Exemplo n.º 1
0
 function test_cryptPassword()
 {
     foreach ($this->passes as $method => $hash) {
         $info = "testing method {$method}";
         $this->signal('failinfo', $info);
         $this->assertEqual(auth_cryptPassword('foo' . $method, $method, 'abcdefgh'), $hash);
     }
 }
Exemplo n.º 2
0
 function test_verifySelf()
 {
     foreach ($this->passes as $method => $hash) {
         $info = "testing method {$method}";
         $this->signal('failinfo', $info);
         $hash = auth_cryptPassword('foo' . $method, $method);
         $this->assertTrue(auth_verifyPassword('foo' . $method, $hash));
     }
 }
Exemplo n.º 3
0
 /**
  * Updates the user info in the database
  *
  * Update a user data structure in the database according changes
  * given in an array. The user name can only be changes if it didn't
  * exists already. If the new user name exists the update procedure
  * will be aborted. The database keeps unchanged.
  *
  * The database connection has already to be established for this
  * function to work. Otherwise it will return 'false'.
  *
  * The password will be crypted if necessary.
  *
  * @param  $changes  array of items to change as pairs of item and value
  * @param  $uid      user id of dataset to change, must be unique in DB
  * @return true on success or false on error
  *
  * @author Matthias Grimm <*****@*****.**>
  */
 function _updateUserInfo($changes, $uid)
 {
     $sql = $this->cnf['updateUser'] . " ";
     $cnt = 0;
     $err = 0;
     if ($this->dbcon) {
         foreach ($changes as $item => $value) {
             if ($item == 'user') {
                 if ($this->_getUserID($changes['user'])) {
                     $err = 1;
                     /* new username already exists */
                     break;
                     /* abort update */
                 }
                 if ($cnt++ > 0) {
                     $sql .= ", ";
                 }
                 $sql .= str_replace('%{user}', $value, $this->cnf['UpdateLogin']);
             } else {
                 if ($item == 'name') {
                     if ($cnt++ > 0) {
                         $sql .= ", ";
                     }
                     $sql .= str_replace('%{name}', $value, $this->cnf['UpdateName']);
                 } else {
                     if ($item == 'pass') {
                         if (!$this->cnf['forwardClearPass']) {
                             $value = auth_cryptPassword($value);
                         }
                         if ($cnt++ > 0) {
                             $sql .= ", ";
                         }
                         $sql .= str_replace('%{pass}', $value, $this->cnf['UpdatePass']);
                     } else {
                         if ($item == 'mail') {
                             if ($cnt++ > 0) {
                                 $sql .= ", ";
                             }
                             $sql .= str_replace('%{email}', $value, $this->cnf['UpdateEmail']);
                         }
                     }
                 }
             }
         }
         if ($err == 0) {
             if ($cnt > 0) {
                 $sql .= " " . str_replace('%{uid}', $uid, $this->cnf['UpdateTarget']);
                 if (get_class($this) == 'auth_mysql') {
                     $sql .= " LIMIT 1";
                 }
                 //some PgSQL inheritance comp.
