function action_edit_user() { global $PAGE; $current = isset($_GET['user_id']) && is_numeric($_GET['user_id']) ? $_GET['user_id'] : null; if (!$current) { $PAGE->title = 'Добавить пользователя'; } if (isset($_POST['action']) && $_POST['action'] == 'save') { $temp = $res = array('login' => '', 'code' => '', 'display_name' => '', 'mail' => '', 'groups_ID' => array(), 'rules' => array()); $res = set_merge($res, $_POST); if ($password = $_POST['password']) { $salt = random_salt(); $password = crypt(md5($password), $salt); $res['password'] = $password; $res['salt'] = $salt; } if ($res['login'] && $res['display_name'] && $res['mail'] && $res['code'] && count($res['groups_ID']) && (isset($res['password']) || $current)) { if ($current) { if (update_users($res, "WHERE ID='{$current}'")) { push_output_message(array('title' => 'Обновлено!', 'text' => 'Пользователь успешно обновлён', 'class' => 'alert alert-success')); } else { push_output_message(array('title' => 'Ошибка!', 'text' => 'Произошла неизвестная ошибка', 'class' => 'alert alert-danger')); } $res['ID'] = $current; set_glob_content(array('body' => (object) $res)); } else { if (add_user($res)) { push_output_message(array('title' => 'Добавлено!', 'text' => 'Пользователь успешно добавлен', 'class' => 'alert alert-success')); } else { push_output_message(array('title' => 'Ошибка!', 'text' => 'Произошла неизвестная ошибка', 'class' => 'alert alert-danger')); } } } else { push_output_message(array('title' => 'Ошибка!', 'text' => 'Заполните все обязательные поля', 'class' => 'alert alert-danger')); set_glob_content(array('body' => (object) $res)); } } elseif (isset($_POST['action']) && $_POST['action'] == 'delete' && $current && delete_user($current)) { push_output_message(array('title' => 'Удалено!', 'text' => 'Пользователь успешно удалён', 'class' => 'alert alert-success')); set_glob_content(array('body' => (object) $temp)); } elseif ($current && ($user = get_user($current, 'ID, login, code, display_name, mail, groups_ID, rules', true))) { set_glob_content(array('body' => $user)); } }
/** * Hashes a password and returns the hash based on the specified enc_type. * * @param string $password_clear The password to hash in clear text. * @param string $enc_type Standard LDAP encryption type which must be one of * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear. * @return string The hashed password. */ function password_hash($password_clear, $enc_type) { if (DEBUG_ENABLED) { debug_log('password_hash(): Entered with (%s,%s)', 1, $password_clear, $enc_type); } $enc_type = strtolower($enc_type); switch ($enc_type) { case 'crypt': $new_value = '{CRYPT}' . crypt($password_clear, random_salt(2)); break; case 'ext_des': // extended des crypt. see OpenBSD crypt man page. if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) { pla_error(_('Your system crypt library does not support extended DES encryption.')); } $new_value = '{CRYPT}' . crypt($password_clear, '_' . random_salt(8)); break; case 'md5crypt': if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) { pla_error(_('Your system crypt library does not support md5crypt encryption.')); } $new_value = '{CRYPT}' . crypt($password_clear, '$1$' . random_salt(9)); break; case 'blowfish': if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) { pla_error(_('Your system crypt library does not support blowfish encryption.')); } // hardcoded to second blowfish version and set number of rounds $new_value = '{CRYPT}' . crypt($password_clear, '$2a$12$' . random_salt(13)); break; case 'md5': $new_value = '{MD5}' . base64_encode(pack('H*', md5($password_clear))); break; case 'sha': if (function_exists('sha1')) { // use php 4.3.0+ sha1 function, if it is available. $new_value = '{SHA}' . base64_encode(pack('H*', sha1($password_clear))); } elseif (function_exists('mhash')) { $new_value = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear)); } else { pla_error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.')); } break; case 'ssha': if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { mt_srand((double) microtime() * 1000000); $salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack("h*", md5(mt_rand())), 0, 8), 4); $new_value = "{SSHA}" . base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt); } else { pla_error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.')); } break; case 'smd5': if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { mt_srand((double) microtime() * 1000000); $salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack("h*", md5(mt_rand())), 0, 8), 4); $new_value = "{SMD5}" . base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt); } else { pla_error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.')); } break; case 'clear': default: $new_value = $password_clear; } return $new_value; }
