Formats a password using the current encryption.
public static getCryptedPassword ( string $plaintext, string $salt = '', string $encryption = 'md5-hex', boolean $show_encrypt = false ) : string | ||
$plaintext | string | The plaintext password to encrypt. |
$salt | string | The salt to use to encrypt the password. If not present, a new salt will be generated. |
$encryption | string | The kind of pasword encryption to use. Defaults to md5-hex. |
$show_encrypt | boolean | Some password systems prepend the kind of encryption to the crypted password ({SHA}, etc). Defaults to false. |
return | string | The encrypted password. |
/** * Find out if a set of login credentials are valid. Only supports * htpasswd files with DES passwords right now. * * @param string $userId The userId to check. * @param array $credentials An array of login credentials. For IMAP, * this must contain a password entry. * * @throws Horde_Auth_Exception */ protected function _authenticate($userId, $credentials) { if (empty($credentials['password']) || empty($this->_users[$userId])) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } $hash = Horde_Auth::getCryptedPassword($credentials['password'], $this->_users[$userId], $this->_params['encryption'], !empty($this->_params['show_encryption'])); if ($hash != $this->_users[$userId]) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } }
/** * Resets a user's password. Used for example when the user does not * remember the existing password. * * @param string $userId The user id for which to reset the password. * * @return string The new password on success. * @throws Horde_Auth_Exception */ public function resetPassword($userId) { /* Get a new random password. */ $password = Horde_Auth::genRandomPassword(); /* Build the SQL query. */ $query = str_replace(array('\\L', '\\P'), array($this->_db->quote($userId), $this->_db->quote(Horde_Auth::getCryptedPassword($password, '', $this->_params['encryption'], $this->_params['show_encryption']))), $this->_params['query_resetpassword']); try { $this->_db->update($query); } catch (Horde_Db_Exception $e) { throw new Horde_Auth_Exception($e); } return $password; }
/** * Reset a user's password. Used for example when the user does not * remember the existing password. * * @param string $userId The user id for which to reset the password. * * @return string The new password on success. * @throws Horde_Auth_Exception */ public function resetPassword($userId) { if (!empty($this->_params['ad'])) { throw new Horde_Auth_Exception(__CLASS__ . ': Updating users is not supported for Active Directory.'); } /* Search for the user's full DN. */ try { $dn = $this->_ldap->findUserDN($userId); } catch (Horde_Exception_Ldap $e) { throw new Horde_Auth_Exception($e); } /* Get a new random password. */ $password = Horde_Auth::genRandomPassword(); /* Encrypt the new password */ $entry = array('userpassword' => Horde_Auth::getCryptedPassword($password, '', $this->_params['encryption'], 'true')); /* Set the lastchange field */ $shadow = $this->_lookupShadow($dn); if ($shadow['shadowlastchange']) { $entry['shadowlastchange'] = floor(time() / 86400); } /* Update user entry. */ try { $this->_ldap->modify($dn, array('replace' => $entry)); } catch (Horde_Ldap_Exception $e) { throw new Horde_Auth_Exception($e); } return $password; }
/** * Compare an encrypted password to a plaintext string to see if * they match. * * @param string $encrypted The crypted password to compare against. * @param string $plaintext The plaintext password to verify. * * @return boolean True if matched, false otherwise. */ protected function _comparePasswords($encrypted, $plaintext) { return $encrypted == Horde_Auth::getCryptedPassword($plaintext, $encrypted, $this->_params['encryption'], $this->_params['show_encryption']); }
/** * Creates a user in the backend. * * @param array $info The user information to save. * * @return array The user information. * @throws Vilma_Exception */ protected function _createUser($info) { // Bind with appropriate dn to give update access. $res = ldap_bind($this->_ldap, $this->_params['ldap']['binddn'], $this->_params['ldap']['bindpw']); if (!$res) { throw new Vilma_Exception(_("Unable to bind to the LDAP server. Check authentication credentials.")); } // Prepare data. $entry['cn'] = $info['user_full_name']; // sn is not used operationally but we make an effort to be // something sensical. No guarantees, though. $entry['sn'] = array_pop(explode(' ', $info['user_full_name'])); $entry['mail'] = $info['user_name'] . '@' . $info['domain']; // uid must match mail or SMTP auth fails. $entry['uid'] = $entry['mail']; $entry['homeDirectory'] = '/srv/vhost/mail/' . $info['domain'] . '/' . $info['user_name']; $entry['qmailUID'] = $entry['qmailGID'] = 8; $entry['objectclass'] = array('top', 'person', 'organizationalPerson', 'inetOrgPerson', 'hordePerson', 'qmailUser'); $entry['accountstatus'] = $info['user_enabled']; // FIXME: Allow choice of hash $entry['userPassword'] = Horde_Auth::getCryptedPassword($info['password'], '', 'ssha', true); // Stir in any site-local custom LDAP attributes. try { $entry = Horde::callHook('getLDAPAttrs', array($entry), 'vilma'); } catch (Horde_Exception_HookNotSet $e) { } $rdn = 'mail=' . $entry['mail']; $dn = $rdn . ',' . $this->_params['ldap']['basedn']; $res = @ldap_add($this->_ldap, $dn, $entry); if ($res === false) { throw new Vilma_Exception(sprintf(_("Error adding account to LDAP: %s"), @ldap_error($this->_ldap))); } return $dn; }
