function action_edit_user()
{
global $PAGE;
$current = isset($_GET['user_id']) && is_numeric($_GET['user_id']) ? $_GET['user_id'] : null;
if (!$current) {
$PAGE->title = 'Добавить пользователя';
}
if (isset($_POST['action']) && $_POST['action'] == 'save') {
$temp = $res = array('login' => '', 'code' => '', 'display_name' => '', 'mail' => '', 'groups_ID' => array(), 'rules' => array());
$res = set_merge($res, $_POST);
if ($password = $_POST['password']) {
$salt = random_salt();
$password = crypt(md5($password), $salt);
$res['password'] = $password;
$res['salt'] = $salt;
}
if ($res['login'] && $res['display_name'] && $res['mail'] && $res['code'] && count($res['groups_ID']) && (isset($res['password']) || $current)) {
if ($current) {
if (update_users($res, "WHERE ID='{$current}'")) {
push_output_message(array('title' => 'Обновлено!', 'text' => 'Пользователь успешно обновлён', 'class' => 'alert alert-success'));
} else {
push_output_message(array('title' => 'Ошибка!', 'text' => 'Произошла неизвестная ошибка', 'class' => 'alert alert-danger'));
}
$res['ID'] = $current;
set_glob_content(array('body' => (object) $res));
} else {
if (add_user($res)) {
push_output_message(array('title' => 'Добавлено!', 'text' => 'Пользователь успешно добавлен', 'class' => 'alert alert-success'));
} else {
push_output_message(array('title' => 'Ошибка!', 'text' => 'Произошла неизвестная ошибка', 'class' => 'alert alert-danger'));
}
}
} else {
push_output_message(array('title' => 'Ошибка!', 'text' => 'Заполните все обязательные поля', 'class' => 'alert alert-danger'));
set_glob_content(array('body' => (object) $res));
}
} elseif (isset($_POST['action']) && $_POST['action'] == 'delete' && $current && delete_user($current)) {
push_output_message(array('title' => 'Удалено!', 'text' => 'Пользователь успешно удалён', 'class' => 'alert alert-success'));
set_glob_content(array('body' => (object) $temp));
} elseif ($current && ($user = get_user($current, 'ID, login, code, display_name, mail, groups_ID, rules', true))) {
set_glob_content(array('body' => $user));
}
}
/**
* Hashes a password and returns the hash based on the specified enc_type.
*
* @param string $password_clear The password to hash in clear text.
* @param string $enc_type Standard LDAP encryption type which must be one of
* crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
* @return string The hashed password.
*/
function password_hash($password_clear, $enc_type)
{
if (DEBUG_ENABLED) {
debug_log('password_hash(): Entered with (%s,%s)', 1, $password_clear, $enc_type);
}
$enc_type = strtolower($enc_type);
switch ($enc_type) {
case 'crypt':
$new_value = '{CRYPT}' . crypt($password_clear, random_salt(2));
break;
case 'ext_des':
// extended des crypt. see OpenBSD crypt man page.
if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
pla_error(_('Your system crypt library does not support extended DES encryption.'));
}
$new_value = '{CRYPT}' . crypt($password_clear, '_' . random_salt(8));
break;
case 'md5crypt':
if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
pla_error(_('Your system crypt library does not support md5crypt encryption.'));
}
$new_value = '{CRYPT}' . crypt($password_clear, '$1$' . random_salt(9));
break;
case 'blowfish':
if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
pla_error(_('Your system crypt library does not support blowfish encryption.'));
}
// hardcoded to second blowfish version and set number of rounds
$new_value = '{CRYPT}' . crypt($password_clear, '$2a$12$' . random_salt(13));
break;
case 'md5':
$new_value = '{MD5}' . base64_encode(pack('H*', md5($password_clear)));
break;
case 'sha':
if (function_exists('sha1')) {
// use php 4.3.0+ sha1 function, if it is available.
$new_value = '{SHA}' . base64_encode(pack('H*', sha1($password_clear)));
} elseif (function_exists('mhash')) {
$new_value = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password_clear));
} else {
pla_error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'));
}
break;
case 'ssha':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
$new_value = "{SSHA}" . base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt);
} else {
pla_error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'));
}
break;
case 'smd5':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack("h*", md5(mt_rand())), 0, 8), 4);
$new_value = "{SMD5}" . base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt);
} else {
pla_error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'));
}
break;
case 'clear':
default:
$new_value = $password_clear;
}
return $new_value;
}
/**
* Hashes a password and returns the hash based on the specified enc_type.
*
* @param string The password to hash in clear text.
* @param string Standard LDAP encryption type which must be one of
* crypt, ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, sha512, or clear.
* @return string The hashed password.
