function htdigest_save($username, $p_realm, $hash, $role) { global $realm, $_htdigest_msg; if ($realm != $p_realm) { return $_htdigest_msg['msg_realm']; } // DES if ($role > 2) { $key = htdigest_get_hash($username, $p_realm); } else { // adminpass global $adminpass; list($scheme, $key) = Auth::passwd_parse($adminpass); // FIXME: MD5 ONLY if ($scheme != '{x-php-md5}') { return $_htdigest_msg['err_md5']; } } $blockCipher = BlockCipher::factory('mcrypt', array('algo' => 'des', 'mode' => 'cfb', 'hash' => 'sha512', 'salt' => $key, 'padding' => 2)); $decrypted_hash = $blockCipher->decrypt($hash); // $hash = des($key, base64_decode($hash), 0, 0, null); if (!preg_match('/^[a-z0-9]+$/iD', $decrypted_hash)) { return $_htdigest_msg['err_key']; } // SAVE if (file_exists(HTDIGEST_FILE)) { $lines = file(HTDIGEST_FILE); } else { $fp = fopen(HTDIGEST_FILE, 'w'); @flock($fp, LOCK_EX); fputs($fp, $username . ':' . $realm . ':' . $decrypted_hash . "\n"); @flock($fp, LOCK_UN); @fclose($fp); return $_htdigest_msg['msg_1st']; } $sw = FALSE; foreach ($lines as &$line) { $field = explode(':', trim($line)); if ($field[0] == $username && $field[1] == $p_realm) { if ($field[2] == $decrypted_hash) { return $_htdigest_msg['msg_not_update']; } $sw = TRUE; $line = $field[0] . ':' . $field[1] . ':' . $decrypted_hash . "\n"; break; } } if (!$sw) { $fp = fopen(HTDIGEST_FILE, 'a'); @flock($fp, LOCK_EX); fputs($fp, $username . ':' . $p_realm . ':' . $decrypted_hash . "\n"); @flock($fp, LOCK_UN); @fclose($fp); return $_htdigest_msg['msg_add']; } $fp = fopen(HTDIGEST_FILE, 'w'); @flock($fp, LOCK_EX); foreach ($lines as $line) { fwrite($fp, $line); } @flock($fp, LOCK_UN); @fclose($fp); return $_htdigest_msg['msg_update']; }
function htdigest_save($username, $p_realm, $hash, $role) { global $realm, $_htdigest_msg; if ($realm != $p_realm) { return $_htdigest_msg['msg_realm']; } // DES if ($role > 2) { $key = htdigest_get_hash($username, $p_realm); } else { // adminpass global $adminpass; list($scheme, $key) = auth::passwd_parse($adminpass); // FIXME: MD5 ONLY if ($scheme != '{x-php-md5}') { return $_htdigest_msg['err_md5']; } } $hash = des($key, base64_decode($hash), 0, 0, null); if (!preg_match('/^[a-z0-9]+$/iD', $hash)) { return $_htdigest_msg['err_key']; } // SAVE if (file_exists(HTDIGEST_FILE)) { $lines = file(HTDIGEST_FILE); } else { $fp = fopen(HTDIGEST_FILE, 'w'); @flock($fp, LOCK_EX); fputs($fp, $username . ':' . $realm . ':' . $hash . "\n"); @flock($fp, LOCK_UN); @fclose($fp); return $_htdigest_msg['msg_1st']; } $sw = FALSE; foreach ($lines as $no => $line) { $field = split(':', trim($line)); if ($field[0] == $username && $field[1] == $p_realm) { if ($field[2] == $hash) { return $_htdigest_msg['msg_not_update']; } $sw = TRUE; $lines[$no] = $field[0] . ':' . $field[1] . ':' . $hash . "\n"; break; } } if (!$sw) { $fp = fopen(HTDIGEST_FILE, 'a'); @flock($fp, LOCK_EX); fputs($fp, $username . ':' . $p_realm . ':' . $hash . "\n"); @flock($fp, LOCK_UN); @fclose($fp); return $_htdigest_msg['msg_add']; } $fp = fopen(HTDIGEST_FILE, 'w'); @flock($fp, LOCK_EX); foreach ($lines as $line) { fwrite($fp, $line); } @flock($fp, LOCK_UN); @fclose($fp); return $_htdigest_msg['msg_update']; }