public function checkPassword($login, $pass, $seed)
{
if (AuthService::ignoreUserCase()) {
$login = strtolower($login);
}
$userStoredPass = $this->getUserPass($login);
if (!$userStoredPass) {
return false;
}
if ($seed == "-1") {
// Seed = -1 means that password is not encoded.
return AJXP_Utils::pbkdf2_validate_password($pass, $userStoredPass);
//($userStoredPass == md5($pass));
} else {
return md5($userStoredPass . $seed) == $pass;
}
}
public function checkPassword($login, $pass, $seed)
{
if (AuthService::ignoreUserCase()) {
$login = strtolower($login);
}
global $AJXP_GLUE_GLOBALS;
if (isset($AJXP_GLUE_GLOBALS) || !empty($this->options["LOCAL_PREFIX"]) && strpos($login, $this->options["LOCAL_PREFIX"]) === 0) {
$userStoredPass = $this->getUserPass($login);
if (!$userStoredPass) {
return false;
}
if ($seed == "-1") {
// Seed = -1 means that password is not encoded.
return AJXP_Utils::pbkdf2_validate_password($pass, $userStoredPass);
// ($userStoredPass == md5($pass));
} else {
return md5($userStoredPass . $seed) == $pass;
}
} else {
$crtSessionId = session_id();
session_write_close();
$host = "";
if (isset($this->options["MASTER_HOST"])) {
$host = $this->options["MASTER_HOST"];
} else {
$host = parse_url($_SERVER["SERVER_ADDR"], PHP_URL_HOST);
}
$formId = "";
if (isset($this->options["MASTER_AUTH_FORM_ID"])) {
$formId = $this->options["MASTER_AUTH_FORM_ID"];
}
$uri = $this->options["MASTER_URI"];
$funcName = $this->options["MASTER_AUTH_FUNCTION"];
require_once 'cms_auth_functions.php';
if (function_exists($funcName)) {
$sessCookies = call_user_func($funcName, $host, $uri, $login, $pass, $formId);
if ($sessCookies != "") {
if (is_array($sessCookies)) {
$sessid = $sessCookies["AjaXplorer"];
session_id($sessid);
session_start();
if (!$this->slaveMode) {
foreach ($sessCookies as $k => $v) {
if ($k == "AjaXplorer") {
continue;
}
setcookie($k, urldecode($v), 0, $uri);
}
}
} else {
if (is_string($sessCookies)) {
session_id($sessCookies);
session_start();
}
}
return true;
}
$sessid = call_user_func($funcName, $host, $uri, $login, $pass, $formId);
if ($sessid != "") {
session_id($sessid);
session_start();
return true;
}
}
// NOW CHECK IN LOCAL USERS LIST
$userStoredPass = $this->getUserPass($login);
if (!$userStoredPass) {
return false;
}
if ($seed == "-1") {
// Seed = -1 means that password is not encoded.
$res = AJXP_Utils::pbkdf2_validate_password($pass, $userStoredPass);
//($userStoredPass == md5($pass));
} else {
$res = md5($userStoredPass . $seed) == $pass;
}
if ($res) {
session_id($crtSessionId);
session_start();
return true;
}
return false;
}
}
public function checkPassword($login, $pass, $seed)
{
$userStoredPass = $this->getUserPass($login);
if (!$userStoredPass) {
return false;
}
if ($this->getOptionAsBool("TRANSMIT_CLEAR_PASS")) {
// Seed = -1 means that password is not encoded.
return AJXP_Utils::pbkdf2_validate_password($pass, $userStoredPass);
//($userStoredPass == md5($pass));
} else {
return md5($userStoredPass . $seed) == $pass;
}
}
public function checkPassword($login, $pass, $seed)
{
$userStoredPass = $this->getUserPass($login);
if (!$userStoredPass) {
return false;
}
$hashAlgo = $this->getOption("SQL_CUSTOM_TABLE_PWD_HASH");
if ($hashAlgo == "pbkdf2") {
return AJXP_Utils::pbkdf2_validate_password($pass, $userStoredPass);
} else {
if ($hashAlgo == "md5") {
return md5($pass) == $userStoredPass;
} else {
if ($hashAlgo == "clear") {
return $pass == $userStoredPass;
}
}
}
return false;
}
public function checkYubiPass($pass, $userStoredPass, $yubikey1, $yubikey2)
{
// yubikey generates 44 character, identity is the first 12 character
$yubi1_identity = substr($yubikey1, 0, 12);
$yubi2_identity = substr($yubikey2, 0, 12);
$pass_identity = substr($pass, -44, 12);
if ($pass_identity != $yubi1_identity and $pass_identity != $yubi2_identity) {
// YubiKey not listed in account
return false;
}
$yotp = substr($pass, -44);
$pass = substr($pass, 0, strlen($pass) - 44);
$yubi = new Auth_Yubico($this->yubico_client_id, $this->yubico_secret_key);
$auth = $yubi->verify($yotp);
return !PEAR::isError($auth) && AJXP_Utils::pbkdf2_validate_password($pass, $userStoredPass);
}
