WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

do not depend on $_SESSION['ldap'] for password hashing

This commit is contained in:
Roland Gruber 2006-11-11 10:15:38 +00:00
parent bc77117c11
commit b955a3d04d
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lam/lib/account.inc
View File

@ -231,7 +231,13 @@ function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
return ""; return "";
} }
// calculate new random number // calculate new random number
$_SESSION['ldap']->new_rand(); if (isset($_SESSION['ldap'])) {
$rand = $_SESSION['ldap']->new_rand();
}
else {
mt_srand((microtime() * 1000000));
$rand = mt_rand();
}
$hash = ""; $hash = "";
switch ($hashType) { switch ($hashType) {
case 'CRYPT': case 'CRYPT':
@ -241,7 +247,7 @@ function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
$hash = "{MD5}" . base64_encode(hex2bin(md5($password))); $hash = "{MD5}" . base64_encode(hex2bin(md5($password)));
break; break;
case 'SMD5': case 'SMD5':
$salt0 = substr(pack("h*", md5($_SESSION['ldap']->rand)), 0, 8); $salt0 = substr(pack("h*", md5($rand)), 0, 8);
$salt = substr(pack("H*", md5($salt0 . $password)), 0, 4); $salt = substr(pack("H*", md5($salt0 . $password)), 0, 4);
$hash = "{SMD5}" . base64_encode(hex2bin(md5($password . $salt)) . $salt); $hash = "{SMD5}" . base64_encode(hex2bin(md5($password . $salt)) . $salt);
break; break;
@ -262,13 +268,13 @@ function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
case 'SSHA': case 'SSHA':
// PHP 4.3+ can use sha1() function // PHP 4.3+ can use sha1() function
if (function_exists('sha1')) { if (function_exists('sha1')) {
$salt0 = substr(pack("h*", md5($_SESSION['ldap']->rand)), 0, 8); $salt0 = substr(pack("h*", md5($rand)), 0, 8);
$salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4);
$hash = "{SSHA}" . base64_encode(hex2bin(sha1($password . $salt)) . $salt); $hash = "{SSHA}" . base64_encode(hex2bin(sha1($password . $salt)) . $salt);
} }
// otherwise use MHash // otherwise use MHash
elseif (function_exists('mHash')) { elseif (function_exists('mHash')) {
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack("h*", md5($_SESSION['ldap']->rand)), 0, 8), 4); $salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack("h*", md5($rand)), 0, 8), 4);
$hash = base64_encode(mHash(MHASH_SHA1, $password . $salt) . $salt); $hash = base64_encode(mHash(MHASH_SHA1, $password . $salt) . $salt);
$hash = "{SSHA}" . $hash; $hash = "{SSHA}" . $hash;
} }
@ -284,13 +290,13 @@ function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
default: default:
// PHP 4.3+ can use sha1() function // PHP 4.3+ can use sha1() function
if (function_exists('sha1')) { if (function_exists('sha1')) {
$salt0 = substr(pack("h*", md5($_SESSION['ldap']->rand)), 0, 8); $salt0 = substr(pack("h*", md5($rand)), 0, 8);
$salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4);
$hash = "{SSHA}" . base64_encode(hex2bin(sha1($password . $salt)) . $salt); $hash = "{SSHA}" . base64_encode(hex2bin(sha1($password . $salt)) . $salt);
} }
// otherwise use MHash // otherwise use MHash
elseif (function_exists('mHash')) { elseif (function_exists('mHash')) {
$salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack("h*", md5($_SESSION['ldap']->rand)), 0, 8), 4); $salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack("h*", md5($rand)), 0, 8), 4);
$hash = base64_encode(mHash(MHASH_SHA1, $password . $salt) . $salt); $hash = base64_encode(mHash(MHASH_SHA1, $password . $salt) . $salt);
$hash = "{SSHA}" . $hash; $hash = "{SSHA}" . $hash;
} }