERE account_id='" . $account_id . "'" . $pwd_check,__LINE__,__FILE__);
|
. "account_lastpwd_change='" . time() . "' WHERE account_id='" . $account_id . "'" . $pwd_check,__LINE__,__FILE__);
|
||||||
$this->db->next_record();
|
$this->db->next_record();
|
||||||
if($this->db->affected_rows())
|
if($this->db->affected_rows())
|
||||||
{
|
{
|
||||||
$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
|
if(!$admin)
|
||||||
|
{
|
||||||
|
$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
|
||||||
|
}
|
||||||
return $encrypted_passwd;
|
return $encrypted_passwd;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function _update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin=False,$file='')
|
||||||
|
{
|
||||||
|
/* This should only be called from this file */
|
||||||
|
if($file != PHPGW_API_INC . SEP . 'class.auth_sql.inc.php')
|
||||||
|
{
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
$this->db->query("UPDATE phpgw_accounts SET account_pwd='" . $encrypted_passwd . "',"
|
||||||
|
. "account_lastpwd_change='" . time()
|
||||||
|
. "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
|
||||||
|
$this->db->next_record();
|
||||||
|
if($this->db->affected_rows())
|
||||||
|
{
|
||||||
|
if(!$admin)
|
||||||
|
{
|
||||||
|
$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
|
||||||
}
|
}
|
||||||
|
return $encrypted_passwd;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return False;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function update_lastlogin($account_id, $ip)
|
function update_lastlogin($account_id, $ip)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user