Esempio n. 1
0
function htdigest_save($username, $p_realm, $hash, $role)
{
    global $realm, $_htdigest_msg;
    if ($realm != $p_realm) {
        return $_htdigest_msg['msg_realm'];
    }
    // DES
    if ($role > 2) {
        $key = htdigest_get_hash($username, $p_realm);
    } else {
        // adminpass
        global $adminpass;
        list($scheme, $key) = Auth::passwd_parse($adminpass);
        // FIXME: MD5 ONLY
        if ($scheme != '{x-php-md5}') {
            return $_htdigest_msg['err_md5'];
        }
    }
    $blockCipher = BlockCipher::factory('mcrypt', array('algo' => 'des', 'mode' => 'cfb', 'hash' => 'sha512', 'salt' => $key, 'padding' => 2));
    $decrypted_hash = $blockCipher->decrypt($hash);
    //	$hash = des($key, base64_decode($hash), 0, 0, null);
    if (!preg_match('/^[a-z0-9]+$/iD', $decrypted_hash)) {
        return $_htdigest_msg['err_key'];
    }
    // SAVE
    if (file_exists(HTDIGEST_FILE)) {
        $lines = file(HTDIGEST_FILE);
    } else {
        $fp = fopen(HTDIGEST_FILE, 'w');
        @flock($fp, LOCK_EX);
        fputs($fp, $username . ':' . $realm . ':' . $decrypted_hash . "\n");
        @flock($fp, LOCK_UN);
        @fclose($fp);
        return $_htdigest_msg['msg_1st'];
    }
    $sw = FALSE;
    foreach ($lines as &$line) {
        $field = explode(':', trim($line));
        if ($field[0] == $username && $field[1] == $p_realm) {
            if ($field[2] == $decrypted_hash) {
                return $_htdigest_msg['msg_not_update'];
            }
            $sw = TRUE;
            $line = $field[0] . ':' . $field[1] . ':' . $decrypted_hash . "\n";
            break;
        }
    }
    if (!$sw) {
        $fp = fopen(HTDIGEST_FILE, 'a');
        @flock($fp, LOCK_EX);
        fputs($fp, $username . ':' . $p_realm . ':' . $decrypted_hash . "\n");
        @flock($fp, LOCK_UN);
        @fclose($fp);
        return $_htdigest_msg['msg_add'];
    }
    $fp = fopen(HTDIGEST_FILE, 'w');
    @flock($fp, LOCK_EX);
    foreach ($lines as $line) {
        fwrite($fp, $line);
    }
    @flock($fp, LOCK_UN);
    @fclose($fp);
    return $_htdigest_msg['msg_update'];
}
Esempio n. 2
0
function htdigest_save($username, $p_realm, $hash, $role)
{
    global $realm, $_htdigest_msg;
    if ($realm != $p_realm) {
        return $_htdigest_msg['msg_realm'];
    }
    // DES
    if ($role > 2) {
        $key = htdigest_get_hash($username, $p_realm);
    } else {
        // adminpass
        global $adminpass;
        list($scheme, $key) = auth::passwd_parse($adminpass);
        // FIXME: MD5 ONLY
        if ($scheme != '{x-php-md5}') {
            return $_htdigest_msg['err_md5'];
        }
    }
    $hash = des($key, base64_decode($hash), 0, 0, null);
    if (!preg_match('/^[a-z0-9]+$/iD', $hash)) {
        return $_htdigest_msg['err_key'];
    }
    // SAVE
    if (file_exists(HTDIGEST_FILE)) {
        $lines = file(HTDIGEST_FILE);
    } else {
        $fp = fopen(HTDIGEST_FILE, 'w');
        @flock($fp, LOCK_EX);
        fputs($fp, $username . ':' . $realm . ':' . $hash . "\n");
        @flock($fp, LOCK_UN);
        @fclose($fp);
        return $_htdigest_msg['msg_1st'];
    }
    $sw = FALSE;
    foreach ($lines as $no => $line) {
        $field = split(':', trim($line));
        if ($field[0] == $username && $field[1] == $p_realm) {
            if ($field[2] == $hash) {
                return $_htdigest_msg['msg_not_update'];
            }
            $sw = TRUE;
            $lines[$no] = $field[0] . ':' . $field[1] . ':' . $hash . "\n";
            break;
        }
    }
    if (!$sw) {
        $fp = fopen(HTDIGEST_FILE, 'a');
        @flock($fp, LOCK_EX);
        fputs($fp, $username . ':' . $p_realm . ':' . $hash . "\n");
        @flock($fp, LOCK_UN);
        @fclose($fp);
        return $_htdigest_msg['msg_add'];
    }
    $fp = fopen(HTDIGEST_FILE, 'w');
    @flock($fp, LOCK_EX);
    foreach ($lines as $line) {
        fwrite($fp, $line);
    }
    @flock($fp, LOCK_UN);
    @fclose($fp);
    return $_htdigest_msg['msg_update'];
}