/** * Salt and hash the password. * * @param string $password The password. * * @return string The salted hashed password. */ protected function hashPassword($password) { $type = isset($this->server->params['hashtype']) ? $this->server->params['hashtype'] : 'ssha'; return Horde_Auth::getCryptedPassword($password, '', $type, true); }
/** * Encrypts a password. * * @param string $plaintext A plaintext password. * * @return string The encrypted password. */ protected function _encryptPassword($plaintext) { return Horde_Auth::getCryptedPassword($plaintext, '', $this->_params['encryption'], $this->_params['show_encryption']); }
/** * Authentication handler * * On failure, Horde_Auth_Exception should pass a message string (if any) * in the message field, and the Horde_Auth::REASON_* constant in the code * field (defaults to Horde_Auth::REASON_MESSAGE). * * @param string $userID The userID to check. * @param array $credentials An array of login credentials. * * @throws Horde_Auth_Exception */ protected function _authenticate($userID, $credentials) { $um = $this->_mappers->create('Dolcore_Rdo_UserMapper'); if ($this->exists($userID) == false) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } $user = $um->findOne(array('nickname' => $userID)); $pass = Horde_Auth::getCryptedPassword($credentials['password'], substr($credentials['password'], 0, 2), 'crypt', false); if ($pass != $user->passwort) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } return true; }
/** * Update a set of authentication credentials. * * @param string $oldId The old userId. * @param string $newId The new userId. * @param array $credentials The new credentials. * @param string $olddn The old user DN. * @param string $newdn The new user DN. * * @throws Horde_Auth_Exception */ public function updateUser($oldId, $newId, $credentials, $olddn = null, $newdn = null) { /* Connect to the MSAD server. */ $this->_connect(); if (isset($credentials['ldap'])) { $olddn = $credentials['ldap']['dn']; } else { /* Search for the user's full DN. */ $dn = $this->_findDN($oldId); /* Encrypt the new password */ if (isset($credentials['password'])) { $entry['userpassword'] = Horde_Auth::getCryptedPassword($credentials['password'], '', $this->_params['encryption'], true); } } if ($oldId != $newID) { $newdn = str_replace($oldId, $newID, $dn); ldap_rename($this->_ds, $olddn, $newdn, $this->_params['basedn'], true); $success = @ldap_modify($this->_ds, $newdn, $entry); } else { $success = @ldap_modify($this->_ds, $olddn, $entry); } if (!$success) { throw new Horde_Auth_Exception(sprintf(__CLASS__ . ': Unable to update user "%s"', $newID)); } @ldap_close($this->_ds); }
/** * Update a set of authentication credentials. * * @param string $oldID The old userId. * @param string $newID The new userId. [NOT SUPPORTED] * @param array $credentials The new credentials * * @throws Horde_Auth_Exception */ public function updateUser($oldID, $newID, $credentials) { if (!empty($this->_params['domain_field']) && $this->_params['domain_field'] != 'none') { list($name, $domain) = explode('@', $oldID); /* Build the SQL query with domain. */ $query = sprintf('UPDATE %s SET %s = ? WHERE %s = ? and %s = ?', $this->_params['table'], $this->_params['password_field'], $this->_params['username_field'], $this->_params['domain_field']); $values = array(Horde_Auth::getCryptedPassword($credentials['password'], '', $this->_params['encryption'], $this->_params['show_encryption']), $name, $domain); } else { /* Build the SQL query. */ $query = sprintf('UPDATE %s SET %s = ? WHERE %s = ?', $this->_params['table'], $this->_params['password_field'], $this->_params['username_field']); $values = array(Horde_Auth::getCryptedPassword($credentials['password'], '', $this->_params['encryption'], $this->_params['show_encryption']), $oldID); } try { $this->_db->update($query, $values); } catch (Horde_Db_Exception $e) { throw new Horde_Auth_Exception($e); } }
/** * @dataProvider getCredentials */ public function testGetCryptedPassword($encryption, $password, $salt, $show_encryption = false) { $this->assertEquals($password, Horde_Auth::getCryptedPassword('foobar', $password, $encryption, $show_encryption)); }