Blowfish added

This commit is contained in:
Roland Gruber 2004-01-10 10:21:47 +00:00
parent e3977e4694
commit 2b80daee2d
7 changed files with 92 additions and 83 deletions

View File

@ -201,7 +201,7 @@ function getquotas($users) {
if (is_array($users)) $return = $users; if (is_array($users)) $return = $users;
else $return[0] = $users; else $return[0] = $users;
// get username and password of the current lam-admin // get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt_login();
/* $towrite has the following syntax: /* $towrite has the following syntax:
* admin-username, admin-password, account with quotas, 'quota', operation='get', type=user|group * admin-username, admin-password, account with quotas, 'quota', operation='get', type=user|group
* use escapeshellarg to make exec() shell-safe * use escapeshellarg to make exec() shell-safe
@ -299,7 +299,7 @@ function getquotas($users) {
*/ */
function setquotas($values2) { function setquotas($values2) {
// get username and password of the current lam-admin // get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt_login();
/* $towrite has the following syntax: /* $towrite has the following syntax:
* admin-username, admin-password, account with quotas, 'quota', operation='set', type=user|group * admin-username, admin-password, account with quotas, 'quota', operation='set', type=user|group
* use escapeshellarg to make exec() shell-safe * use escapeshellarg to make exec() shell-safe
@ -390,7 +390,7 @@ function setquotas($values2) {
*/ */
function remquotas($users, $type) { function remquotas($users, $type) {
// get username and password of the current lam-admin // get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt_login();
/* $towrite has the following syntax: /* $towrite has the following syntax:
* admin-username, admin-password, account with quotas, 'quota', operation='rem', type=user|group * admin-username, admin-password, account with quotas, 'quota', operation='rem', type=user|group
* use escapeshellarg to make exec() shell-safe * use escapeshellarg to make exec() shell-safe
@ -455,7 +455,7 @@ function remquotas($users, $type) {
*/ */
function addhomedir($users) { function addhomedir($users) {
// get username and password of the current lam-admin // get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt_login();
/* $towrite has the following syntax: /* $towrite has the following syntax:
* admin-username, admin-password, owner of homedir, 'home', operation='add' * admin-username, admin-password, owner of homedir, 'home', operation='add'
* use escapeshellarg to make exec() shell-safe * use escapeshellarg to make exec() shell-safe
@ -521,7 +521,7 @@ function addhomedir($users) {
*/ */
function remhomedir($users) { function remhomedir($users) {
// get username and password of the current lam-admin // get username and password of the current lam-admin
$ldap_q = $_SESSION['ldap']->decrypt(); $ldap_q = $_SESSION['ldap']->decrypt_login();
/* $towrite has the following syntax: /* $towrite has the following syntax:
* admin-username, admin-password, owner of homedir, 'home', operation='add' * admin-username, admin-password, owner of homedir, 'home', operation='add'
* use escapeshellarg to make exec() shell-safe * use escapeshellarg to make exec() shell-safe
@ -1309,15 +1309,11 @@ function createuser($values, $uselamdaemon=true) {
// Create DN for new user account // Create DN for new user account
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn; $values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
// decrypt password because we don't want to store them unencrypted in session // decrypt password because we don't want to store them unencrypted in session
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
if ($values->unix_password != '') { if ($values->unix_password != '') {
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv); $values->unix_password = $_SESSION['ldap']->decrypt(base64_decode($values->unix_password));
$values->unix_password = str_replace(chr(00), '', $values->unix_password);
} }
if ($values->smb_password != '') { if ($values->smb_password != '') {
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv); $values->smb_password = $_SESSION['ldap']->decrypt(base64_decode($values->smb_password));
$values->smb_password = str_replace(chr(00), '', $values->smb_password);
} }
// Attributes which are required // Attributes which are required
@ -1499,15 +1495,11 @@ function modifyuser($values,$values_old,$uselamdaemon=true) { // Will modify the
// Create DN for new user account // Create DN for new user account
$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn; $values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
// decrypt password because we don't want to store them unencrypted in session // decrypt password because we don't want to store them unencrypted in session
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
if ($values->unix_password != '') { if ($values->unix_password != '') {
$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv); $values->unix_password = $_SESSION['ldap']->decrypt(base64_decode($values->unix_password));
$values->unix_password = str_replace(chr(00), '', $values->unix_password);
} }
if ($values->smb_password != '') { if ($values->smb_password != '') {
$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv); $values->smb_password = $_SESSION['ldap']->decrypt(base64_decode($values->smb_password));
$values->smb_password = str_replace(chr(00), '', $values->smb_password);
} }
// Attributes which are required // Attributes which are required
if ($values->general_username != $values_old->general_username) { if ($values->general_username != $values_old->general_username) {

