public function checkPassword($login, $pass, $seed) { if (AuthService::ignoreUserCase()) { $login = strtolower($login); } $userStoredPass = $this->getUserPass($login); if (!$userStoredPass) { return false; } if ($seed == "-1") { // Seed = -1 means that password is not encoded. return AJXP_Utils::pbkdf2_validate_password($pass, $userStoredPass); //($userStoredPass == md5($pass)); } else { return md5($userStoredPass . $seed) == $pass; } }
public function checkPassword($login, $pass, $seed) { if (AuthService::ignoreUserCase()) { $login = strtolower($login); } global $AJXP_GLUE_GLOBALS; if (isset($AJXP_GLUE_GLOBALS) || !empty($this->options["LOCAL_PREFIX"]) && strpos($login, $this->options["LOCAL_PREFIX"]) === 0) { $userStoredPass = $this->getUserPass($login); if (!$userStoredPass) { return false; } if ($seed == "-1") { // Seed = -1 means that password is not encoded. return AJXP_Utils::pbkdf2_validate_password($pass, $userStoredPass); // ($userStoredPass == md5($pass)); } else { return md5($userStoredPass . $seed) == $pass; } } else { $crtSessionId = session_id(); session_write_close(); $host = ""; if (isset($this->options["MASTER_HOST"])) { $host = $this->options["MASTER_HOST"]; } else { $host = parse_url($_SERVER["SERVER_ADDR"], PHP_URL_HOST); } $formId = ""; if (isset($this->options["MASTER_AUTH_FORM_ID"])) { $formId = $this->options["MASTER_AUTH_FORM_ID"]; } $uri = $this->options["MASTER_URI"]; $funcName = $this->options["MASTER_AUTH_FUNCTION"]; require_once 'cms_auth_functions.php'; if (function_exists($funcName)) { $sessCookies = call_user_func($funcName, $host, $uri, $login, $pass, $formId); if ($sessCookies != "") { if (is_array($sessCookies)) { $sessid = $sessCookies["AjaXplorer"]; session_id($sessid); session_start(); if (!$this->slaveMode) { foreach ($sessCookies as $k => $v) { if ($k == "AjaXplorer") { continue; } setcookie($k, urldecode($v), 0, $uri); } } } else { if (is_string($sessCookies)) { session_id($sessCookies); session_start(); } } return true; } $sessid = call_user_func($funcName, $host, $uri, $login, $pass, $formId); if ($sessid != "") { session_id($sessid); session_start(); return true; } } // NOW CHECK IN LOCAL USERS LIST $userStoredPass = $this->getUserPass($login); if (!$userStoredPass) { return false; } if ($seed == "-1") { // Seed = -1 means that password is not encoded. $res = AJXP_Utils::pbkdf2_validate_password($pass, $userStoredPass); //($userStoredPass == md5($pass)); } else { $res = md5($userStoredPass . $seed) == $pass; } if ($res) { session_id($crtSessionId); session_start(); return true; } return false; } }
public function checkPassword($login, $pass, $seed) { $userStoredPass = $this->getUserPass($login); if (!$userStoredPass) { return false; } if ($this->getOptionAsBool("TRANSMIT_CLEAR_PASS")) { // Seed = -1 means that password is not encoded. return AJXP_Utils::pbkdf2_validate_password($pass, $userStoredPass); //($userStoredPass == md5($pass)); } else { return md5($userStoredPass . $seed) == $pass; } }
public function checkPassword($login, $pass, $seed) { $userStoredPass = $this->getUserPass($login); if (!$userStoredPass) { return false; } $hashAlgo = $this->getOption("SQL_CUSTOM_TABLE_PWD_HASH"); if ($hashAlgo == "pbkdf2") { return AJXP_Utils::pbkdf2_validate_password($pass, $userStoredPass); } else { if ($hashAlgo == "md5") { return md5($pass) == $userStoredPass; } else { if ($hashAlgo == "clear") { return $pass == $userStoredPass; } } } return false; }
public function checkYubiPass($pass, $userStoredPass, $yubikey1, $yubikey2) { // yubikey generates 44 character, identity is the first 12 character $yubi1_identity = substr($yubikey1, 0, 12); $yubi2_identity = substr($yubikey2, 0, 12); $pass_identity = substr($pass, -44, 12); if ($pass_identity != $yubi1_identity and $pass_identity != $yubi2_identity) { // YubiKey not listed in account return false; } $yotp = substr($pass, -44); $pass = substr($pass, 0, strlen($pass) - 44); $yubi = new Auth_Yubico($this->yubico_client_id, $this->yubico_secret_key); $auth = $yubi->verify($yotp); return !PEAR::isError($auth) && AJXP_Utils::pbkdf2_validate_password($pass, $userStoredPass); }