extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-08 00:54:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add SMD5 hashing for sql and ldap based on my debian experience today

Browse Source
This commit is contained in:
Miles Lott 2004-01-26 03:01:54 +00:00
parent f3539ef370
commit 04067c7a04
3 changed files with 80 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
phpgwapi/inc/class.auth.inc.php
View File

@ -100,12 +100,21 @@
*/
$e_password = '{md5}' . base64_encode(pack("H*",md5($password)));
break;
case 'smd5':
if(!function_exists('mhash'))
{
return False;
}
$salt = $this->randomstring(8);
$hash = mhash(MHASH_MD5, $password . $salt);
$e_password = '{SMD5}' . base64_encode($hash . $salt);
break;
case 'sha':
if(!function_exists('mhash'))
{
return False;
}
$e_password = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $userpass));
$e_password = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password));
break;
case 'ssha':
if(!function_exists('mhash'))
@ -163,6 +172,14 @@
}
$this->error = 'no ext crypt';
break;
case 'smd5':
if(!function_exists('mhash'))
{
return False;
}
$salt = $this->randomstring(8);
$hash = mhash(MHASH_MD5, $password . $salt);
return '{SMD5}' . base64_encode($hash . $salt);
case 'sha':
if(!function_exists('mhash'))
{
@ -188,6 +205,27 @@
return False;
}
/**
@function smd5_compare
@abstract compare SHA-encrypted passwords for authentication
@param $form_val user input value for comparison
@param $db_val stored value (from database)
@return boolean True on successful comparison
*/
function smd5_compare($form_val,$db_val)
{
/* Start with the first char after {SMD5} */
$hash = base64_decode(substr($db_val,6));
$new_hash = mhash(MHASH_MD5,$form_val);
//echo '<br> DB: ' . base64_encode($orig_hash) . '<br>FORM: ' . base64_encode($new_hash);
if(strcmp($hash,$new_hash) == 0)
{
return True;
}
return False;
}
/**
@function sha_compare
@abstract compare SHA-encrypted passwords for authentication

39
phpgwapi/inc/class.auth_sql.inc.php
View File

@ -44,6 +44,24 @@
: 'md5';
switch($type)
{
case 'smd5':
$this->db->query("SELECT account_lid,account_pwd FROM phpgw_accounts WHERE account_lid = '$username' AND "
. " account_type='u' AND "
. " account_status ='A'",__LINE__,__FILE__);
$this->db->next_record();
if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
{
if($this->db->f('account_lid') != $username)
{
return false;
}
}
if($this->db->f('account_pwd'))
{
return $this->smd5_compare($passwd,$this->db->f('account_pwd'));
}
break;
case 'sha':
$this->db->query("SELECT account_lid,account_pwd FROM phpgw_accounts WHERE account_lid = '$username' AND "
. " account_type='u' AND "
@ -175,6 +193,27 @@
: 'md5';
switch($type)
{
case 'smd5':
$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id
. "' AND " // . " account_type='u' AND "
. " account_status ='A'",__LINE__,__FILE__);
$this->db->next_record();
if($this->db->f('account_pwd'))
{
if(!$admin)
{
/* Check the old_passwd to make sure this is legal */
if(!$this->smd5_compare($old_passwd,$this->db->f('account_pwd')))
{
return False;
}
}
/* old password ok, or admin called the function from
* the admin application (no old passwd available).
*/
return $this->_update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin,__FILE__);
}
return False;
case 'sha':
$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id
. "' AND " // . " account_type='u' AND "

2
setup/inc/hook_config.inc.php
View File

@ -113,6 +113,7 @@
if(@function_exists('mhash'))
{
$hashes += array(
'smd5' => 'smd5',
'sha' => 'sha',
'ssha' => 'ssha'
);
@ -162,6 +163,7 @@
if(@function_exists('mhash'))
{
$hashes += array(
'smd5' => 'smd5',
'sha' => 'sha',
'ssha' => 'ssha'
);