View File

@ -24,6 +24,7 @@ $Id$
// ldap.inc provides basic functions to connect to the OpenLDAP server. // ldap.inc provides basic functions to connect to the OpenLDAP server.
include_once("config.inc"); include_once("config.inc");
include_once("blowfish.inc");
// converts a HEX string to a binary value // converts a HEX string to a binary value
function hex2bin($value) { function hex2bin($value) {
@ -233,7 +234,7 @@ class Ldap{
return false; return false;
} }
// save password und username encrypted // save password und username encrypted
$this->encrypt($user, $passwd); $this->encrypt_login($user, $passwd);
$this->server = @ldap_connect($this->conf->get_ServerURL()); $this->server = @ldap_connect($this->conf->get_ServerURL());
if ($this->server) { if ($this->server) {
// use LDAPv3 // use LDAPv3
@ -386,7 +387,7 @@ class Ldap{
// reconnects to LDAP server when deserialized // reconnects to LDAP server when deserialized
function __wakeup() { function __wakeup() {
$data = $this->decrypt(); $data = $this->decrypt_login();
$this->connect($data[0], $data[1]); $this->connect($data[0], $data[1]);
// change random number // change random number
mt_srand($this->rand + (microtime() * 1000000)); mt_srand($this->rand + (microtime() * 1000000));
@ -415,32 +416,74 @@ class Ldap{
$this->rand = mt_rand(); $this->rand = mt_rand();
} }
// encrypts a string
// $data: string to encrypt
// return: encrypted string
function encrypt($data) {
// use MCrypt if available
if (function_exists(mcrypt_create_iv)) {
// read key and iv from cookie
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
// encrypt string
return mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv);
}
// use Blowfish if MCrypt is not available
else {
// read key and iv from cookie
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$b_key = $iv . $key;
// encrypt string
$b_fish = new Cipher_blowfish();
return $b_fish->encrypt($data, $b_key);
}
}
// decrypts a string
// $data: string to decrypt
// return: decrypted string
function decrypt($data) {
// use MCrypt if available
if (function_exists(mcrypt_create_iv)) {
// read key and iv from cookie
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
// decrypt string
$ret = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv);
$ret = str_replace(chr(00), "", $ret);
return $ret;
}
// use Blowfish if MCrypt is not available
else {
// read key and iv from cookie
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$b_key = $iv . $key;
// decrypt string
$b_fish = new Cipher_blowfish();
return $b_fish->decrypt($data, $b_key);
}
}
// encrypts username and password // encrypts username and password
// $username: LDAP user name // $username: LDAP user name
// $password: LDAP password // $password: LDAP password
function encrypt($username, $password) { function encrypt_login($username, $password) {
// read key and iv from cookie
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
// encrypt username and password // encrypt username and password
$this->username = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $username, MCRYPT_MODE_ECB, $iv)); $this->username = base64_encode($this->encrypt($username));
$this->password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $password, MCRYPT_MODE_ECB, $iv)); $this->password = base64_encode($this->encrypt($password));
} }
// decrypts username and password // decrypts username and password
// returns an array // returns an array
// return[0]: user name // return[0]: user name
// return[1]: password // return[1]: password
function decrypt() { function decrypt_login() {
// read key and iv from cookie
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
// decrypt username and password // decrypt username and password
$username = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->username), MCRYPT_MODE_ECB, $iv); $username = $this->decrypt(base64_decode($this->username));
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->password), MCRYPT_MODE_ECB, $iv); $password = $this->decrypt(base64_decode($this->password));
$ret = array($username, $password); $ret = array($username, $password);
$ret[0] = str_replace(chr(00), "", $ret[0]);
$ret[1] = str_replace(chr(00), "", $ret[1]);
return $ret; return $ret;
} }

