/**
* Process our <post> arguments from the templates
*/
protected function getPostAttribute($attribute, $i)
{
if (DEBUG_ENABLED && (($fargs = func_get_args()) || ($fargs = 'NOARGS'))) {
debug_log('Entered (%%)', 129, 0, __FILE__, __LINE__, __METHOD__, $fargs);
}
$autovalue = $attribute->getPostValue();
$args = explode(';', $autovalue['args']);
$server = $this->getServer();
$vals = $attribute->getValues();
switch ($autovalue['function']) {
/**
* Join will concatenate values with a string, similiar to explode()
* eg: =php.Join(-;%sambaSID%,%sidsuffix%)
*
* * arg 0
* - character to use when joining the attributes
*
* * arg 1
* - values to concatenate together. we'll explode %attr% values.
*/
case 'Join':
preg_match_all('/%(\\w+)(\\|.+)?(\\/[lU])?%/U', $args[1], $matchall);
$matchattrs = $matchall[1];
$char = $args[0];
$values = array();
$blank = 0;
foreach ($matchattrs as $joinattr) {
$attribute2 = $this->template->getAttribute($joinattr);
if (!$attribute2) {
if (($pv = get_request(strtolower($joinattr), 'REQUEST')) && isset($pv[$attribute->getName()][$i])) {
array_push($values, $pv[$attribute->getName()][$i]);
if (!$pv[$attribute->getName()][$i]) {
$blank++;
}
} else {
array_push($values, '');
$blank++;
}
} elseif (count($attribute2->getValues()) == 0) {
return;
} elseif (count($attribute2->getValues()) != 1) {
array_push($values, '');
$blank++;
system_message(array('title' => _('Invalid value count for [post] processing'), 'body' => sprintf('%s (<b>%s [%s]</b>)', _('Function() variable expansion can only handle 1 value'), $attribute->getName(false), count($attribute->getValues())), 'type' => 'warn'));
} else {
array_push($values, $attribute2->getValue(0));
}
}
# If all our value expansion results in blanks, we'll return no value
if (count($matchattrs) == $blank) {
if (count($vals) > 1) {
$vals[$i] = null;
} else {
$vals = null;
}
} else {
$vals[$i] = implode($char, $values);
}
break;
/**
* PasswordEncrypt will encrypt a password
* eg: =php.PasswordEncrypt(%enc%;%userPassword%)
*
* This function will encrypt the users password "userPassword" using the "enc" method.
*/
/**
* PasswordEncrypt will encrypt a password
* eg: =php.PasswordEncrypt(%enc%;%userPassword%)
*
* This function will encrypt the users password "userPassword" using the "enc" method.
*/
case 'PasswordEncrypt':
if (count($args) != 2) {
system_message(array('title' => _('Invalid argument count for PasswordEncrypt'), 'body' => sprintf('%s (<b>%s</b>)', _('PasswordEncrypt() only accepts two arguments'), $autovalue['args']), 'type' => 'warn'));
return;
}
if (!$attribute->hasBeenModified()) {
return;
}
# Get the attribute.
if (preg_match_all('/%(\\w+)(\\|.+)?(\\/[lU])?%/U', strtolower($args[1]), $matchall)) {
if (count($matchall[1]) != 1) {
system_message(array('title' => _('Invalid value count for PasswordEncrypt'), 'body' => sprintf('%s (<b>%s</b>)', _('Unable to get the attribute value for PasswordEncrypt()'), count($matchall[1])), 'type' => 'warn'));
}
$passwordattr = $matchall[1][0];
$passwordvalue = $_REQUEST['new_values'][$passwordattr][$i];
} else {
$passwordvalue = $args[1];
}
if (!trim($passwordvalue) || in_array($passwordvalue, $attribute->getOldValues())) {
return;
}
# Get the encoding
if ($passwordattr && preg_match_all('/%(\\w+)(\\|.+)?(\\/[lU])?%/U', strtolower($args[0]), $matchall)) {
if (count($matchall[1]) != 1) {
system_message(array('title' => _('Invalid value count for PasswordEncrypt'), 'body' => sprintf('%s (<b>%s</b>)', _('Unable to get the attribute value for PasswordEncrypt()'), count($matchall[1])), 'type' => 'warn'));
}
$enc = $_REQUEST[$matchall[1][0]][$passwordattr][$i];
} else {
$enc = $args[0];
}
$enc = strtolower($enc);
switch ($enc) {
case 'lm':
$sambapassword = new smbHash();
$vals[$i] = $sambapassword->lmhash($passwordvalue);
break;
case 'nt':
$sambapassword = new smbHash();
$vals[$i] = $sambapassword->nthash($passwordvalue);
break;
default:
$vals[$i] = pla_password_hash($passwordvalue, $enc);
}
$vals = array_unique($vals);
break;
default:
$vals = $this->get('AutoPost', $attribute, $i);
}
if (!$vals || $vals == $attribute->getValues()) {
return;
}
$attribute->clearValue();
if (!is_array($vals)) {
$attribute->setValue(array($vals));
} else {
$attribute->setValue($vals);
}
}
/**
* Given a clear-text password and a hash, this function determines if the clear-text password
* is the password that was used to generate the hash. This is handy to verify a user's password
* when all that is given is the hash and a "guess".
* @param String The hash.
* @param String The password in clear text to test.
* @return Boolean True if the clear password matches the hash, and false otherwise.
*/
function password_check($cryptedpassword, $plainpassword, $attribute = 'userpassword')
{
if (DEBUG_ENABLED && (($fargs = func_get_args()) || ($fargs = 'NOARGS'))) {
debug_log('Entered (%%)', 1, 0, __FILE__, __LINE__, __METHOD__, $fargs);
}
if (in_array($attribute, array('sambalmpassword', 'sambantpassword'))) {
$smb = new smbHash();
switch ($attribute) {
case 'sambalmpassword':
if (strcmp($smb->lmhash($plainpassword), strtoupper($cryptedpassword)) == 0) {
return true;
} else {
return false;
}
case 'sambantpassword':
if (strcmp($smb->nthash($plainpassword), strtoupper($cryptedpassword)) == 0) {
return true;
} else {
return false;
}
}
return false;
}
if (preg_match('/{([^}]+)}(.*)/', $cryptedpassword, $matches)) {
$cryptedpassword = $matches[2];
$cypher = strtolower($matches[1]);
} else {
$cypher = null;
}
switch ($cypher) {
# SSHA crypted passwords
case 'ssha':
# Check php mhash support before using it
if (function_exists('mhash')) {
$hash = base64_decode($cryptedpassword);
# OpenLDAP uses a 4 byte salt, SunDS uses an 8 byte salt - both from char 20.
$salt = substr($hash, 20);
$new_hash = base64_encode(mhash(MHASH_SHA1, $plainpassword . $salt) . $salt);
if (strcmp($cryptedpassword, $new_hash) == 0) {
return true;
} else {
return false;
}
} else {
error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'), 'error', 'index.php');
}
break;
# Salted MD5
# Salted MD5
case 'smd5':
# Check php mhash support before using it
if (function_exists('mhash')) {
$hash = base64_decode($cryptedpassword);
$salt = substr($hash, 16);
$new_hash = base64_encode(mhash(MHASH_MD5, $plainpassword . $salt) . $salt);
if (strcmp($cryptedpassword, $new_hash) == 0) {
return true;
} else {
return false;
}
} else {
error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'), 'error', 'index.php');
}
break;
# SHA crypted passwords
# SHA crypted passwords
case 'sha':
if (strcasecmp(pla_password_hash($plainpassword, 'sha'), '{SHA}' . $cryptedpassword) == 0) {
return true;
} else {
return false;
}
break;
# MD5 crypted passwords
# MD5 crypted passwords
case 'md5':
if (strcasecmp(pla_password_hash($plainpassword, 'md5'), '{MD5}' . $cryptedpassword) == 0) {
return true;
} else {
return false;
}
break;
# Crypt passwords
# Crypt passwords
case 'crypt':
# Check if it's blowfish crypt
if (preg_match('/^\\$2+/', $cryptedpassword)) {
# Make sure that web server supports blowfish crypt
if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
error(_('Your system crypt library does not support blowfish encryption.'), 'error', 'index.php');
}
list($version, $rounds, $salt_hash) = explode('$', $cryptedpassword);
if (crypt($plainpassword, '$' . $version . '$' . $rounds . '$' . $salt_hash) == $cryptedpassword) {
return true;
} else {
return false;
}
} elseif (strstr($cryptedpassword, '$1$')) {
# Make sure that web server supports md5 crypt
if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
error(_('Your system crypt library does not support md5crypt encryption.'), 'error', 'index.php');
}
list($dummy, $type, $salt, $hash) = explode('$', $cryptedpassword);
if (crypt($plainpassword, '$1$' . $salt) == $cryptedpassword) {
return true;
} else {
return false;
}
} elseif (strstr($cryptedpassword, '_')) {
# Make sure that web server supports ext_des
if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
error(_('Your system crypt library does not support extended DES encryption.'), 'error', 'index.php');
}
if (crypt($plainpassword, $cryptedpassword) == $cryptedpassword) {
return true;
} else {
return false;
}
} else {
if (crypt($plainpassword, $cryptedpassword) == $cryptedpassword) {
return true;
} else {
return false;
}
}
break;
# SHA512 crypted passwords
# SHA512 crypted passwords
case 'sha512':
if (strcasecmp(pla_password_hash($plainpassword, 'sha512'), '{SHA512}' . $cryptedpassword) == 0) {
return true;
} else {
return false;
}
break;
# No crypt is given assume plaintext passwords are used
# No crypt is given assume plaintext passwords are used
default:
if ($plainpassword == $cryptedpassword) {
return true;
} else {
return false;
}
}
}
