Example #1
0
 /**
  * Process our <post> arguments from the templates
  */
 protected function getPostAttribute($attribute, $i)
 {
     if (DEBUG_ENABLED && (($fargs = func_get_args()) || ($fargs = 'NOARGS'))) {
         debug_log('Entered (%%)', 129, 0, __FILE__, __LINE__, __METHOD__, $fargs);
     }
     $autovalue = $attribute->getPostValue();
     $args = explode(';', $autovalue['args']);
     $server = $this->getServer();
     $vals = $attribute->getValues();
     switch ($autovalue['function']) {
         /**
          * Join will concatenate values with a string, similiar to explode()
          * eg: =php.Join(-;%sambaSID%,%sidsuffix%)
          *
          * * arg 0
          *   - character to use when joining the attributes
          *
          * * arg 1
          *   - values to concatenate together. we'll explode %attr% values.
          */
         case 'Join':
             preg_match_all('/%(\\w+)(\\|.+)?(\\/[lU])?%/U', $args[1], $matchall);
             $matchattrs = $matchall[1];
             $char = $args[0];
             $values = array();
             $blank = 0;
             foreach ($matchattrs as $joinattr) {
                 $attribute2 = $this->template->getAttribute($joinattr);
                 if (!$attribute2) {
                     if (($pv = get_request(strtolower($joinattr), 'REQUEST')) && isset($pv[$attribute->getName()][$i])) {
                         array_push($values, $pv[$attribute->getName()][$i]);
                         if (!$pv[$attribute->getName()][$i]) {
                             $blank++;
                         }
                     } else {
                         array_push($values, '');
                         $blank++;
                     }
                 } elseif (count($attribute2->getValues()) == 0) {
                     return;
                 } elseif (count($attribute2->getValues()) != 1) {
                     array_push($values, '');
                     $blank++;
                     system_message(array('title' => _('Invalid value count for [post] processing'), 'body' => sprintf('%s (<b>%s [%s]</b>)', _('Function() variable expansion can only handle 1 value'), $attribute->getName(false), count($attribute->getValues())), 'type' => 'warn'));
                 } else {
                     array_push($values, $attribute2->getValue(0));
                 }
             }
             # If all our value expansion results in blanks, we'll return no value
             if (count($matchattrs) == $blank) {
                 if (count($vals) > 1) {
                     $vals[$i] = null;
                 } else {
                     $vals = null;
                 }
             } else {
                 $vals[$i] = implode($char, $values);
             }
             break;
             /**
              * PasswordEncrypt will encrypt a password
              * eg: =php.PasswordEncrypt(%enc%;%userPassword%)
              *
              * This function will encrypt the users password "userPassword" using the "enc" method.
              */
         /**
          * PasswordEncrypt will encrypt a password
          * eg: =php.PasswordEncrypt(%enc%;%userPassword%)
          *
          * This function will encrypt the users password "userPassword" using the "enc" method.
          */
         case 'PasswordEncrypt':
             if (count($args) != 2) {
                 system_message(array('title' => _('Invalid argument count for PasswordEncrypt'), 'body' => sprintf('%s (<b>%s</b>)', _('PasswordEncrypt() only accepts two arguments'), $autovalue['args']), 'type' => 'warn'));
                 return;
             }
             if (!$attribute->hasBeenModified()) {
                 return;
             }
             # Get the attribute.
             if (preg_match_all('/%(\\w+)(\\|.+)?(\\/[lU])?%/U', strtolower($args[1]), $matchall)) {
                 if (count($matchall[1]) != 1) {
                     system_message(array('title' => _('Invalid value count for PasswordEncrypt'), 'body' => sprintf('%s (<b>%s</b>)', _('Unable to get the attribute value for PasswordEncrypt()'), count($matchall[1])), 'type' => 'warn'));
                 }
                 $passwordattr = $matchall[1][0];
                 $passwordvalue = $_REQUEST['new_values'][$passwordattr][$i];
             } else {
                 $passwordvalue = $args[1];
             }
             if (!trim($passwordvalue) || in_array($passwordvalue, $attribute->getOldValues())) {
                 return;
             }
             # Get the encoding
             if ($passwordattr && preg_match_all('/%(\\w+)(\\|.+)?(\\/[lU])?%/U', strtolower($args[0]), $matchall)) {
                 if (count($matchall[1]) != 1) {
                     system_message(array('title' => _('Invalid value count for PasswordEncrypt'), 'body' => sprintf('%s (<b>%s</b>)', _('Unable to get the attribute value for PasswordEncrypt()'), count($matchall[1])), 'type' => 'warn'));
                 }
                 $enc = $_REQUEST[$matchall[1][0]][$passwordattr][$i];
             } else {
                 $enc = $args[0];
             }
             $enc = strtolower($enc);
             switch ($enc) {
                 case 'lm':
                     $sambapassword = new smbHash();
                     $vals[$i] = $sambapassword->lmhash($passwordvalue);
                     break;
                 case 'nt':
                     $sambapassword = new smbHash();
                     $vals[$i] = $sambapassword->nthash($passwordvalue);
                     break;
                 default:
                     $vals[$i] = pla_password_hash($passwordvalue, $enc);
             }
             $vals = array_unique($vals);
             break;
         default:
             $vals = $this->get('AutoPost', $attribute, $i);
     }
     if (!$vals || $vals == $attribute->getValues()) {
         return;
     }
     $attribute->clearValue();
     if (!is_array($vals)) {
         $attribute->setValue(array($vals));
     } else {
         $attribute->setValue($vals);
     }
 }
Example #2
0
/**
 * Given a clear-text password and a hash, this function determines if the clear-text password
 * is the password that was used to generate the hash. This is handy to verify a user's password
 * when all that is given is the hash and a "guess".
