diff --git a/phpgwapi/inc/class.auth.inc.php b/phpgwapi/inc/class.auth.inc.php
index 859ac15595..8e7ce423f7 100644
--- a/phpgwapi/inc/class.auth.inc.php
+++ b/phpgwapi/inc/class.auth.inc.php
@@ -100,12 +100,21 @@
*/
$e_password = '{md5}' . base64_encode(pack("H*",md5($password)));
break;
+ case 'smd5':
+ if(!function_exists('mhash'))
+ {
+ return False;
+ }
+ $salt = $this->randomstring(8);
+ $hash = mhash(MHASH_MD5, $password . $salt);
+ $e_password = '{SMD5}' . base64_encode($hash . $salt);
+ break;
case 'sha':
if(!function_exists('mhash'))
{
return False;
}
- $e_password = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $userpass));
+ $e_password = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password));
break;
case 'ssha':
if(!function_exists('mhash'))
@@ -163,6 +172,14 @@
}
$this->error = 'no ext crypt';
break;
+ case 'smd5':
+ if(!function_exists('mhash'))
+ {
+ return False;
+ }
+ $salt = $this->randomstring(8);
+ $hash = mhash(MHASH_MD5, $password . $salt);
+ return '{SMD5}' . base64_encode($hash . $salt);
case 'sha':
if(!function_exists('mhash'))
{
@@ -188,6 +205,27 @@
return False;
}
+ /**
+ @function smd5_compare
+ @abstract compare SHA-encrypted passwords for authentication
+ @param $form_val user input value for comparison
+ @param $db_val stored value (from database)
+ @return boolean True on successful comparison
+ */
+ function smd5_compare($form_val,$db_val)
+ {
+ /* Start with the first char after {SMD5} */
+ $hash = base64_decode(substr($db_val,6));
+ $new_hash = mhash(MHASH_MD5,$form_val);
+ //echo '
DB: ' . base64_encode($orig_hash) . '
FORM: ' . base64_encode($new_hash);
+
+ if(strcmp($hash,$new_hash) == 0)
+ {
+ return True;
+ }
+ return False;
+ }
+
/**
@function sha_compare
@abstract compare SHA-encrypted passwords for authentication
diff --git a/phpgwapi/inc/class.auth_sql.inc.php b/phpgwapi/inc/class.auth_sql.inc.php
index 8f75a9d51e..6644555d25 100644
--- a/phpgwapi/inc/class.auth_sql.inc.php
+++ b/phpgwapi/inc/class.auth_sql.inc.php
@@ -44,6 +44,24 @@
: 'md5';
switch($type)
{
+ case 'smd5':
+ $this->db->query("SELECT account_lid,account_pwd FROM phpgw_accounts WHERE account_lid = '$username' AND "
+ . " account_type='u' AND "
+ . " account_status ='A'",__LINE__,__FILE__);
+ $this->db->next_record();
+
+ if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
+ {
+ if($this->db->f('account_lid') != $username)
+ {
+ return false;
+ }
+ }
+ if($this->db->f('account_pwd'))
+ {
+ return $this->smd5_compare($passwd,$this->db->f('account_pwd'));
+ }
+ break;
case 'sha':
$this->db->query("SELECT account_lid,account_pwd FROM phpgw_accounts WHERE account_lid = '$username' AND "
. " account_type='u' AND "
@@ -175,6 +193,27 @@
: 'md5';
switch($type)
{
+ case 'smd5':
+ $this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id
+ . "' AND " // . " account_type='u' AND "
+ . " account_status ='A'",__LINE__,__FILE__);
+ $this->db->next_record();
+ if($this->db->f('account_pwd'))
+ {
+ if(!$admin)
+ {
+ /* Check the old_passwd to make sure this is legal */
+ if(!$this->smd5_compare($old_passwd,$this->db->f('account_pwd')))
+ {
+ return False;
+ }
+ }
+ /* old password ok, or admin called the function from
+ * the admin application (no old passwd available).
+ */
+ return $this->_update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin,__FILE__);
+ }
+ return False;
case 'sha':
$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id
. "' AND " // . " account_type='u' AND "
diff --git a/setup/inc/hook_config.inc.php b/setup/inc/hook_config.inc.php
index dc0a4d2175..518223af37 100644
--- a/setup/inc/hook_config.inc.php
+++ b/setup/inc/hook_config.inc.php
@@ -113,6 +113,7 @@
if(@function_exists('mhash'))
{
$hashes += array(
+ 'smd5' => 'smd5',
'sha' => 'sha',
'ssha' => 'ssha'
);
@@ -162,6 +163,7 @@
if(@function_exists('mhash'))
{
$hashes += array(
+ 'smd5' => 'smd5',
'sha' => 'sha',
'ssha' => 'ssha'
);