/**
* Overwrite plaintext passwords in config file with phpassed versions.
*
* @since 1.7
* @param string $config_file Full path to file
* @return true if overwrite was successful, an error message otherwise
*/
function yourls_hash_passwords_now($config_file)
{
if (!is_readable($config_file)) {
return 'cannot read file';
}
// not sure that can actually happen...
if (!is_writable($config_file)) {
return 'cannot write file';
}
// Include file to read value of $yourls_user_passwords
// Temporary suppress error reporting to avoid notices about redeclared constants
$errlevel = error_reporting();
error_reporting(0);
require $config_file;
error_reporting($errlevel);
$configdata = file_get_contents($config_file);
if ($configdata == false) {
return 'could not read file';
}
$to_hash = 0;
// keep track of number of passwords that need hashing
foreach ($yourls_user_passwords as $user => $password) {
if (!yourls_has_phpass_password($user) && !yourls_has_md5_password($user)) {
$to_hash++;
$hash = yourls_phpass_hash($password);
// PHP would interpret $ as a variable, so replace it in storage.
$hash = str_replace('$', '!', $hash);
$quotes = "'" . '"';
$pattern = "/[{$quotes}]{$user}[{$quotes}]\\s*=>\\s*[{$quotes}]" . preg_quote($password, '/') . "[{$quotes}]/";
$replace = "'{$user}' => 'phpass:{$hash}' /* Password encrypted by YOURLS */ ";
$count = 0;
$configdata = preg_replace($pattern, $replace, $configdata, -1, $count);
// There should be exactly one replacement. Otherwise, fast fail.
if ($count != 1) {
yourls_debug_log("Problem with preg_replace for password hash of user {$user}");
return 'preg_replace problem';
}
}
}
if ($to_hash == 0) {
return 0;
}
// There was no password to encrypt
$success = file_put_contents($config_file, $configdata);
if ($success === FALSE) {
yourls_debug_log('Failed writing to ' . $config_file);
return 'could not write file';
}
return true;
}
/**
* Yourls filter is_valid_user
*
* @param $value
* @return bool
*/
public function filter_is_valid_user($value)
{
if (true === $value) {
return true;
}
$username = $this->getRequest('username');
$password = $this->getRequest('password');
if ($username && $password) {
try {
$this->_ldap->auth($username, $password);
} catch (Exception $e) {
yourls_login_screen($this->mapLdapException($e));
die;
}
yourls_set_user($username);
$this->setSession('login', [$username => 'phpass:'******'groups', $this->_ldap->getGroups());
$this->action_pre_login();
return true;
}
return false;
}
/**
* Update current user's password in config file
*
* Borrowed heavily from yourls_hash_passwords_now()
*
* @param string $new_password
* @return boolean
*/
function vva_change_password_write_file($new_password)
{
$configdata = file_get_contents(YOURLS_CONFIGFILE);
if ($configdata == FALSE) {
echo '<p class="error">Error: Cannot read config file</p>';
return FALSE;
}
global $yourls_user_passwords;
$current_password = $yourls_user_passwords[YOURLS_USER];
$user = YOURLS_USER;
$hash = yourls_phpass_hash($new_password);
// PHP would interpret $ as a variable, so replace it in storage.
$hash = str_replace('$', '!', $hash);
$quotes = "'" . '"';
$pattern = "/[{$quotes}]{$user}[{$quotes}]\\s*=>\\s*[{$quotes}]" . preg_quote($current_password, '/') . "[{$quotes}]/";
$replace = "'{$user}' => 'phpass:{$hash}'";
$count = 0;
$configdata = preg_replace($pattern, $replace, $configdata, -1, $count);
// There should be exactly one replacement. Otherwise, fast fail.
if ($count != 1) {
echo '<p class="error">Error: Unable to update password</p>';
return FALSE;
}
$success = file_put_contents(YOURLS_CONFIGFILE, $configdata);
if ($success === FALSE) {
echo '<p class="error">Error: Unable to update config file</p>';
return FALSE;
}
return TRUE;
}