extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-22 16:03:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

* Admin: fix admin-cli.php to understand bcrypt hashes in header.inc.php

Browse Source
This commit is contained in:
Ralf Becker 2018-07-09 15:40:34 +02:00
parent 5333be69b3
commit 484ea5cc60
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
admin/admin-cli.php
View File

@ -6,9 +6,8 @@
* @link http://www.egroupware.org * @link http://www.egroupware.org
* @package admin * @package admin
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de> * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @copyright (c) 2006-16 by Ralf Becker <RalfBecker-AT-outdoor-training.de> * @copyright (c) 2006-18 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @version $Id$
*/ */
use EGroupware\Api; use EGroupware\Api;
@ -298,12 +297,9 @@ function load_egw($user,$passwd,$domain='default')
*/ */
function _check_pw($hash_or_cleartext,$pw) function _check_pw($hash_or_cleartext,$pw)
{ {
//echo "_check_pw($hash_or_cleartext,$pw) md5=".md5($pw)."\n"; return Api\Auth::compare_password($pw, $hash_or_cleartext,
if (preg_match('/^[0-9a-f]{32}$/',$hash_or_cleartext)) // old header.inc.php allows md5 or plain passwords with out {type} prefix, which takes precedence
{ preg_match('/^[0-9a-f]{32}$/', $hash_or_cleartext) ? 'md5' : 'plain');
return $hash_or_cleartext == md5($pw);
}
return $hash_or_cleartext == $pw;
} }
/** /**