#!/usr/bin/env php
<?php 
function generate_setup_password_salt()
{
    $salt = time() . '*' . '127.0.0.1' . '*' . mt_rand(0, 60000);
    $salt = md5($salt);
    return $salt;
}
function encrypt_setup_password($password, $salt)
{
    return $salt . ':' . sha1($salt . ':' . $password);
}
echo encrypt_setup_password($argv[1], generate_setup_password_salt());
Example #2
0
function check_setup_password($password, $lostpw_mode = 0)
{
    global $CONF;
    $error = 1;
    # be pessimistic
    $setuppw = "";
    if (isset($CONF['setup_password'])) {
        $setuppw = $CONF['setup_password'];
    }
    list($confsalt, $confpass, $trash) = explode(':', $setuppw . '::');
    $pass = encrypt_setup_password($password, $confsalt);
    $validpass = validate_password($password);
    if ($password == "") {
        # no password specified?
        $result = "Setup password must be specified<br />If you didn't set up a setup password yet, enter the password you want to use.";
    } elseif (count($validpass) > 0) {
        $result = $validpass[0];
        # TODO: honor all error messages, not only the first one
    } elseif ($pass == $setuppw && $lostpw_mode == 0) {
        # correct passsword (and not asking for a new password)
        $result = "pass_OK";
        $error = 0;
    } else {
        $pass = encrypt_setup_password($password, generate_setup_password_salt());
        $result = "";
        if ($lostpw_mode == 1) {
            $error = 0;
            # non-matching password is expected when the user asks for a new password
        } else {
            $result = '<p><b>Setup password not specified correctly</b></p>';
        }
        $result .= '<p>If you want to use the password you entered as setup password, edit config.inc.php or config.local.php and set</p>';
        $result .= "<pre>\$CONF['setup_password'] = '******';</pre>";
    }
    return array($error, $result);
}