*/
function pla_password_hash($password_clear, $enc_type)
{
if (DEBUG_ENABLED && (($fargs = func_get_args()) || ($fargs = 'NOARGS'))) {
debug_log('Entered (%%)', 1, 0, __FILE__, __LINE__, __METHOD__, $fargs);
}
$enc_type = strtolower($enc_type);
switch ($enc_type) {
case 'blowfish':
if (!defined('CRYPT_BLOWFISH') || CRYPT_BLOWFISH == 0) {
error(_('Your system crypt library does not support blowfish encryption.'), 'error', 'index.php');
}
# Hardcoded to second blowfish version and set number of rounds
$new_value = sprintf('{CRYPT}%s', crypt($password_clear, '$2a$12$' . random_salt(13)));
break;
case 'crypt':
if ($_SESSION[APPCONFIG]->getValue('password', 'no_random_crypt_salt')) {
$new_value = sprintf('{CRYPT}%s', crypt($password_clear, substr($password_clear, 0, 2)));
} else {
$new_value = sprintf('{CRYPT}%s', crypt($password_clear, random_salt(2)));
}
break;
case 'ext_des':
# Extended des crypt. see OpenBSD crypt man page.
if (!defined('CRYPT_EXT_DES') || CRYPT_EXT_DES == 0) {
error(_('Your system crypt library does not support extended DES encryption.'), 'error', 'index.php');
}
$new_value = sprintf('{CRYPT}%s', crypt($password_clear, '_' . random_salt(8)));
break;
case 'k5key':
$new_value = sprintf('{K5KEY}%s', $password_clear);
system_message(array('title' => _('Unable to Encrypt Password'), 'body' => 'phpLDAPadmin cannot encrypt K5KEY passwords', 'type' => 'warn'));
break;
case 'md5':
$new_value = sprintf('{MD5}%s', base64_encode(pack('H*', md5($password_clear))));
break;
case 'md5crypt':
if (!defined('CRYPT_MD5') || CRYPT_MD5 == 0) {
error(_('Your system crypt library does not support md5crypt encryption.'), 'error', 'index.php');
}
$new_value = sprintf('{CRYPT}%s', crypt($password_clear, '$1$' . random_salt(9)));
break;
case 'sha':
# Use php 4.3.0+ sha1 function, if it is available.
if (function_exists('sha1')) {
$new_value = sprintf('{SHA}%s', base64_encode(pack('H*', sha1($password_clear))));
} elseif (function_exists('mhash')) {
$new_value = sprintf('{SHA}%s', base64_encode(mhash(MHASH_SHA1, $password_clear)));
} else {
error(_('Your PHP install does not have the mhash() function. Cannot do SHA hashes.'), 'error', 'index.php');
}
break;
case 'ssha':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_SHA1, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
$new_value = sprintf('{SSHA}%s', base64_encode(mhash(MHASH_SHA1, $password_clear . $salt) . $salt));
} else {
error(_('Your PHP install does not have the mhash() or mhash_keygen_s2k() function. Cannot do S2K hashes.'), 'error', 'index.php');
}
break;
case 'smd5':
if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
mt_srand((double) microtime() * 1000000);
$salt = mhash_keygen_s2k(MHASH_MD5, $password_clear, substr(pack('h*', md5(mt_rand())), 0, 8), 4);
$new_value = sprintf('{SMD5}%s', base64_encode(mhash(MHASH_MD5, $password_clear . $salt) . $salt));
} else {
error(_('Your PHP install does not have the mhash() or mhash_keygen_s2k() function. Cannot do S2K hashes.'), 'error', 'index.php');
}
break;
case 'sha512':
if (function_exists('openssl_digest') && function_exists('base64_encode')) {
$new_value = sprintf('{SHA512}%s', base64_encode(openssl_digest($password_clear, 'sha512', true)));
} else {
error(_('Your PHP install doest not have the openssl_digest() or base64_encode() function. Cannot do SHA512 hashes. '), 'error', 'index.php');
}
break;
case 'clear':
default:
$new_value = $password_clear;
}
return $new_value;
}
function password_hash($password_clear, $enc_type)
{
switch ($enc_type) {
case 'crypt':
$new_value = '{crypt}' . crypt($password_clear, random_salt(2));
break;
case 'md5':
$new_value = '{md5}' . base64_encode(pack('H*', md5($password_clear)));
break;
case 'md5crypt':
if (!defined('CRYPT_MD5') || 0 == CRYPT_MD5) {
pla_error("Your PHP install does not support md5crypt.");
}
$new_value = '{crypt}' . crypt($password_clear, '$1$' . random_salt(9));
break;
case 'blowfish':
if (!defined('CRYPT_BLOWFISH') || 0 == CRYPT_BLOWFISH) {
pla_error("Your PHP install does not support blowfish encryption.");
}
$new_value = '{crypt}' . crypt($password_clear, '$2$' . random_salt(13));
break;
case 'smd5':
if (function_exists('mhash')) {
$salt = random_salt(8);
$hash = mhash(MHASH_MD5, $password_clear . $salt);
$new_value = '{SMD5}' . base64_encode($hash . $salt);
} else {
pla_error("Your PHP install does not have the mhash() function." . " Cannot do SMD5 hashes.");
}
break;
case 'sha':
if (function_exists('mhash')) {
$new_value = '{sha}' . base64_encode(mhash(MHASH_SHA1, $password_clear));
} else {
pla_error("Your PHP install does not have the mhash() function." . " Cannot do SHA hashes.");
}
break;
case 'ssha':
if (function_exists('mhash')) {
$salt = random_salt(8);
$hash = mhash(MHASH_SHA1, $password_clear . $salt);
$new_value = '{SSHA}' . base64_encode($hash . $salt);
} else {
pla_error("Your PHP install does not have the mhash() function." . " Cannot do SSHA hashes.");
}
break;
case 'clear':
default:
$new_value = $password_clear;
}
return $new_value;
}
