diff options
| author | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2009-09-02 09:35:19 +0000 |
|---|---|---|
| committer | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2009-09-02 09:35:19 +0000 |
| commit | d55777ebef19c351f3fc9d9d5b11118ca3b978fe (patch) | |
| tree | d8de3c77462abbc7a325fd91c63fd608f1e168d9 /roundcubemail/plugins/password/drivers | |
| parent | a9d66b059a967587f23efe6853efaca2a03a6b49 (diff) | |
- Password plugin: support hashed passwords and username parts in sql driver queries
git-svn-id: https://svn.roundcube.net/trunk@2908 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/plugins/password/drivers')
| -rw-r--r-- | roundcubemail/plugins/password/drivers/sql.php | 39 |
1 files changed, 37 insertions, 2 deletions
diff --git a/roundcubemail/plugins/password/drivers/sql.php b/roundcubemail/plugins/password/drivers/sql.php index 98e878a7d..9afaa65d8 100644 --- a/roundcubemail/plugins/password/drivers/sql.php +++ b/roundcubemail/plugins/password/drivers/sql.php @@ -5,7 +5,7 @@ * * Driver for passwords stored in SQL database * - * @version 1.1 + * @version 1.2 * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl> * */ @@ -34,6 +34,7 @@ function password_save($curpass, $passwd) if ($err = $db->is_error()) return PASSWORD_ERROR; + // crypted password if (strpos($sql, '%c') !== FALSE) { $salt = ''; if (CRYPT_MD5) { @@ -48,11 +49,45 @@ function password_save($curpass, $passwd) } $sql = str_replace('%c', $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql); } + + // hashed passwords + if (preg_match('/%[n|q]/', $sql)) { + + if (!extension_loaded('hash')) { + raise_error(array( + 'code' => 600, + 'type' => 'php', + 'file' => __FILE__, + 'message' => "Password plugin: 'hash' extension not loaded!" + ), true, false); + return PASSWORD_ERROR; + } + + if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm')))) + $hash_algo = 'sha1'; + + $hash_passwd = hash($hash_algo, $passwd); + $hash_curpass = hash($hash_algo, $curpass); + + if ($rcmail->config->get('password_hash_base64')) { + $hash_passwd = base64_encode(pack('H*', $hash_passwd)); + $hash_curpass = base64_encode(pack('H*', $hash_curpass)); + } + + $sql = str_replace('%n', $db->quote($hash_passwd, 'text'), $sql); + $sql = str_replace('%q', $db->quote($hash_curpass, 'text'), $sql); + } + $user_info = explode('@', $_SESSION['username']); + if (count($user_info) >= 2) { + $sql = str_replace('%l', $db->quote($user_info[0], 'text'), $sql); + $sql = str_replace('%d', $db->quote($user_info[0], 'text'), $sql); + } + $sql = str_replace('%u', $db->quote($_SESSION['username'],'text'), $sql); + $sql = str_replace('%h', $db->quote($_SESSION['imap_host'],'text'), $sql); $sql = str_replace('%p', $db->quote($passwd,'text'), $sql); $sql = str_replace('%o', $db->quote($curpass,'text'), $sql); - $sql = str_replace('%h', $db->quote($_SESSION['imap_host'],'text'), $sql); $res = $db->query($sql); |