[dev] Patch: passwd
Marc Jauvin
marc at register4less.com
Fri Jun 20 08:31:53 PDT 2003
This patch adds the following:
- flexibility for the crypt() protocol that can use many different forms of
encryptions (CRYPT_DES, CRYPT_MD5, CRYPT_BLOWFISH)
- option to show/hide the protocol in the password field for the SQL driver
--
Marc Jauvin
450-441-5458
http://register4less.com
-------------- next part --------------
? test.php
Index: config/backends.php.dist
===================================================================
RCS file: /repository/passwd/config/backends.php.dist,v
retrieving revision 1.18
diff -u -r1.18 backends.php.dist
--- config/backends.php.dist 26 Feb 2003 00:19:05 -0000 1.18
+++ config/backends.php.dist 20 Jun 2003 15:27:06 -0000
@@ -154,7 +154,8 @@
'database' => 'horde',
'table' => 'horde_users',
'user_col' => 'user_uid',
- 'pass_col' => 'user_pass'
+ 'pass_col' => 'user_pass',
+ 'show_encryption' => false
)
);
Index: lib/Driver.php
===================================================================
RCS file: /repository/passwd/lib/Driver.php,v
retrieving revision 1.22
diff -u -r1.22 Driver.php
--- lib/Driver.php 20 Apr 2003 16:34:28 -0000 1.22
+++ lib/Driver.php 20 Jun 2003 15:27:06 -0000
@@ -99,36 +99,45 @@
break;
case 'md5-base64':
if ($encrypted == base64_encode(mHash(MHASH_MD5, $plaintext))) {
- return true;
+ return true;
}
break;
case 'crypt':
- $encrypted = substr($encrypted, 7);
- $salt = substr($encrypted , 0, 2);
+ $encrypted = preg_replace('|{crypt}|', '', $encrypted);
+ if (preg_match('|^\$1\$|', $encrypted)) {
+ // CRYPT_MD5
+ $salt = substr($encrypted , 0, 12);
+ } elseif (preg_match('|^\$2\$|', $encrypted)) {
+ // CRYPT_BLOWFISH
+ $salt = substr($encrypted , 0, 16);
+ } else {
+ // CRYPT_DES
+ $salt = substr($encrypted , 0, 2);
+ }
if ($encrypted == crypt($plaintext, $salt)) {
return true;
}
break;
case 'sha':
- $encrypted = substr($encrypted, 5);
+ $encrypted = preg_replace('|{SHA}|', '', $encrypted);
if ($encrypted == base64_encode(mHash(MHASH_SHA1, $plaintext))) {
return true;
}
break;
case 'ssha':
- $encrypted = substr($encrypted, 6);
+ $encrypted = preg_replace('|{SSHA}|', '', $encrypted);
$hash = base64_decode($encrypted);
- $salt = substr($hash, 20);
+ $salt = substr($hash, 20);
if ($hash == mHash(MHASH_SHA1, $plaintext . $salt)) {
return true;
}
break;
case 'smd5':
- $encrypted = substr($encrypted, 6);
+ $encrypted = preg_replace('|{SMD5}|', '', $encrypted);
$hash = base64_decode($encrypted);
$salt = substr($hash, 16);
if ($hash == mHash(MHASH_MD5, $plaintext . $salt)) {
- return true;
+ return true;
}
break;
default:
@@ -145,33 +154,47 @@
*
* @return String The formated password.
*/
- function encryptPassword($newPassword)
+ function encryptPassword($newPassword, $show_encryption=true)
{
// Encrypt the password
switch ($this->_params['encryption']) {
case 'plain':
break;
case 'sha':
- $newPassword = '{SHA}' . base64_encode(mHash(MHASH_SHA1, $newPassword));
+ $newPassword = base64_encode(mHash(MHASH_SHA1, $newPassword));
+ if ($show_encryption) {
+ $newPassword = '{SHA}' . $newPassword;
+ }
break;
case 'crypt':
// The salt is left out, generated by php
- $newPassword = '{crypt}' . crypt($newPassword);
+ $newPassword = crypt($newPassword);
+ if ($show_encryption) {
+ $newPassword = '{crypt}' . $newPassword;
+ }
break;
case 'md5-hex':
$newPassword = md5($newPassword);
break;
case 'md5-base64':
- $newPassword = '{MD5}' . base64_encode(mHash(MHASH_MD5,
- $newPassword));
- break;
+ $newPassword = base64_encode(mHash(MHASH_MD5, $newPassword));
+ if ($show_encryption) {
+ $newPassword = '{MD5}' . $newPassword;
+ }
+ break;
case 'ssha':
$salt = mhash_keygen_s2k(MHASH_SHA1,$newPassword,substr(pack("h*",md5(mt_rand())),0,8),4);
- $newPassword = '{SSHA}' . base64_encode(mHash(MHASH_SHA1, $newPassword . $salt) . $salt);
+ $newPassword = base64_encode(mHash(MHASH_SHA1, $newPassword . $salt) . $salt);
+ if ($show_encryption) {
+ $newPassword = '{SSHA}' . $newPassword;
+ }
break;
case 'smd5':
$salt = mhash_keygen_s2k(MHASH_MD5,$newPassword,substr(pack("h*",md5(mt_rand())),0,8),4);
- $newPassword = '{SMD5}' . base64_encode(mHash(MHASH_SMD5, $newPassword . $salt) . $salt);
+ $newPassword = base64_encode(mHash(MHASH_SMD5, $newPassword . $salt) . $salt);
+ if ($show_encryption) {
+ $newPassword = '{SMD5}' . $newPassword;
+ }
break;
default:
return PEAR::raiseError(_("Password module is not properly configured"));
Index: lib/Driver/sql.php
===================================================================
RCS file: /repository/passwd/lib/Driver/sql.php,v
retrieving revision 1.12
diff -u -r1.12 sql.php
--- lib/Driver/sql.php 10 Jun 2003 19:05:12 -0000 1.12
+++ lib/Driver/sql.php 20 Jun 2003 15:27:06 -0000
@@ -50,6 +50,7 @@
$this->_params['encryption'] = array_key_exists('encryption', $params) ? $params['encryption'] : 'md5';
$this->_params['user_col'] = array_key_exists('user_col', $params) ? $params['user_col'] : 'user_uid';
$this->_params['pass_col'] = array_key_exists('pass_col', $params) ? $params['pass_col'] : 'user_pass';
+ $this->_params['show_encryption'] = array_key_exists('show_encryption', $params) ? $params['show_encryption'] : false;
}
/**
@@ -145,7 +146,7 @@
}
// Encrypt the password
- $newPassword = $this->encryptPassword($newPassword);
+ $newPassword = $this->encryptPassword($newPassword, $this->_params['show_encryption']);
// Build the SQL query.
$query = 'UPDATE ' . $this->_params['table'];
More information about the dev
mailing list