View File

@ -41,8 +41,6 @@ function createUserPDF($accounts) {
$pdfFile->setCreator("LDAP Account Manager (pdf.inc)"); $pdfFile->setCreator("LDAP Account Manager (pdf.inc)");
// Loop for every sumbitted account and print its values on a extra page // Loop for every sumbitted account and print its values on a extra page
foreach ($accounts as $account) { foreach ($accounts as $account) {
$iv = base64_decode($_COOKIE['IV']);
$key = base64_decode($_COOKIE['Key']);
$pdfFile->addPage(); $pdfFile->addPage();
// Load string with additional information from session // Load string with additional information from session
$info_string = $_SESSION['config']->pdftext; $info_string = $_SESSION['config']->pdftext;
@ -141,8 +139,7 @@ function createUserPDF($accounts) {
elseif($account->unix_password == "") { elseif($account->unix_password == "") {
} }
else { else {
$account->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account->unix_password), MCRYPT_MODE_ECB, $iv); $account->unix_password = $_SESSION['ldap']->decrypt(base64_decode($account->unix_password));
$account->unix_password = str_replace(chr(00), '', $account->unix_password);
$pdfFile->setFont("times","B",10); $pdfFile->setFont("times","B",10);
$pdfFile->Cell(50,5,_("Unix password") . ":",0,0,"R",0); $pdfFile->Cell(50,5,_("Unix password") . ":",0,0,"R",0);
$pdfFile->setFont("times","",10); $pdfFile->setFont("times","",10);
@ -199,8 +196,7 @@ function createUserPDF($accounts) {
elseif($account->smb_password == "") { elseif($account->smb_password == "") {
} }
else { else {
$account->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account->smb_password), MCRYPT_MODE_ECB, $iv); $account->smb_password = $_SESSION['ldap']->decrypt(base64_decode($account->smb_password));
$account->smb_password = str_replace(chr(00), '', $account->smb_password);
$pdfFile->setFont("times","B",10); $pdfFile->setFont("times","B",10);
$pdfFile->Cell(50,5,_("Windows password") . ":",0,0,"R",0); $pdfFile->Cell(50,5,_("Windows password") . ":",0,0,"R",0);
$pdfFile->setFont("times","",10); $pdfFile->setFont("times","",10);

View File

@ -310,14 +310,12 @@ switch ($_POST['select']) {
case 'unix': case 'unix':
// Write all general values into $account_new // Write all general values into $account_new
if (isset($_POST['f_unix_password'])) { if (isset($_POST['f_unix_password'])) {
// Encraypt password // Encrypt password
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
if ($_POST['f_unix_password'] != $_POST['f_unix_password2']) { if ($_POST['f_unix_password'] != $_POST['f_unix_password2']) {
$errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.')); $errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
unset ($_POST['f_unix_password2']); unset ($_POST['f_unix_password2']);
} }
else $account_new->unix_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $_POST['f_unix_password'], MCRYPT_MODE_ECB, $iv)); else $account_new->unix_password = base64_encode($_SESSION['ldap']->encrypt($_POST['f_unix_password']));
} }
else $account_new->unix_password = ''; else $account_new->unix_password = '';
if ($_POST['f_unix_password_no']) $account_new->unix_password_no = true; if ($_POST['f_unix_password_no']) $account_new->unix_password_no = true;
@ -333,9 +331,7 @@ switch ($_POST['select']) {
else $account_new->unix_deactivated = false; else $account_new->unix_deactivated = false;
if ($_POST['genpass']) { if ($_POST['genpass']) {
// Generate a random password if generate-button was pressed // Generate a random password if generate-button was pressed
$iv = base64_decode($_COOKIE["IV"]); $account_new->unix_password = base64_encode($_SESSION['ldap']->encrypt(genpasswd()));
$key = base64_decode($_COOKIE["Key"]);
$account_new->unix_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, genpasswd(), MCRYPT_MODE_ECB, $iv));
unset ($_POST['f_unix_password2']); unset ($_POST['f_unix_password2']);
// Keep unix-page acitve // Keep unix-page acitve
$select_local = 'unix'; $select_local = 'unix';
@ -343,10 +339,7 @@ switch ($_POST['select']) {
// Check if values are OK and set automatic values. if not error-variable will be set // Check if values are OK and set automatic values. if not error-variable will be set
else { // account.inc else { // account.inc
if ($account_new->unix_password != '') { if ($account_new->unix_password != '') {
$iv = base64_decode($_COOKIE["IV"]); $password = $_SESSION['ldap']->decrypt(base64_decode($account_new->unix_password));
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
} }
if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $password)) if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $password))
$errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !')); $errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
@ -412,8 +405,6 @@ switch ($_POST['select']) {
break; break;
} }
} }
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
// Set Samba password // Set Samba password
if (isset($_POST['f_smb_password']) && !$account_new->smb_useunixpwd) { if (isset($_POST['f_smb_password']) && !$account_new->smb_useunixpwd) {
// Encraypt password // Encraypt password
@ -421,14 +412,13 @@ switch ($_POST['select']) {
$errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.')); $errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
unset ($_POST['f_smb_password2']); unset ($_POST['f_smb_password2']);
} }
else $account_new->smb_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $_POST['f_smb_password'], MCRYPT_MODE_ECB, $iv)); else $account_new->smb_password = base64_encode($_SESSION['ldap']->encrypt($_POST['f_smb_password']));
} }
else $account_new->smb_password = ''; else $account_new->smb_password = '';
if ( (($account_new->smb_useunixpwd && !$account_old) || ($account_new->smb_useunixpwd && $account_new->unix_password!='')) && isset($account_new->unix_password) ) { if ( (($account_new->smb_useunixpwd && !$account_old) || ($account_new->smb_useunixpwd && $account_new->unix_password!='')) && isset($account_new->unix_password) ) {
// Set Samba-Password to unix-password if option is set // Set Samba-Password to unix-password if option is set
$unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv); $unix_password = $_SESSION['ldap']->decrypt(base64_decode($account_new->unix_password));
$smb_password = str_replace(chr(00), '', $unix_password); $account_new->smb_password = base64_encode($_SESSION['ldap']->encrypt($smb_password));
$account_new->smb_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $smb_password, MCRYPT_MODE_ECB, $iv));
} }
// Check values // Check values
$account_new->smb_scriptPath = str_replace('$user', $account_new->general_username, $account_new->smb_scriptPath); $account_new->smb_scriptPath = str_replace('$user', $account_new->general_username, $account_new->smb_scriptPath);
@ -1034,10 +1024,7 @@ switch ($select_local) {
// Unix Password Settings // Unix Password Settings
// decrypt password // decrypt password
if ($account_new->unix_password != '') { if ($account_new->unix_password != '') {
$iv = base64_decode($_COOKIE["IV"]); $password = $_SESSION['ldap']->decrypt(base64_decode($account_new->unix_password));
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
} }
else $password=''; else $password='';
// Use dd-mm-yyyy format of date because it's easier to read for humans // Use dd-mm-yyyy format of date because it's easier to read for humans
@ -1145,10 +1132,7 @@ switch ($select_local) {
// Samba Settings // Samba Settings
// decrypt password // decrypt password
if ($account_new->smb_password != '') { if ($account_new->smb_password != '') {
$iv = base64_decode($_COOKIE["IV"]); $password = $_SESSION['ldap']->decrypt(base64_decode($account_new->smb_password));
$key = base64_decode($_COOKIE["Key"]);
$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->smb_password), MCRYPT_MODE_ECB, $iv);
$password = str_replace(chr(00), '', $password);
} }
else $password = ""; else $password = "";
if ($config_intern->is_samba3()) $samba3domains = $ldap_intern->search_domains($config_intern->get_domainSuffix()); if ($config_intern->is_samba3()) $samba3domains = $ldap_intern->search_domains($config_intern->get_domainSuffix());

