Example #1
0
function getSalt($saltfile = 'data/salt.php')
{
    if (!is_file($saltfile)) {
        file_put_contents($saltfile, '<?php /* |' . randomSalt() . '| */ ?>');
    }
    $items = explode('|', file_get_contents($saltfile));
    return $items[1];
}
Example #2
0
/**
 * Code originaly from the phpLDAPadmin development team
 * http://phpldapadmin.sourceforge.net/
 *
 * Hashes a password and returns the hash based on the specified enc_type.
 *
 * @param string $passwordClear The password to hash in clear text.
 * @param string $encodageType Standard LDAP encryption type which must be one of
 *        crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
 * @return string The hashed password.
 *
 */
function hashPassword($passwordClear, $encodageType)
{
    $encodageType = strtolower($encodageType);
    switch ($encodageType) {
        case 'crypt':
            $cryptedPassword = '******' . crypt($passwordClear, randomSalt(2));
            break;
        case 'ext_des':
            // extended des crypt. see OpenBSD crypt man page.
            if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
                // Your system crypt library does not support extended DES encryption.
                return FALSE;
            }
            $cryptedPassword = '******' . crypt($passwordClear, '_' . randomSalt(8));
            break;
        case 'md5crypt':
            if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
                // Your system crypt library does not support md5crypt encryption.
                return FALSE;
            }
            $cryptedPassword = '******' . crypt($passwordClear, '$1$' . randomSalt(9));
            break;
        case 'blowfish':
            if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
                // Your system crypt library does not support blowfish encryption.
                return FALSE;
            }
            // hardcoded to second blowfish version and set number of rounds
            $cryptedPassword = '******' . crypt($passwordClear, '$2a$12$' . randomSalt(13));
            break;
        case 'md5':
            $cryptedPassword = '******' . base64_encode(pack('H*', md5($passwordClear)));
            break;
        case 'sha':
            if (function_exists('sha1')) {
                // use php 4.3.0+ sha1 function, if it is available.
                $cryptedPassword = '******' . base64_encode(pack('H*', sha1($passwordClear)));
            } elseif (function_exists('mhash')) {
                $cryptedPassword = '******' . base64_encode(mhash(MHASH_SHA1, $passwordClear));
            } else {
                return FALSE;
                //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
            }
            break;
        case 'ssha':
            if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                mt_srand((double) microtime() * 1000000);
                $salt = mhash_keygen_s2k(MHASH_SHA1, $passwordClear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
                $cryptedPassword = '******' . base64_encode(mhash(MHASH_SHA1, $passwordClear . $salt) . $salt);
            } else {
                return FALSE;
                //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
            }
            break;
        case 'smd5':
            if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
                mt_srand((double) microtime() * 1000000);
                $salt = mhash_keygen_s2k(MHASH_MD5, $passwordClear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
                $cryptedPassword = '******' . base64_encode(mhash(MHASH_MD5, $passwordClear . $salt) . $salt);
            } else {
                return FALSE;
                //Your PHP install does not have the mhash() function. Cannot do SHA hashes.
            }
            break;
        case 'samba':
            if (function_exists('hash')) {
                $cryptedPassword = hash('md4', rcube_charset_convert($passwordClear, RCMAIL_CHARSET, 'UTF-16LE'));
                $cryptedPassword = strtoupper($cryptedPassword);
            } else {
                /* Your PHP install does not have the hash() function */
                return false;
            }
            break;
        case 'clear':
        default:
            $cryptedPassword = $passwordClear;
    }
    return $cryptedPassword;
}
Example #3
0
                        $conn->next_result();
                        $conn->use_result();
                    }
                    if (!$result) {
                        ?>
			<div class="box-outer top-box">
		<div class="box-inner">
		<div class="boxbar"><h2>There was an error when importing database!</h2></div>
		<div class="boxcontent">
		<a href="./install.php">[ BACK ]</a>
		</div>
		</div>
		</div>
			<?php 
                    } else {
                        $salt = $conn->real_escape_string(randomSalt(15));
                        $result = $conn->query("INSERT INTO users (`username`, `password`, `salt`, `group`, `boards`) VALUES ('" . $conn->real_escape_string($username) . "', '" . hash("sha512", $password . $salt) . "', '" . $salt . "', 3, '%')");
                        if (!$result) {
                            ?>
			<div class="box-outer top-box">
		<div class="box-inner">
		<div class="boxbar"><h2>There was an error when creating your account!</h2></div>
		<div class="boxcontent">
		<a href="./install.php">[ BACK ]</a>
		</div>
		</div>
		</div>
			<?php 
                        } else {
                            $handle = fopen("./config.php", "w");
                            $file = '<?php' . "\n";