 * @param String The hash.
 * @param String The password in clear text to test.
 * @return Boolean True if the clear password matches the hash, and false otherwise.
 */
function password_check($cryptedpassword, $plainpassword, $attribute = 'userpassword')
{
    if (DEBUG_ENABLED && (($fargs = func_get_args()) || ($fargs = 'NOARGS'))) {
        debug_log('Entered (%%)', 1, 0, __FILE__, __LINE__, __METHOD__, $fargs);
    }
    if (in_array($attribute, array('sambalmpassword', 'sambantpassword'))) {
        $smb = new smbHash();
        switch ($attribute) {
            case 'sambalmpassword':
                if (strcmp($smb->lmhash($plainpassword), strtoupper($cryptedpassword)) == 0) {
                    return true;
                } else {
                    return false;
                }
            case 'sambantpassword':
                if (strcmp($smb->nthash($plainpassword), strtoupper($cryptedpassword)) == 0) {
                    return true;
                } else {
                    return false;
                }
        }
        return false;
    }
    if (preg_match('/{([^}]+)}(.*)/', $cryptedpassword, $matches)) {
        $cryptedpassword = $matches[2];
        $cypher = strtolower($matches[1]);
    } else {
        $cypher = null;
    }
    switch ($cypher) {
        # SSHA crypted passwords
        case 'ssha':
            # Check php mhash support before using it
            if (function_exists('mhash')) {
                $hash = base64_decode($cryptedpassword);
                # OpenLDAP uses a 4 byte salt, SunDS uses an 8 byte salt - both from char 20.
                $salt = substr($hash, 20);
                $new_hash = base64_encode(mhash(MHASH_SHA1, $plainpassword . $salt) . $salt);
                if (strcmp($cryptedpassword, $new_hash) == 0) {
                    return true;
                } else {
                    return false;
                }
            } else {
                error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'), 'error', 'index.php');
            }
            break;
            # Salted MD5
        # Salted MD5
        case 'smd5':
            # Check php mhash support before using it
            if (function_exists('mhash')) {
                $hash = base64_decode($cryptedpassword);
                $salt = substr($hash, 16);
                $new_hash = base64_encode(mhash(MHASH_MD5, $plainpassword . $salt) . $salt);
                if (strcmp($cryptedpassword, $new_hash) == 0) {
                    return true;
                } else {
                    return false;
                }
            } else {
                error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'), 'error', 'index.php');
            }
            break;
            # SHA crypted passwords
        # SHA crypted passwords
        case 'sha':
            if (strcasecmp(pla_password_hash($plainpassword, 'sha'), '{SHA}' . $cryptedpassword) == 0) {
                return true;
            } else {
                return false;
            }
            break;
            # MD5 crypted passwords
        # MD5 crypted passwords
        case 'md5':
            if (strcasecmp(pla_password_hash($plainpassword, 'md5'), '{MD5}' . $cryptedpassword) == 0) {
                return true;
            } else {
                return false;
            }
            break;
            # Crypt passwords
        # Crypt passwords
        case 'crypt':
            # Check if it's blowfish crypt
            if (preg_match('/^\\$2+/', $cryptedpassword)) {
                # Make sure that web server supports blowfish crypt
                if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
                    error(_('Your system crypt library does not support blowfish encryption.'), 'error', 'index.php');
                }
                list($version, $rounds, $salt_hash) = explode('$', $cryptedpassword);
                if (crypt($plainpassword, '$' . $version . '$' . $rounds . '$' . $salt_hash) == $cryptedpassword) {
                    return true;
                } else {
                    return false;
                }
            } elseif (strstr($cryptedpassword, '$1$')) {
                # Make sure that web server supports md5 crypt
                if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
                    error(_('Your system crypt library does not support md5crypt encryption.'), 'error', 'index.php');
                }
                list($dummy, $type, $salt, $hash) = explode('$', $cryptedpassword);
                if (crypt($plainpassword, '$1$' . $salt) == $cryptedpassword) {
                    return true;
                } else {
                    return false;
                }
            } elseif (strstr($cryptedpassword, '_')) {
                # Make sure that web server supports ext_des
                if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
                    error(_('Your system crypt library does not support extended DES encryption.'), 'error', 'index.php');
                }
                if (crypt($plainpassword, $cryptedpassword) == $cryptedpassword) {
                    return true;
                } else {
                    return false;
                }
            } else {
                if (crypt($plainpassword, $cryptedpassword) == $cryptedpassword) {
                    return true;
                } else {
                    return false;
                }
            }
            break;
            # SHA512 crypted passwords
        # SHA512 crypted passwords
        case 'sha512':
            if (strcasecmp(pla_password_hash($plainpassword, 'sha512'), '{SHA512}' . $cryptedpassword) == 0) {
                return true;
            } else {
                return false;
            }
            break;
            # No crypt is given assume plaintext passwords are used
        # No crypt is given assume plaintext passwords are used
        default:
            if ($plainpassword == $cryptedpassword) {
                return true;
            } else {
                return false;
            }
    }
}