View File

@ -96,7 +96,7 @@ if ($_POST['submit'] || $_POST['cancel']) {
$back = false; $back = false;
if ($_GET['back'] || $_POST['back']) { if ($_GET['back'] || $_POST['back']) {
$back = true; $back = true;
$auth = $_SESSION['confwiz_ldap']->decrypt(); $auth = $_SESSION['confwiz_ldap']->decrypt_login();
} }
echo $_SESSION['header']; echo $_SESSION['header'];

View File

@ -47,6 +47,14 @@ function display_LoginPage($config_object,$profile)
$iv = mcrypt_create_iv(32, MCRYPT_RAND); $iv = mcrypt_create_iv(32, MCRYPT_RAND);
} }
} }
// use Blowfish if MCrypt is not available
else {
// generate iv and key for encryption
$key = "";
$iv = "";
while (strlen($key) < 30) $key .= mt_rand();
while (strlen($iv) < 30) $iv .= mt_rand();
}
// save both in cookie // save both in cookie
setcookie("Key", base64_encode($key), 0, "/"); setcookie("Key", base64_encode($key), 0, "/");
@ -113,16 +121,8 @@ function display_LoginPage($config_object,$profile)
</table> </table>
<hr><br><br> <hr><br><br>
<?php <?php
if(! function_exists('mcrypt_create_iv')) { if ((! function_exists('mHash')) && (! function_exists('sha1'))) {
StatusMessage("ERROR", "Your PHP does not support MCrypt, you will not be able to log in! Please install the required package.","See http://lam.sf.net/documentation/faq.html#2 for Suse/RedHat"); StatusMessage("INFO", "Your PHP does not support MHash or sha1(), you will only be able to use CRYPT/PLAIN/MD5/SMD5 for user passwords!", "Please install MHash or update to PHP >4.3.");
?>
</body>
</html>
<?php
exit;
}
if(! function_exists('mHash')) {
StatusMessage("WARN", "Your PHP does not support MHash, you will only be able to use CRYPT/PLAIN for user passwords! Please install the required package.","See http://lam.sf.net/documentation/faq.html#2 for Suse/RedHat");
} }
?> ?>
<p align="center"> <p align="center">