                 $this->_modifyDB($sql);
             }
             return true;
         }
     }
     return false;
 }
Exemplo n.º 4
0
 /**
  * Modify user data
  *
  * @author  Chris Smith <*****@*****.**>
  * @param   $user      nick of the user to be changed
  * @param   $changes   array of field/value pairs to be changed (password will be clear text)
  * @return  bool
  */
 function modifyUser($user, $changes)
 {
     global $conf;
     global $ACT;
     global $INFO;
     global $config_cascade;
     // sanity checks, user must already exist and there must be something to change
     if (($userinfo = $this->getUserData($user)) === false) {
         return false;
     }
     if (!is_array($changes) || !count($changes)) {
         return true;
     }
     // update userinfo with new data, remembering to encrypt any password
     $newuser = $user;
     foreach ($changes as $field => $value) {
         if ($field == 'user') {
             $newuser = $value;
             continue;
         }
         if ($field == 'pass') {
             $value = auth_cryptPassword($value);
         }
         $userinfo[$field] = $value;
     }
     $groups = join(',', $userinfo['grps']);
     $userline = join(':', array($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $groups)) . "\n";
     if (!$this->deleteUsers(array($user))) {
         msg('Unable to modify user data. Please inform the Wiki-Admin', -1);
         return false;
     }
     if (!io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) {
         msg('There was an error modifying your user data. You should register again.', -1);
         // FIXME, user has been deleted but not recreated, should force a logout and redirect to login page
         $ACT == 'register';
         return false;
     }
     $this->users[$newuser] = $userinfo;
     return true;
 }
Exemplo n.º 5
0
 /**
  * Modify user data
  *
  * @author  Chris Smith <*****@*****.**>
  * @param   string $user      nick of the user to be changed
  * @param   array  $changes   array of field/value pairs to be changed (password will be clear text)
  * @return  bool
  */
 public function modifyUser($user, $changes)
 {
     global $ACT;
     global $config_cascade;
     // sanity checks, user must already exist and there must be something to change
     if (($userinfo = $this->getUserData($user)) === false) {
         msg($this->getLang('usernotexists'), -1);
         return false;
     }
     if (!is_array($changes) || !count($changes)) {
         return true;
     }
     // update userinfo with new data, remembering to encrypt any password
     $newuser = $user;
     foreach ($changes as $field => $value) {
         if ($field == 'user') {
             $newuser = $value;
             continue;
         }
         if ($field == 'pass') {
             $value = auth_cryptPassword($value);
         }
         $userinfo[$field] = $value;
     }
     $userline = $this->_createUserLine($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $userinfo['grps']);
     if (!$this->deleteUsers(array($user))) {
         msg($this->getLang('writefail'), -1);
         return false;
     }
     if (!io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) {
         msg('There was an error modifying your user data. You should register again.', -1);
         // FIXME, user has been deleted but not recreated, should force a logout and redirect to login page
         // Should replace the delete/save hybrid modify with an atomic io_replaceInFile
         $ACT = 'register';
         return false;
     }
     $this->users[$newuser] = $userinfo;
     return true;
 }
Exemplo n.º 6
0
 /**
  * Modify user data
  *
  * @param   string $user nick of the user to be changed
  * @param   array $changes array of field/value pairs to be changed (password will be clear text)
  * @return  bool
  */
 public function modifyUser($user, $changes)
 {
     // secure everything in transaction
     $this->pdo->beginTransaction();
     $olddata = $this->getUserData($user);
     $oldgroups = $olddata['grps'];
     unset($olddata['grps']);
     // changing the user name?
     if (isset($changes['user'])) {
         if ($this->getUserData($changes['user'], false)) {
             goto FAIL;
         }
         $params = $olddata;
         $params['newlogin'] = $changes['user'];
         $ok = $this->_query($this->getConf('update-user-login'), $params);
         if ($ok === false) {
             goto FAIL;
         }
     }
     // changing the password?
     if (isset($changes['pass'])) {
         $params = $olddata;
         $params['clear'] = $changes['pass'];
         $params['hash'] = auth_cryptPassword($changes['pass']);
         $ok = $this->_query($this->getConf('update-user-pass'), $params);
         if ($ok === false) {
             goto FAIL;
         }
     }
     // changing info?
     if (isset($changes['mail']) || isset($changes['name'])) {
         $params = $olddata;
         if (isset($changes['mail'])) {
             $params['mail'] = $changes['mail'];
         }
         if (isset($changes['name'])) {
             $params['name'] = $changes['name'];
         }
         $ok = $this->_query($this->getConf('update-user-info'), $params);
         if ($ok === false) {
             goto FAIL;
         }
     }
     // changing groups?
