fixed password disabling

This commit is contained in:
Roland Gruber 2004-03-27 13:48:07 +00:00
parent 3d1941374a
commit 06263f5b61
1 changed files with 34 additions and 11 deletions

View File

@ -38,8 +38,7 @@ function hex2bin($value) {
function pwd_hash($password, $enabled=true) { function pwd_hash($password, $enabled=true) {
// check for empty password // check for empty password
if (! $password || ($password == "")) { if (! $password || ($password == "")) {
if ($enabled) return ""; return "";
else return "!";
} }
// calculate new random number // calculate new random number
$_SESSION['ldap']->new_rand(); $_SESSION['ldap']->new_rand();
@ -113,7 +112,7 @@ function pwd_hash($password, $enabled=true) {
break; break;
} }
// enable/disable password // enable/disable password
if (! $enabled) return "!" . $hash; if (! $enabled) return pwd_disable($hash);
else return $hash; else return $hash;
} }
@ -122,12 +121,21 @@ function pwd_hash($password, $enabled=true) {
// and returns the new hash string // and returns the new hash string
// hash: hash value to enable // hash: hash value to enable
function pwd_enable($hash) { function pwd_enable($hash) {
// check if password is disabled // check if password is disabled (old wrong LAM method)
if ((substr($hash, 0, 1) == "!") || ((substr($hash, 0, 1) == "*"))) { if ((substr($hash, 0, 2) == "!{") || ((substr($hash, 0, 2) == "*{"))) {
return substr($hash, 1, strlen($hash)); return substr($hash, 1, strlen($hash));
} }
// check for "!" or "*" at beginning of password hash
else { else {
return $hash; if (substr($hash, 0, 1) == "{") {
$pos = strpos($hash, "}");
if ((substr($hash, $pos + 1, 1) == "!") || (substr($hash, $pos + 1, 1) == "*")) {
// enable hash
return substr($hash, 0, $pos + 1) . substr($hash, $pos + 2, strlen($hash));
}
else return $hash; // not disabled
}
else return $hash; // password is plain text
} }
} }
@ -135,20 +143,35 @@ function pwd_enable($hash) {
// and returns the new hash string // and returns the new hash string
// hash: hash value to disable // hash: hash value to disable
function pwd_disable($hash) { function pwd_disable($hash) {
// check if already disabled // check if password is disabled (old wrong LAM method)
if ((substr($hash, 0, 1) == "!") || ((substr($hash, 0, 1) == "*"))) { if ((substr($hash, 0, 2) == "!{") || ((substr($hash, 0, 2) == "*{"))) {
return $hash; return $hash;
} }
// check for "!" or "*" at beginning of password hash
else { else {
return "!" . $hash; if (substr($hash, 0, 1) == "{") {
$pos = strpos($hash, "}");
if ((substr($hash, $pos + 1, 1) == "!") || (substr($hash, $pos + 1, 1) == "*")) {
// hash already disabled
return $hash;
}
else return substr($hash, 0, $pos + 1) . "!" . substr($hash, $pos + 1, strlen($hash)); // not disabled
}
else return $hash; // password is plain text
} }
} }
// checks if a password hash is enabled/disabled // checks if a password hash is enabled/disabled
// returns true if the password is marked as enabled // returns true if the password is marked as enabled
function pwd_is_enabled($hash) { function pwd_is_enabled($hash) {
// disabled passwords have a "!" or "*" at the beginning // disabled passwords have a "!" or "*" at the beginning (old wrong LAM method)
if ((substr($hash, 0, 1) == "!") || ((substr($hash, 0, 1) == "*"))) return false; if ((substr($hash, 0, 2) == "!{") || ((substr($hash, 0, 2) == "*{"))) return false;
if (substr($hash, 0, 1) == "{") {
$pos = strrpos($hash, "}");
// check if hash starts with "!" or "*"
if ((substr($hash, $pos + 1, 1) == "!") || (substr($hash, $pos + 1, 1) == "*")) return false;
else return true;
}
else return true; else return true;
} }