mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
Updated mysql auth to use PHPass
This commit is contained in:
@ -9,14 +9,26 @@ function authenticate($username,$password)
|
||||
// Migrate from old, unhashed password
|
||||
if ($row['password'] == $encrypted_old)
|
||||
{
|
||||
$row = dbFetchRow("DESCRIBE users password");
|
||||
if ($row['Type'] == 'varchar(34)')
|
||||
$row_type = dbFetchRow("DESCRIBE users password");
|
||||
if ($row_type['Type'] == 'varchar(34)')
|
||||
{
|
||||
changepassword($username,$password);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
if ($row['password'] == crypt($password,$row['password']))
|
||||
elseif(substr($row['password'],0,3) == '$1$')
|
||||
{
|
||||
$row_type = dbFetchRow("DESCRIBE users password");
|
||||
if ($row_type['Type'] == 'varchar(60)')
|
||||
{
|
||||
if ($row['password'] == crypt($password,$row['password']))
|
||||
{
|
||||
changepassword($username,$password);
|
||||
}
|
||||
}
|
||||
}
|
||||
$hasher = new PasswordHash(8, FALSE);
|
||||
if($hasher->CheckPassword($password, $row['password']))
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
@ -62,7 +74,9 @@ function generateSalt($max = 15)
|
||||
|
||||
function changepassword($username,$password)
|
||||
{
|
||||
$encrypted = crypt($password,'$1$' . generateSalt(8).'$');
|
||||
//$encrypted = crypt($password,'$1$' . generateSalt(8).'$');
|
||||
$hasher = new PasswordHash(8, FALSE);
|
||||
$encrypted = $hasher->HashPassword($password);
|
||||
return dbUpdate(array('password' => $encrypted), 'users', '`username` = ?', array($username));
|
||||
}
|
||||
|
||||
@ -75,7 +89,9 @@ function adduser($username, $password, $level, $email = "", $realname = "", $can
|
||||
{
|
||||
if (!user_exists($username))
|
||||
{
|
||||
$encrypted = crypt($password,'$1$' . generateSalt(8).'$');
|
||||
//$encrypted = crypt($password,'$1$' . generateSalt(8).'$');
|
||||
$hasher = new PasswordHash(8, FALSE);
|
||||
$encrypted = $hasher->HashPassword($password);
|
||||
return dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd), 'users');
|
||||
} else {
|
||||
return FALSE;
|
||||
|
Reference in New Issue
Block a user