extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-02-01 19:09:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Store config_user&_passwd of domain as hash, to be able to use them

Browse Source 
inside eGW (without having them in cleartext available)
This commit is contained in:
Ralf Becker 2008-11-09 16:15:42 +00:00
parent 9d9bd270a2
commit a658d7c8ed
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
phpgwapi/inc/class.egw_session.inc.php
View File

@ -1301,6 +1301,27 @@ class egw_session
}
}
/**
* Create a hash from user and pw
*
* Can be used to check setup config user/password inside egroupware:
*
* if (egw_session::user_pw_hash($user,$pw) === $GLOBALS['egw_info']['server']['config_hash'])
*
* @param string $user username
* @param string $password password or md5 hash of password if $allow_password_md5
* @param boolean $allow_password_md5=false can password alread be an md5 hash
* @return string
*/
static function user_pw_hash($user,$password,$allow_password_md5=false)
{
$password_md5 = $allow_password_md5 && preg_match('/^[a-f0-9]{32}$/',$password) ? $password : md5($password);
$hash = sha1(strtolower($user).$password_md5);
//echo "<p>".__METHOD__."('$user','$password',$allow_password_md5) sha1('".strtolower($user)."$password_md5')='$hash'</p>\n";
return $hash;
}
/*
* Funtions to access the used session-handler, specified in header.inc.php: $GLOBALS['egw_info']['server']['session_handler']
*/

8
phpgwapi/inc/functions.inc.php
View File

@ -123,9 +123,15 @@ print_debug('domain',@$GLOBALS['egw_info']['user']['domain'],'api');
// the egw-object instanciates all sub-classes (eg. $GLOBALS['egw']->db) and the egw_info array
$GLOBALS['egw'] = new egw(array_keys($GLOBALS['egw_domain']));
// store domain config user&pw as a hash (originals get unset)
$GLOBALS['egw_info']['server']['config_hash'] = egw_session::user_pw_hash($GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['config_user'],
$GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['config_passwd'],true);
if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login' && !$GLOBALS['egw_info']['server']['show_domain_selectbox'])
{
unset ($GLOBALS['egw_domain']); // we kill this for security reasons
unset($GLOBALS['egw_domain']); // we kill this for security reasons
unset($GLOBALS['egw_info']['server']['header_admin_user']);
unset($GLOBALS['egw_info']['server']['header_admin_password']);
}
// saving the the egw_info array and the egw-object in the session