#!/usr/bin/env php
<?php
function generate_setup_password_salt()
{
$salt = time() . '*' . '127.0.0.1' . '*' . mt_rand(0, 60000);
$salt = md5($salt);
return $salt;
}
function encrypt_setup_password($password, $salt)
{
return $salt . ':' . sha1($salt . ':' . $password);
}
echo encrypt_setup_password($argv[1], generate_setup_password_salt());
function check_setup_password($password, $lostpw_mode = 0)
{
global $CONF;
$error = 1;
# be pessimistic
$setuppw = "";
if (isset($CONF['setup_password'])) {
$setuppw = $CONF['setup_password'];
}
list($confsalt, $confpass, $trash) = explode(':', $setuppw . '::');
$pass = encrypt_setup_password($password, $confsalt);
$validpass = validate_password($password);
if ($password == "") {
# no password specified?
$result = "Setup password must be specified<br />If you didn't set up a setup password yet, enter the password you want to use.";
} elseif (count($validpass) > 0) {
$result = $validpass[0];
# TODO: honor all error messages, not only the first one
} elseif ($pass == $setuppw && $lostpw_mode == 0) {
# correct passsword (and not asking for a new password)
$result = "pass_OK";
$error = 0;
} else {
$pass = encrypt_setup_password($password, generate_setup_password_salt());
$result = "";
if ($lostpw_mode == 1) {
$error = 0;
# non-matching password is expected when the user asks for a new password
} else {
$result = '<p><b>Setup password not specified correctly</b></p>';
}
$result .= '<p>If you want to use the password you entered as setup password, edit config.inc.php or config.local.php and set</p>';
$result .= "<pre>\$CONF['setup_password'] = '******';</pre>";
}
return array($error, $result);
}