changed password hash function, MHash is only needed if PHP < 4.3
This commit is contained in:
Roland Gruber
parent
40e0e9e9d6
commit
a7a4da3a06
|
|
@ -25,6 +25,10 @@ $Id$
|
||||||
|
|
||||||
include_once("config.inc");
|
include_once("config.inc");
|
||||||
|
|
||||||
|
// converts a HEX string to a binary value
|
||||||
|
function hex2bin($value) {
|
||||||
|
return pack("H*", $value);
|
||||||
|
}
|
||||||
|
|
||||||
// returns the hash value of a plain text password
|
// returns the hash value of a plain text password
|
||||||
// the hash algorithm depends on the configuration file
|
// the hash algorithm depends on the configuration file
|
||||||
|
|
@ -36,6 +40,8 @@ function pwd_hash($password, $enabled=true) {
|
||||||
if ($enabled) return "";
|
if ($enabled) return "";
|
||||||
else return "!";
|
else return "!";
|
||||||
}
|
}
|
||||||
|
// calculate new random number
|
||||||
|
$_SESSION['ldap']->new_rand();
|
||||||
// hash password with algorithm from config file
|
// hash password with algorithm from config file
|
||||||
$hash = "";
|
$hash = "";
|
||||||
switch ($_SESSION['config']->get_pwdhash()) {
|
switch ($_SESSION['config']->get_pwdhash()) {
|
||||||
|
|
@ -43,30 +49,66 @@ function pwd_hash($password, $enabled=true) {
|
||||||
$hash = "{CRYPT}" . crypt($password);
|
$hash = "{CRYPT}" . crypt($password);
|
||||||
break;
|
break;
|
||||||
case 'MD5':
|
case 'MD5':
|
||||||
$hash = "{MD5}" . base64_encode(mHash(MHASH_MD5, $password));
|
$hash = "{MD5}" . base64_encode(hex2bin(md5($password)));
|
||||||
break;
|
break;
|
||||||
case 'SMD5':
|
case 'SMD5':
|
||||||
$salt = mhash_keygen_s2k(MHASH_MD5, $password, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
|
$salt0 = substr(pack("h*", md5($_SESSION['ldap']->rand)), 0, 8);
|
||||||
$hash = base64_encode(mHash(MHASH_MD5, $password . $salt) . $salt);
|
$salt = substr(pack("H*", md5($salt0 . $password)), 0, 4);
|
||||||
$hash = "{SMD5}" . $hash;
|
$hash = "{SMD5}" . base64_encode(hex2bin(md5($password . $salt)) . $salt);
|
||||||
break;
|
break;
|
||||||
case 'SHA':
|
case 'SHA':
|
||||||
$hash = base64_encode(mHash(MHASH_SHA1, $password));
|
// PHP 4.3+ can use sha1() function
|
||||||
$hash = "{SHA}" . $hash;
|
if (function_exists(sha1)) {
|
||||||
|
$hash = "{SHA}" . base64_encode(hex2bin(sha1($password)));
|
||||||
|
}
|
||||||
|
// otherwise use MHash
|
||||||
|
elseif (function_exists(mHash)) {
|
||||||
|
$hash = "{SHA}" . base64_encode(mHash(MHASH_SHA1, $password));
|
||||||
|
}
|
||||||
|
// if SHA1 is not possible use crypt()
|
||||||
|
else {
|
||||||
|
$hash = "{CRYPT}" . crypt($password);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case 'SSHA':
|
case 'SSHA':
|
||||||
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
|
// PHP 4.3+ can use sha1() function
|
||||||
$hash = base64_encode(mHash(MHASH_SHA1, $password . $salt) . $salt);
|
if (function_exists(sha1)) {
|
||||||
$hash = "{SSHA}" . $hash;
|
$salt0 = substr(pack("h*", md5($_SESSION['ldap']->rand)), 0, 8);
|
||||||
|
$salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4);
|
||||||
|
$hash = "{SSHA}" . base64_encode(hex2bin(sha1($password . $salt)) . $salt);
|
||||||
|
}
|
||||||
|
// otherwise use MHash
|
||||||
|
elseif (function_exists(mHash)) {
|
||||||
|
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack("h*", md5($_SESSION['ldap']->rand)), 0, 8), 4);
|
||||||
|
$hash = base64_encode(mHash(MHASH_SHA1, $password . $salt) . $salt);
|
||||||
|
$hash = "{SSHA}" . $hash;
|
||||||
|
}
|
||||||
|
// if SSHA is not possible use crypt()
|
||||||
|
else {
|
||||||
|
$hash = "{CRYPT}" . crypt($password);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case 'PLAIN':
|
case 'PLAIN':
|
||||||
$hash = $password;
|
$hash = $password;
|
||||||
break;
|
break;
|
||||||
// use SSHA if the setting is invalid
|
// use SSHA if the setting is invalid
|
||||||
default:
|
default:
|
||||||
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
|
// PHP 4.3+ can use sha1() function
|
||||||
$hash = base64_encode(mHash(MHASH_SHA1, $password . $salt) . $salt);
|
if (function_exists(sha1)) {
|
||||||
$hash = "{SSHA}" . $hash;
|
$salt0 = substr(pack("h*", md5($_SESSION['ldap']->rand)), 0, 8);
|
||||||
|
$salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4);
|
||||||
|
$hash = "{SSHA}" . base64_encode(hex2bin(sha1($password . $salt)) . $salt);
|
||||||
|
}
|
||||||
|
// otherwise use MHash
|
||||||
|
elseif (function_exists(mHash)) {
|
||||||
|
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack("h*", md5($_SESSION['ldap']->rand)), 0, 8), 4);
|
||||||
|
$hash = base64_encode(mHash(MHASH_SHA1, $password . $salt) . $salt);
|
||||||
|
$hash = "{SSHA}" . $hash;
|
||||||
|
}
|
||||||
|
// if SSHA is not possible use crypt()
|
||||||
|
else {
|
||||||
|
$hash = "{CRYPT}" . crypt($password);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
// enable/disable password
|
// enable/disable password
|
||||||
|
|
@ -366,6 +408,13 @@ class Ldap{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// calculates a new value for rand
|
||||||
|
function new_rand() {
|
||||||
|
// change random number
|
||||||
|
mt_srand($this->rand + (microtime() * 1000000));
|
||||||
|
$this->rand = mt_rand();
|
||||||
|
}
|
||||||
|
|
||||||
// encrypts username and password
|
// encrypts username and password
|
||||||
// $username: LDAP user name
|
// $username: LDAP user name
|
||||||
// $password: LDAP password
|
// $password: LDAP password
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue