function test_cryptPassword() { foreach ($this->passes as $method => $hash) { $info = "testing method {$method}"; $this->signal('failinfo', $info); $this->assertEqual(auth_cryptPassword('foo' . $method, $method, 'abcdefgh'), $hash); } }
function test_verifySelf() { foreach ($this->passes as $method => $hash) { $info = "testing method {$method}"; $this->signal('failinfo', $info); $hash = auth_cryptPassword('foo' . $method, $method); $this->assertTrue(auth_verifyPassword('foo' . $method, $hash)); } }
/** * Updates the user info in the database * * Update a user data structure in the database according changes * given in an array. The user name can only be changes if it didn't * exists already. If the new user name exists the update procedure * will be aborted. The database keeps unchanged. * * The database connection has already to be established for this * function to work. Otherwise it will return 'false'. * * The password will be crypted if necessary. * * @param $changes array of items to change as pairs of item and value * @param $uid user id of dataset to change, must be unique in DB * @return true on success or false on error * * @author Matthias Grimm <*****@*****.**> */ function _updateUserInfo($changes, $uid) { $sql = $this->cnf['updateUser'] . " "; $cnt = 0; $err = 0; if ($this->dbcon) { foreach ($changes as $item => $value) { if ($item == 'user') { if ($this->_getUserID($changes['user'])) { $err = 1; /* new username already exists */ break; /* abort update */ } if ($cnt++ > 0) { $sql .= ", "; } $sql .= str_replace('%{user}', $value, $this->cnf['UpdateLogin']); } else { if ($item == 'name') { if ($cnt++ > 0) { $sql .= ", "; } $sql .= str_replace('%{name}', $value, $this->cnf['UpdateName']); } else { if ($item == 'pass') { if (!$this->cnf['forwardClearPass']) { $value = auth_cryptPassword($value); } if ($cnt++ > 0) { $sql .= ", "; } $sql .= str_replace('%{pass}', $value, $this->cnf['UpdatePass']); } else { if ($item == 'mail') { if ($cnt++ > 0) { $sql .= ", "; } $sql .= str_replace('%{email}', $value, $this->cnf['UpdateEmail']); } } } } } if ($err == 0) { if ($cnt > 0) { $sql .= " " . str_replace('%{uid}', $uid, $this->cnf['UpdateTarget']); if (get_class($this) == 'auth_mysql') { $sql .= " LIMIT 1"; } //some PgSQL inheritance comp. $this->_modifyDB($sql); } return true; } } return false; }
/** * Modify user data * * @author Chris Smith <*****@*****.**> * @param $user nick of the user to be changed * @param $changes array of field/value pairs to be changed (password will be clear text) * @return bool */ function modifyUser($user, $changes) { global $conf; global $ACT; global $INFO; global $config_cascade; // sanity checks, user must already exist and there must be something to change if (($userinfo = $this->getUserData($user)) === false) { return false; } if (!is_array($changes) || !count($changes)) { return true; } // update userinfo with new data, remembering to encrypt any password $newuser = $user; foreach ($changes as $field => $value) { if ($field == 'user') { $newuser = $value; continue; } if ($field == 'pass') { $value = auth_cryptPassword($value); } $userinfo[$field] = $value; } $groups = join(',', $userinfo['grps']); $userline = join(':', array($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $groups)) . "\n"; if (!$this->deleteUsers(array($user))) { msg('Unable to modify user data. Please inform the Wiki-Admin', -1); return false; } if (!io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) { msg('There was an error modifying your user data. You should register again.', -1); // FIXME, user has been deleted but not recreated, should force a logout and redirect to login page $ACT == 'register'; return false; } $this->users[$newuser] = $userinfo; return true; }
/** * Modify user data * * @author Chris Smith <*****@*****.**> * @param string $user nick of the user to be changed * @param array $changes array of field/value pairs to be changed (password will be clear text) * @return bool */ public function modifyUser($user, $changes) { global $ACT; global $config_cascade; // sanity checks, user must already exist and there must be something to change if (($userinfo = $this->getUserData($user)) === false) { msg($this->getLang('usernotexists'), -1); return false; } if (!is_array($changes) || !count($changes)) { return true; } // update userinfo with new data, remembering to encrypt any password $newuser = $user; foreach ($changes as $field => $value) { if ($field == 'user') { $newuser = $value; continue; } if ($field == 'pass') { $value = auth_cryptPassword($value); } $userinfo[$field] = $value; } $userline = $this->_createUserLine($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $userinfo['grps']); if (!$this->deleteUsers(array($user))) { msg($this->getLang('writefail'), -1); return false; } if (!io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) { msg('There was an error modifying your user data. You should register again.', -1); // FIXME, user has been deleted but not recreated, should force a logout and redirect to login page // Should replace the delete/save hybrid modify with an atomic io_replaceInFile $ACT = 'register'; return false; } $this->users[$newuser] = $userinfo; return true; }
/** * Modify user data * * @param string $user nick of the user to be changed * @param array $changes array of field/value pairs to be changed (password will be clear text) * @return bool */ public function modifyUser($user, $changes) { // secure everything in transaction $this->pdo->beginTransaction(); $olddata = $this->getUserData($user); $oldgroups = $olddata['grps']; unset($olddata['grps']); // changing the user name? if (isset($changes['user'])) { if ($this->getUserData($changes['user'], false)) { goto FAIL; } $params = $olddata; $params['newlogin'] = $changes['user']; $ok = $this->_query($this->getConf('update-user-login'), $params); if ($ok === false) { goto FAIL; } } // changing the password? if (isset($changes['pass'])) { $params = $olddata; $params['clear'] = $changes['pass']; $params['hash'] = auth_cryptPassword($changes['pass']); $ok = $this->_query($this->getConf('update-user-pass'), $params); if ($ok === false) { goto FAIL; } } // changing info? if (isset($changes['mail']) || isset($changes['name'])) { $params = $olddata; if (isset($changes['mail'])) { $params['mail'] = $changes['mail']; } if (isset($changes['name'])) { $params['name'] = $changes['name']; } $ok = $this->_query($this->getConf('update-user-info'), $params); if ($ok === false) { goto FAIL; } } // changing groups? if (isset($changes['grps'])) { $allgroups = $this->_selectGroups(); // remove membership for previous groups foreach ($oldgroups as $group) { if (!in_array($group, $changes['grps']) && isset($allgroups[$group])) { $ok = $this->_leaveGroup($olddata, $allgroups[$group]); if ($ok === false) { goto FAIL; } } } // create all new groups that are missing $added = 0; foreach ($changes['grps'] as $group) { if (!isset($allgroups[$group])) { $ok = $this->addGroup($group); if ($ok === false) { goto FAIL; } $added++; } } // reload group info if ($added > 0) { $allgroups = $this->_selectGroups(); } // add membership for new groups foreach ($changes['grps'] as $group) { if (!in_array($group, $oldgroups)) { $ok = $this->_joinGroup($olddata, $allgroups[$group]); if ($ok === false) { goto FAIL; } } } } $this->pdo->commit(); return true; // something went wrong, rollback FAIL: $this->pdo->rollBack(); $this->_debug('Transaction rolled back', 0, __LINE__); msg($this->getLang('writefail'), -1); return false; // return error }
/** * Verifies a cleartext password against a crypted hash * * The method and salt used for the crypted hash is determined automatically * then the clear text password is crypted using the same method. If both hashs * match true is is returned else false * * @author Andreas Gohr <*****@*****.**> * @return bool */ function auth_verifyPassword($clear, $crypt) { $method = ''; $salt = ''; //determine the used method and salt $len = strlen($crypt); if (preg_match('/^\\$1\\$([^\\$]{0,8})\\$/', $crypt, $m)) { $method = 'smd5'; $salt = $m[1]; } elseif (preg_match('/^\\$apr1\\$([^\\$]{0,8})\\$/', $crypt, $m)) { $method = 'apr1'; $salt = $m[1]; } elseif (substr($crypt, 0, 6) == '{SSHA}') { $method = 'ssha'; $salt = substr(base64_decode(substr($crypt, 6)), 20); } elseif ($len == 32) { $method = 'md5'; } elseif ($len == 40) { $method = 'sha1'; } elseif ($len == 16) { $method = 'mysql'; } elseif ($len == 41 && $crypt[0] == '*') { $method = 'my411'; } elseif ($len == 34) { $method = 'kmd5'; $salt = $crypt; } else { $method = 'crypt'; $salt = substr($crypt, 0, 2); } //crypt and compare if (auth_cryptPassword($clear, $method, $salt) === $crypt) { return true; } return false; }
