function get_data($user) { if (empty($this->auth_users[$user])) { // scheme, salt, role return array('', '', ''); } $role = empty($this->auth_users[$user][1]) ? '' : $this->auth_users[$user][1]; list($scheme, $salt) = auth::passwd_parse($this->auth_users[$user][0]); return array($scheme, $salt, $role); }
function des_session_put($session_name, $val) { global $adminpass; // adminpass の処理 list($scheme, $salt) = auth::passwd_parse($adminpass); require_once LIB_DIR . 'des.php'; $_SESSION[$session_name] = base64_encode(des($salt, $val, 1, 0, null)); }
function passwd_undes($role, $user, $hash) { if ($role == 2) { // adminpass global $adminpass; list($scheme, $key) = auth::passwd_parse($adminpass); } else { $obj = new auth_file(PKWK_AUTH_FILE); list($o_scheme, $key, $o_role) = $obj->get_data($user); } $hash = des($key, base64_decode($hash), 0, 0, null); if (!preg_match('/^[a-z0-9]+$/iD', $hash)) { return false; } return $hash; }
function htdigest_save($username, $p_realm, $hash, $role) { global $realm, $_htdigest_msg; if ($realm != $p_realm) { return $_htdigest_msg['msg_realm']; } // DES if ($role > 2) { $key = htdigest_get_hash($username, $p_realm); } else { // adminpass global $adminpass; list($scheme, $key) = auth::passwd_parse($adminpass); // FIXME: MD5 ONLY if ($scheme != '{x-php-md5}') { return $_htdigest_msg['err_md5']; } } $hash = des($key, base64_decode($hash), 0, 0, null); if (!preg_match('/^[a-z0-9]+$/iD', $hash)) { return $_htdigest_msg['err_key']; } // SAVE if (file_exists(HTDIGEST_FILE)) { $lines = file(HTDIGEST_FILE); } else { $fp = fopen(HTDIGEST_FILE, 'w'); @flock($fp, LOCK_EX); fputs($fp, $username . ':' . $realm . ':' . $hash . "\n"); @flock($fp, LOCK_UN); @fclose($fp); return $_htdigest_msg['msg_1st']; } $sw = FALSE; foreach ($lines as $no => $line) { $field = split(':', trim($line)); if ($field[0] == $username && $field[1] == $p_realm) { if ($field[2] == $hash) { return $_htdigest_msg['msg_not_update']; } $sw = TRUE; $lines[$no] = $field[0] . ':' . $field[1] . ':' . $hash . "\n"; break; } } if (!$sw) { $fp = fopen(HTDIGEST_FILE, 'a'); @flock($fp, LOCK_EX); fputs($fp, $username . ':' . $p_realm . ':' . $hash . "\n"); @flock($fp, LOCK_UN); @fclose($fp); return $_htdigest_msg['msg_add']; } $fp = fopen(HTDIGEST_FILE, 'w'); @flock($fp, LOCK_EX); foreach ($lines as $line) { fwrite($fp, $line); } @flock($fp, LOCK_UN); @fclose($fp); return $_htdigest_msg['msg_update']; }