implemented username/password encryption
This commit is contained in:
parent
778f8572b9
commit
28444b9c7e
|
@ -144,29 +144,35 @@ class Ldap{
|
|||
}
|
||||
|
||||
// encrypts username and password
|
||||
// TODO: implement encryption algorithm
|
||||
function encrypt($username, $password) {
|
||||
$this->username = $username;
|
||||
$this->password = $password;
|
||||
// read key and iv from cookie
|
||||
$iv = base64_decode($_COOKIE["IV"]);
|
||||
$key = base64_decode($_COOKIE["Key"]);
|
||||
// encrypt username and password
|
||||
$this->username = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $username, MCRYPT_MODE_ECB, $iv));
|
||||
$this->password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $password, MCRYPT_MODE_ECB, $iv));
|
||||
}
|
||||
|
||||
// decrypts username and password
|
||||
// TODO: implement encryption algorithm
|
||||
function decrypt() {
|
||||
$ret = array($this->username, $this->password);
|
||||
// read key and iv from cookie
|
||||
$iv = base64_decode($_COOKIE["IV"]);
|
||||
$key = base64_decode($_COOKIE["Key"]);
|
||||
// decrypt username and password
|
||||
$username = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->username), MCRYPT_MODE_ECB, $iv);
|
||||
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->password), MCRYPT_MODE_ECB, $iv);
|
||||
$ret = array($username, $password);
|
||||
return $ret;
|
||||
}
|
||||
|
||||
|
||||
// closes connection to LDAP server and deletes encrypted username/password
|
||||
function destroy() {
|
||||
$this->close();
|
||||
$this->username="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
|
||||
$this->password="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
|
||||
// TODO: delete encryption key
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
|
||||
?>
|
|
@ -36,6 +36,13 @@ $session_save_path .= "/sess";
|
|||
|
||||
session_save_path($session_save_path); // Set session save path
|
||||
@session_start(); // Start LDAP Account Manager session
|
||||
// generate 256 bit key and initialization vector for user/passwd-encryption
|
||||
$key = mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
|
||||
$iv = mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
|
||||
|
||||
// save both in cookie
|
||||
setcookie("Key", base64_encode($key));
|
||||
setcookie("IV", base64_encode($iv));
|
||||
|
||||
// checking if the submitted username/password is correct.
|
||||
if($action == "checklogin")
|
||||
|
|
|
@ -23,6 +23,10 @@ $Id$
|
|||
|
||||
*/
|
||||
|
||||
// delete key and iv in cookie
|
||||
setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
|
||||
setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
|
||||
|
||||
include_once("../lib/ldap.php");
|
||||
|
||||
// start session
|
||||
|
|
|
@ -29,7 +29,7 @@ echo ("<title>LDAP Account Manager</title>\n");
|
|||
echo ("</head>\n");
|
||||
echo ("<frameset rows=\"130,*\">\n");
|
||||
echo ("<frame src=\"./main_header.php\" name=\"head\">\n");
|
||||
echo ("<frame src=\"../lib/listusers.php\" name=\"mainpart\">\n");
|
||||
echo ("<frame src=\"../lib/listhosts.php\" name=\"mainpart\">\n");
|
||||
echo ("<noframes>\n");
|
||||
echo ("This page requires a browser that can show frames!\n");
|
||||
echo ("</noframes>\n");
|
||||
|
|
Loading…
Reference in New Issue