mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

change from unsalted md5 to salted md5 passwords, migrating passwords as authentication succeeds

Browse Source 
git-svn-id: http://www.observium.org/svn/observer/trunk@1936 61d68cd4-352d-0410-923a-c4978735b2b8
This commit is contained in:
Tom Laermans
2011-03-19 20:23:23 +00:00
parent b653d6203e
commit 7bd37c5b06
3 changed files with 41 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
html/includes/authentication/mysql.inc.php
View File

@ -2,13 +2,22 @@
function authenticate($username,$password)
{
$encrypted = md5($password);
$sql = "SELECT username FROM `users` WHERE `username`='".$username."' AND `password`='".$encrypted."'";
$encrypted_old = md5($password);
$sql = "SELECT username,password FROM `users` WHERE `username`='".$username."'";
$query = mysql_query($sql);
$row = @mysql_fetch_array($query);
$row = @mysql_fetch_assoc($query);
if ($row['username'] && $row['username'] == $username)
{
return 1;
// Migrate from old, unhashed password
if ($row['password'] == $encrypted_old)
{
changepassword($username,$password);
return 1;
}
if ($row['password'] == crypt($password,$row['password']))
{
return 1;
}
}
return 0;
}
@ -18,9 +27,30 @@ function passwordscanchange()
return 1;
}
/**
* From: http://code.activestate.com/recipes/576894-generate-a-salt/
* This function generates a password salt as a string of x (default = 15) characters
* ranging from a-zA-Z0-9.
* @param $max integer The number of characters in the string
* @author AfroSoft <scripts@afrosoft.co.cc>
*/
function generateSalt($max = 15)
{
$characterList = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$i = 0;
$salt = "";
do
{
$salt .= $characterList{mt_rand(0,strlen($characterList))};
$i++;
} while ($i <= $max);
return $salt;
}
function changepassword($username,$password)
{
$encrypted = md5($password);
$encrypted = crypt($password,'$1$' . generateSalt(8).'$');
$sql = "UPDATE `users` SET `password` = '$encrypted' WHERE `username`='".$username."'";
$query = mysql_query($sql);
}
@ -34,7 +64,8 @@ function adduser($username, $password, $level, $email = "", $realname = "")
{
if (!user_exists($username))
{
mysql_query("INSERT INTO `users` (`username`,`password`,`level`, `email`, `realname`) VALUES ('".mres($username)."',MD5('".mres($password)."'),'".mres($level)."','".mres($email)."','".mres($realname)."')");
$encrypted = crypt($password,'$1$' . generateSalt(8).'$');
mysql_query("INSERT INTO `users` (`username`,`password`,`level`, `email`, `realname`) VALUES ('".mres($username)."','".mres($encrypted)."','".mres($level)."','".mres($email)."','".mres($realname)."')");
}
return mysql_affected_rows();
@ -42,7 +73,7 @@ function adduser($username, $password, $level, $email = "", $realname = "")
function user_exists($username)
{
return mysql_result(mysql_query("SELECT * FROM users WHERE username = '".mres($username)."'"),0);
return @mysql_result(mysql_query("SELECT * FROM users WHERE username = '".mres($username)."'"),0);
}
function get_userlevel($username)