diff --git a/lam/lib/ldap.php b/lam/lib/ldap.php
index 37a8ee5e..7e1fa7eb 100644
--- a/lam/lib/ldap.php
+++ b/lam/lib/ldap.php
@@ -144,29 +144,35 @@ class Ldap{
}
// encrypts username and password
- // TODO: implement encryption algorithm
function encrypt($username, $password) {
- $this->username = $username;
- $this->password = $password;
+ // read key and iv from cookie
+ $iv = base64_decode($_COOKIE["IV"]);
+ $key = base64_decode($_COOKIE["Key"]);
+ // encrypt username and password
+ $this->username = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $username, MCRYPT_MODE_ECB, $iv));
+ $this->password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $password, MCRYPT_MODE_ECB, $iv));
}
// decrypts username and password
- // TODO: implement encryption algorithm
function decrypt() {
- $ret = array($this->username, $this->password);
+ // read key and iv from cookie
+ $iv = base64_decode($_COOKIE["IV"]);
+ $key = base64_decode($_COOKIE["Key"]);
+ // decrypt username and password
+ $username = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->username), MCRYPT_MODE_ECB, $iv);
+ $password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->password), MCRYPT_MODE_ECB, $iv);
+ $ret = array($username, $password);
return $ret;
}
-
+
// closes connection to LDAP server and deletes encrypted username/password
function destroy() {
$this->close();
$this->username="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$this->password="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
- // TODO: delete encryption key
}
}
-?>
-
+?>
\ No newline at end of file
diff --git a/lam/templates/login.php b/lam/templates/login.php
index 0b969a3d..64d7904e 100644
--- a/lam/templates/login.php
+++ b/lam/templates/login.php
@@ -36,6 +36,13 @@ $session_save_path .= "/sess";
session_save_path($session_save_path); // Set session save path
@session_start(); // Start LDAP Account Manager session
+// generate 256 bit key and initialization vector for user/passwd-encryption
+$key = mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
+$iv = mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
+
+// save both in cookie
+setcookie("Key", base64_encode($key));
+setcookie("IV", base64_encode($iv));
// checking if the submitted username/password is correct.
if($action == "checklogin")
diff --git a/lam/templates/logout.php b/lam/templates/logout.php
index 687473a3..4895bc58 100644
--- a/lam/templates/logout.php
+++ b/lam/templates/logout.php
@@ -23,6 +23,10 @@ $Id$
*/
+// delete key and iv in cookie
+setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
+setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
+
include_once("../lib/ldap.php");
// start session
diff --git a/lam/templates/main.php b/lam/templates/main.php
index 76b0b097..320719da 100644
--- a/lam/templates/main.php
+++ b/lam/templates/main.php
@@ -29,7 +29,7 @@ echo ("LDAP Account Manager\n");
echo ("\n");
echo ("