     if (isset($changes['grps'])) {
         $allgroups = $this->_selectGroups();
         // remove membership for previous groups
         foreach ($oldgroups as $group) {
             if (!in_array($group, $changes['grps']) && isset($allgroups[$group])) {
                 $ok = $this->_leaveGroup($olddata, $allgroups[$group]);
                 if ($ok === false) {
                     goto FAIL;
                 }
             }
         }
         // create all new groups that are missing
         $added = 0;
         foreach ($changes['grps'] as $group) {
             if (!isset($allgroups[$group])) {
                 $ok = $this->addGroup($group);
                 if ($ok === false) {
                     goto FAIL;
                 }
                 $added++;
             }
         }
         // reload group info
         if ($added > 0) {
             $allgroups = $this->_selectGroups();
         }
         // add membership for new groups
         foreach ($changes['grps'] as $group) {
             if (!in_array($group, $oldgroups)) {
                 $ok = $this->_joinGroup($olddata, $allgroups[$group]);
                 if ($ok === false) {
                     goto FAIL;
                 }
             }
         }
     }
     $this->pdo->commit();
     return true;
     // something went wrong, rollback
     FAIL:
     $this->pdo->rollBack();
     $this->_debug('Transaction rolled back', 0, __LINE__);
     msg($this->getLang('writefail'), -1);
     return false;
     // return error
 }
Exemplo n.º 7
0
/**
 * Verifies a cleartext password against a crypted hash
 *
 * The method and salt used for the crypted hash is determined automatically
 * then the clear text password is crypted using the same method. If both hashs
 * match true is is returned else false
 *
 * @author  Andreas Gohr <*****@*****.**>
 * @return  bool
 */
function auth_verifyPassword($clear, $crypt)
{
    $method = '';
    $salt = '';
    //determine the used method and salt
    $len = strlen($crypt);
    if (preg_match('/^\\$1\\$([^\\$]{0,8})\\$/', $crypt, $m)) {
        $method = 'smd5';
        $salt = $m[1];
    } elseif (preg_match('/^\\$apr1\\$([^\\$]{0,8})\\$/', $crypt, $m)) {
        $method = 'apr1';
        $salt = $m[1];
    } elseif (substr($crypt, 0, 6) == '{SSHA}') {
        $method = 'ssha';
        $salt = substr(base64_decode(substr($crypt, 6)), 20);
    } elseif ($len == 32) {
        $method = 'md5';
    } elseif ($len == 40) {
        $method = 'sha1';
    } elseif ($len == 16) {
        $method = 'mysql';
    } elseif ($len == 41 && $crypt[0] == '*') {
        $method = 'my411';
    } elseif ($len == 34) {
        $method = 'kmd5';
        $salt = $crypt;
    } else {
        $method = 'crypt';
        $salt = substr($crypt, 0, 2);
    }
    //crypt and compare
    if (auth_cryptPassword($clear, $method, $salt) === $crypt) {
        return true;
    }
    return false;
}
Exemplo n.º 8
0
 function test_bcrypt_self()
 {
     $hash = auth_cryptPassword('foobcrypt', 'bcrypt');
     $this->assertTrue(auth_verifyPassword('foobcrypt', $hash));
 }
Exemplo n.º 9
0
 /**
  * Modify user data
  *
  * @author  Chris Smith <*****@*****.**>
  * @param   string $user      nick of the user to be changed
  * @param   array  $changes   array of field/value pairs to be changed (password will be clear text)
  * @return  bool
  */
 public function modifyUser($user, $changes)
 {
     global $ACT;
     global $config_cascade;
     // sanity checks, user must already exist and there must be something to change
     if (($userinfo = $this->getUserData($user)) === false) {
         msg($this->getLang('usernotexists'), -1);
         return false;
     }
     // don't modify protected users
     if (!empty($userinfo['protected'])) {
         msg(sprintf($this->getLang('protected'), hsc($user)), -1);
         return false;
     }
     if (!is_array($changes) || !count($changes)) {
         return true;
