implemented username/password encryption

20 years ago · 28444b9c7e
4 changed files with 27 additions and 10 deletions
--- a/lam/lib/ldap.php
+++ b/lam/lib/ldap.php
@ -144,29 +144,35 @@ class Ldap{
  }
  
  // encrypts username and password
-  // TODO: implement encryption algorithm
  function encrypt($username, $password) {
-	$this->username = $username;
-	$this->password = $password;
+	// read key and iv from cookie
+	$iv = base64_decode($_COOKIE["IV"]);
+	$key = base64_decode($_COOKIE["Key"]);
+	// encrypt username and password
+	$this->username = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $username, MCRYPT_MODE_ECB, $iv));
+	$this->password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $password, MCRYPT_MODE_ECB, $iv));
  }

  // decrypts username and password
-  // TODO: implement encryption algorithm
  function decrypt() {
-  	$ret = array($this->username, $this->password);
+  	// read key and iv from cookie
+	$iv = base64_decode($_COOKIE["IV"]);
+	$key = base64_decode($_COOKIE["Key"]);
+	// decrypt username and password
+	$username = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->username), MCRYPT_MODE_ECB, $iv);
+	$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->password), MCRYPT_MODE_ECB, $iv);
+  	$ret = array($username, $password);
 	return $ret;
  }
-  
+
  // closes connection to LDAP server and deletes encrypted username/password
  function destroy() {
  	$this->close();
 	$this->username="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
 	$this->password="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
-	// TODO: delete encryption key
  }

 }


-?>
- 
+?>
--- a/lam/templates/login.php
+++ b/lam/templates/login.php
@ -36,6 +36,13 @@ $session_save_path .= "/sess";

 session_save_path($session_save_path); // Set session save path
@session_start(); // Start LDAP Account Manager session
+// generate 256 bit key and initialization vector for user/passwd-encryption
+$key = mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
+$iv = mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
+
+// save both in cookie
+setcookie("Key", base64_encode($key));
+setcookie("IV", base64_encode($iv));

 // checking if the submitted username/password is correct.
 if($action == "checklogin")
--- a/lam/templates/logout.php
+++ b/lam/templates/logout.php
@ -23,6 +23,10 @@ $Id$
  
 */

+// delete key and iv in cookie
+setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
+setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
+
 include_once("../lib/ldap.php");

 // start session
--- a/lam/templates/main.php
+++ b/lam/templates/main.php
@ -29,7 +29,7 @@ echo ("<title>LDAP Account Manager</title>\n");
 echo ("</head>\n");
 echo ("<frameset rows=\"130,*\">\n");
 echo ("<frame src=\"./main_header.php\" name=\"head\">\n");
-echo ("<frame src=\"../lib/listusers.php\" name=\"mainpart\">\n");
+echo ("<frame src=\"../lib/listhosts.php\" name=\"mainpart\">\n");
 echo ("<noframes>\n");
 echo ("This page requires a browser that can show frames!\n");
 echo ("</noframes>\n");