/** * Hashes a password and returns the hash based on the specified enc_type. * * @param string The password to hash in clear text. * @param string Standard LDAP encryption type which must be one of * crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear. * @return string The hashed password. */ function pla_password_hash($password_clear, $enc_type) { if (DEBUG_ENABLED && (($fargs = func_get_args()) || ($fargs = 'NOARGS'))) { debug_log('Entered (%%)', 1, 0, __FILE__, __LINE__, __METHOD__, $fargs); } $enc_type = strtolower($enc_type); switch ($enc_type) { case 'blowfish': if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) { error(_('Your system crypt library does not support blowfish encryption.'), 'error', 'index.php'); } # Hardcoded to second blowfish version and set number of rounds $new_value = sprintf('{CRYPT}%s', crypt($password_clear, '$2a$12$' . random_salt(13))); break; case 'crypt': if ($_SESSION[APPCONFIG]->getValue('password', 'no_random_crypt_salt')) { $new_value = sprintf('{CRYPT}%s', crypt($password_clear, substr($password_clear, 0, 2))); } else { $new_value = sprintf('{CRYPT}%s', crypt($password_clear, random_salt(2))); } break; case 'ext_des': # Extended des crypt. see OpenBSD crypt man page. if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) { error(_('Your system crypt library does not support extended DES encryption.'), 'error', 'index.php'); } $new_value = sprintf('{CRYPT}%s', crypt($password_clear, '_' . random_salt(8))); break; case 'k5key': $new_value = sprintf('{K5KEY}%s', $password_clear); system_message(array('title' => _('Unable to Encrypt Password'), 'body' => 'phpLDAPadmin cannot encrypt K5KEY passwords', 'type' => 'warn')); break; case 'md5': $new_value = sprintf('{MD5}%s', base64_encode(pack('H*', md5($password_clear)))); break; case 'md5crypt': if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) { error(_('Your system crypt library does not support md5crypt encryption.'), 'error', 'index.php'); } $new_value = sprintf('{CRYPT}%s', crypt($password_clear, '$1$' . random_salt(9))); break; case 'sha': # Use php 4.3.0+ sha1 function, if it is available. if (function_exists('sha1')) { $new_value = sprintf('{SHA}%s', base64_encode(pack('H*', sha1($password_clear)))); } elseif (function_exists('mhash')) { $new_value = sprintf('{SHA}%s', base64_encode(mhash(MHASH_SHA1, $password_clear))); } else { error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'), 'error', 'index.php'); } break; case 'ssha': if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { mt_srand((double) microtime() * 1000000); $salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4); $new_value = sprintf('{SSHA}%s', base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt)); } else { error(_('Your PHP install does not have the mhash() or mhash_keygen_s2k() function. Cannot do S2K hashes.'), 'error', 'index.php'); } break; case 'smd5': if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) { mt_srand((double) microtime() * 1000000); $salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4); $new_value = sprintf('{SMD5}%s', base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt)); } else { error(_('Your PHP install does not have the mhash() or mhash_keygen_s2k() function. Cannot do S2K hashes.'), 'error', 'index.php'); } break; case 'sha512': if (function_exists('openssl_digest') && function_exists('base64_encode')) { $new_value = sprintf('{SHA512}%s', base64_encode(openssl_digest($password_clear, 'sha512', true))); } else { error(_('Your PHP install doest not have the openssl_digest() or base64_encode() function. Cannot do SHA512 hashes. '), 'error', 'index.php'); } break; case 'clear': default: $new_value = $password_clear; } return $new_value; }
function password_hash($password_clear, $enc_type) { switch ($enc_type) { case 'crypt': $new_value = '{crypt}' . crypt($password_clear, random_salt(2)); break; case 'md5': $new_value = '{md5}' . base64_encode(pack('H*', md5($password_clear))); break; case 'md5crypt': if (!defined('CRYPT_MD5') || 0 == CRYPT_MD5) { pla_error("Your PHP install does not support md5crypt."); } $new_value = '{crypt}' . crypt($password_clear, '$1$' . random_salt(9)); break; case 'blowfish': if (!defined('CRYPT_BLOWFISH') || 0 == CRYPT_BLOWFISH) { pla_error("Your PHP install does not support blowfish encryption."); } $new_value = '{crypt}' . crypt($password_clear, '$2$' . random_salt(13)); break; case 'smd5': if (function_exists('mhash')) { $salt = random_salt(8); $hash = mhash(MHASH_MD5, $password_clear . $salt); $new_value = '{SMD5}' . base64_encode($hash . $salt); } else { pla_error("Your PHP install does not have the mhash() function." . " Cannot do SMD5 hashes."); } break; case 'sha': if (function_exists('mhash')) { $new_value = '{sha}' . base64_encode(mhash(MHASH_SHA1, $password_clear)); } else { pla_error("Your PHP install does not have the mhash() function." . " Cannot do SHA hashes."); } break; case 'ssha': if (function_exists('mhash')) { $salt = random_salt(8); $hash = mhash(MHASH_SHA1, $password_clear . $salt); $new_value = '{SSHA}' . base64_encode($hash . $salt); } else { pla_error("Your PHP install does not have the mhash() function." . " Cannot do SSHA hashes."); } break; case 'clear': default: $new_value = $password_clear; } return $new_value; }