     }
     // update userinfo with new data, remembering to encrypt any password
     $newuser = $user;
     foreach ($changes as $field => $value) {
         if ($field == 'user') {
             $newuser = $value;
             continue;
         }
         if ($field == 'pass') {
             $value = auth_cryptPassword($value);
         }
         $userinfo[$field] = $value;
     }
     $userline = $this->_createUserLine($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $userinfo['grps']);
     if (!io_replaceInFile($config_cascade['plainauth.users']['default'], '/^' . $user . ':/', $userline, true)) {
         msg('There was an error modifying your user data. You may need to register again.', -1);
         // FIXME, io functions should be fail-safe so existing data isn't lost
         $ACT = 'register';
         return false;
     }
     $this->users[$newuser] = $userinfo;
     return true;
 }
Exemplo n.º 10
0
/**
 * Verifies a cleartext password against a crypted hash
 *
 * The method and salt used for the crypted hash is determined automatically
 * then the clear text password is crypted using the same method. If both hashs
 * match true is is returned else false
 *
 * @author  Andreas Gohr <*****@*****.**>
 * @return  bool
 */
function auth_verifyPassword($clear, $crypt)
{
    $method = '';
    $salt = '';
    // determine the used method and salt
    $len = strlen($crypt);
    if (substr($crypt, 0, 3) == '$1$') {
        $method = 'smd5';
        $salt = substr($crypt, 3, 8);
    } elseif (substr($crypt, 0, 6) == '{SSHA}') {
        $method = 'ssha';
        $salt = substr(base64_decode(substr($crypt, 6)), 20);
    } elseif ($len == 32) {
        $method = 'md5';
    } elseif ($len == 40) {
        $method = 'sha1';
    } elseif ($len == 16) {
        $method = 'mysql';
    } elseif ($len == 41 && $crypt[0] == '*') {
        $method = 'my411';
    } else {
        $method = 'crypt';
        $salt = substr($crypt, 0, 2);
    }
    // crypt and compare
    if (auth_cryptPassword($clear, $method, $salt) === $crypt) {
        return true;
    }
    return false;
}
Exemplo n.º 11
0
 /**
  * Just checks against the $forum_user variable
  */
 function trustExternal($user, $pass, $sticky = false)
 {
     global $USERINFO;
     global $conf;
     global $lang;
     global $pun_user;
     global $pun_config;
     global $cookie_name;
     $sticky ? $sticky = true : ($sticky = false);
     //sanity check
     // someone used the login form
     if (!empty($user)) {
         if ($this->checkPass($user, $pass)) {
             $expire = $sticky ? time() + 31536000 : 0;
             $uinfo = $this->getUserData($user);
             pun_setcookie($uinfo['id'], auth_cryptPassword($pass), $expire);
             $pun_user = array();
             $pun_user['password'] = auth_cryptPassword($pass);
             $pun_user['username'] = $user;
             $pun_user['realname'] = $uinfo['name'];
             $pun_user['email'] = $uinfo['mail'];
             $pun_user['g_title'] = $uinfo['group'];
         } else {
             //invalid credentials - log off
             msg($lang['badlogin'], -1);
             auth_logoff();
             return false;
         }
     }
     if (isset($pun_user) && !$pun_user['is_guest']) {
         // okay we're logged in - set the globals
         $USERINFO['pass'] = $pun_user['password'];
         $USERINFO['name'] = $pun_user['realname'];
         $USERINFO['mail'] = $pun_user['email'];
         $USERINFO['grps'] = array($pun_user['g_title']);
         if ($pun_user['is_admmod']) {
             $USERINFO['grps'][] = 'admin';
         }
         $_SERVER['REMOTE_USER'] = $pun_user['username'];
         $_SESSION[DOKU_COOKIE]['auth']['user'] = $pun_user['username'];
         $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
         return true;
     }
     // to be sure
     auth_logoff();
     $USERINFO['grps'] = array();
     return false;
 }