[dev] Patch for framework: Auth/sql.php
Richard.Heggs at nottinghamcity.gov.uk
Richard.Heggs at nottinghamcity.gov.uk
Fri Jan 30 04:08:23 PST 2004
Hi List,
I noticed that if 'showencryption' is set, the encryption type is appended
to the password field. However Auth/sql.php::_comparePasswords() thinks
that it is prepended instead.
This little patch converts (eg) '|^{crypt}|' to '|{crypt}$|'
Tested on crypt.
Richard
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
######################################################################
This e-mail (and any attachments) is confidential and may contain personal
views which are not the views of Nottingham City Council unless specifically
stated. If you have received it in error, please delete it from your system,
do not use, copy or disclose the information in any way nor act in reliance
on it and notify the sender immediately. Please note that Nottingham City
Council monitors e-mails sent or received. Further communication will
signify your consent to this.
######################################################################
-------------- next part --------------
RCS file: /repository/framework/Auth/Auth/sql.php,v
retrieving revision 1.57
diff -u -r1.57 sql.php
--- sql.php 28 Jan 2004 00:34:00 -0000 1.57
+++ sql.php 30 Jan 2004 11:57:10 -0000
@@ -366,24 +366,24 @@
switch ($this->_params['encryption']) {
case 'crypt':
case 'crypt-des':
- $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+ $encrypted = preg_replace('|{crypt}$|', '', $encrypted);
return $encrypted == crypt($plaintext, substr($encrypted, 0, 2));
case 'crypt-md5':
- $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+ $encrypted = preg_replace('|{crypt}$|', '', $encrypted);
return $encrypted == crypt($plaintext, substr($encrypted, 0, 12));
case 'crypt-blowfish':
- $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+ $encrypted = preg_replace('|{crypt}$|', '', $encrypted);
return $encrypted == crypt($plaintext, substr($encrypted, 0, 16));
case 'ssha':
- $encrypted = preg_replace('|^{SSHA}|', '', $encrypted);
+ $encrypted = preg_replace('|{SSHA}$|', '', $encrypted);
$salt = substr($encrypted, -20);
return $encrypted == base64_encode(mhash(MHASH_SHA1, $plaintext . $salt) . $salt);
case 'smd5':
- $encrypted = preg_replace('|^{SMD5}|', '', $encrypted);
+ $encrypted = preg_replace('|{SMD5}$|', '', $encrypted);
$salt = substr($encrypted, -16);
return $encrypted == base64_encode(mhash(MHASH_SMD5, $plaintext . $salt) . $salt);
More information about the dev
mailing list