View File

@ -161,8 +161,6 @@ switch ($select) {
echo _('Creating users. Please stand by ....'); echo _('Creating users. Please stand by ....');
echo "</b></legend>\n<table border=0 width=\"100%\">\n"; echo "</b></legend>\n<table border=0 width=\"100%\">\n";
// Keys needed to encrypt passwords from session // Keys needed to encrypt passwords from session
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
$stay=true; $stay=true;
// Stay in loop as long there are still users to create and no error did ocour // Stay in loop as long there are still users to create and no error did ocour
while (($_SESSION['pointer'] < sizeof($_SESSION['accounts'])) && $stay) { while (($_SESSION['pointer'] < sizeof($_SESSION['accounts'])) && $stay) {
@ -227,8 +225,7 @@ switch ($select) {
$_SESSION['accounts'][$_SESSION['pointer']]->smb_profilePath = str_replace('$group', $_SESSION['accounts'][$_SESSION['pointer']]->general_group, $_SESSION['accounts'][$_SESSION['pointer']]->smb_profilePath); $_SESSION['accounts'][$_SESSION['pointer']]->smb_profilePath = str_replace('$group', $_SESSION['accounts'][$_SESSION['pointer']]->general_group, $_SESSION['accounts'][$_SESSION['pointer']]->smb_profilePath);
$_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome = str_replace('$user', $_SESSION['accounts'][$_SESSION['pointer']]->general_username, $_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome); $_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome = str_replace('$user', $_SESSION['accounts'][$_SESSION['pointer']]->general_username, $_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome);
$_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome = str_replace('$group', $_SESSION['accounts'][$_SESSION['pointer']]->general_group, $_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome); $_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome = str_replace('$group', $_SESSION['accounts'][$_SESSION['pointer']]->general_group, $_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome);
$_SESSION['accounts'][$_SESSION['pointer']]->unix_password = base64_encode(mcrypt_encrypt( $_SESSION['accounts'][$_SESSION['pointer']]->unix_password = base64_encode($_SESSION['ldap']->encrypt(genpasswd()));
MCRYPT_RIJNDAEL_256, $key, genpasswd(), MCRYPT_MODE_ECB, $iv));
$_SESSION['accounts'][$_SESSION['pointer']]->smb_password = $_SESSION['accounts'][$_SESSION['pointer']]->unix_password; $_SESSION['accounts'][$_SESSION['pointer']]->smb_password = $_SESSION['accounts'][$_SESSION['pointer']]->unix_password;
// Only create user if we have at least 5sec time to create the user // Only create user if we have at least 5sec time to create the user
if ( (time()-$time)<(get_cfg_var('max_execution_time')-10)) { if ( (time()-$time)<(get_cfg_var('max_execution_time')-10)) {
@ -474,8 +471,6 @@ function loadfile() {
$profile->quota = array_values($profile->quota); $profile->quota = array_values($profile->quota);
} }
// Get keys to en/decrypt passwords // Get keys to en/decrypt passwords
$iv = base64_decode($_COOKIE["IV"]);
$key = base64_decode($_COOKIE["Key"]);
for ($row=0; $line_array=fgetcsv($handle,2048); $row++) { for ($row=0; $line_array=fgetcsv($handle,2048); $row++) {
// loops for every row // loops for every row
// Set corrent user to profile // Set corrent user to profile
@ -508,8 +503,7 @@ function loadfile() {
// Set DN without uid=$username // Set DN without uid=$username
else $_SESSION['accounts'][$row]->general_dn = $_POST['f_general_suffix']; else $_SESSION['accounts'][$row]->general_dn = $_POST['f_general_suffix'];
// Create Random Password // Create Random Password
$_SESSION['accounts'][$row]->unix_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $_SESSION['accounts'][$row]->unix_password = base64_encode($_SESSION['ldap']->encrypt(genpasswd()));
$key, genpasswd(), MCRYPT_MODE_ECB, $iv));
$_SESSION['accounts'][$row]->smb_password=$_SESSION['accounts'][$row]->unix_password; $_SESSION['accounts'][$row]->smb_password=$_SESSION['accounts'][$row]->unix_password;
} }
} }