function test_bcrypt_self() { $hash = auth_cryptPassword('foobcrypt', 'bcrypt'); $this->assertTrue(auth_verifyPassword('foobcrypt', $hash)); }
/** * Modify user data * * @author Chris Smith <*****@*****.**> * @param string $user nick of the user to be changed * @param array $changes array of field/value pairs to be changed (password will be clear text) * @return bool */ public function modifyUser($user, $changes) { global $ACT; global $config_cascade; // sanity checks, user must already exist and there must be something to change if (($userinfo = $this->getUserData($user)) === false) { msg($this->getLang('usernotexists'), -1); return false; } // don't modify protected users if (!empty($userinfo['protected'])) { msg(sprintf($this->getLang('protected'), hsc($user)), -1); return false; } if (!is_array($changes) || !count($changes)) { return true; } // update userinfo with new data, remembering to encrypt any password $newuser = $user; foreach ($changes as $field => $value) { if ($field == 'user') { $newuser = $value; continue; } if ($field == 'pass') { $value = auth_cryptPassword($value); } $userinfo[$field] = $value; } $userline = $this->_createUserLine($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $userinfo['grps']); if (!io_replaceInFile($config_cascade['plainauth.users']['default'], '/^' . $user . ':/', $userline, true)) { msg('There was an error modifying your user data. You may need to register again.', -1); // FIXME, io functions should be fail-safe so existing data isn't lost $ACT = 'register'; return false; } $this->users[$newuser] = $userinfo; return true; }
/** * Verifies a cleartext password against a crypted hash * * The method and salt used for the crypted hash is determined automatically * then the clear text password is crypted using the same method. If both hashs * match true is is returned else false * * @author Andreas Gohr <*****@*****.**> * @return bool */ function auth_verifyPassword($clear, $crypt) { $method = ''; $salt = ''; // determine the used method and salt $len = strlen($crypt); if (substr($crypt, 0, 3) == '$1$') { $method = 'smd5'; $salt = substr($crypt, 3, 8); } elseif (substr($crypt, 0, 6) == '{SSHA}') { $method = 'ssha'; $salt = substr(base64_decode(substr($crypt, 6)), 20); } elseif ($len == 32) { $method = 'md5'; } elseif ($len == 40) { $method = 'sha1'; } elseif ($len == 16) { $method = 'mysql'; } elseif ($len == 41 && $crypt[0] == '*') { $method = 'my411'; } else { $method = 'crypt'; $salt = substr($crypt, 0, 2); } // crypt and compare if (auth_cryptPassword($clear, $method, $salt) === $crypt) { return true; } return false; }
/** * Just checks against the $forum_user variable */ function trustExternal($user, $pass, $sticky = false) { global $USERINFO; global $conf; global $lang; global $pun_user; global $pun_config; global $cookie_name; $sticky ? $sticky = true : ($sticky = false); //sanity check // someone used the login form if (!empty($user)) { if ($this->checkPass($user, $pass)) { $expire = $sticky ? time() + 31536000 : 0; $uinfo = $this->getUserData($user); pun_setcookie($uinfo['id'], auth_cryptPassword($pass), $expire); $pun_user = array(); $pun_user['password'] = auth_cryptPassword($pass); $pun_user['username'] = $user; $pun_user['realname'] = $uinfo['name']; $pun_user['email'] = $uinfo['mail']; $pun_user['g_title'] = $uinfo['group']; } else { //invalid credentials - log off msg($lang['badlogin'], -1); auth_logoff(); return false; } } if (isset($pun_user) && !$pun_user['is_guest']) { // okay we're logged in - set the globals $USERINFO['pass'] = $pun_user['password']; $USERINFO['name'] = $pun_user['realname']; $USERINFO['mail'] = $pun_user['email']; $USERINFO['grps'] = array($pun_user['g_title']); if ($pun_user['is_admmod']) { $USERINFO['grps'][] = 'admin'; } $_SERVER['REMOTE_USER'] = $pun_user['username']; $_SESSION[DOKU_COOKIE]['auth']['user'] = $pun_user['username']; $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; return true; } // to be sure auth_logoff(); $USERINFO['grps'] = array(); return false; }