Revert "Updated to remove passwords from sessions" (#4422)

html/includes/authentication/active_directory.inc.php

@@ -75,6 +75,13 @@ function authenticate($username, $password)
     return 0;
 }
 
+function reauthenticate()
+{
+    // not supported so return 0
+    return 0;
+}
+
+
 function passwordscanchange()
 {
     // not supported so return 0
@@ -196,7 +203,6 @@ function deluser($username)
     dbDelete('ports_perms', '`user_name` =  ?', array($username));
     dbDelete('users_prefs', '`user_name` =  ?', array($username));
     dbDelete('users', '`user_name` =  ?', array($username));
-    dbDelete('session', '`session_username` =  ?', array($username));
     return dbDelete('users', '`username` =  ?', array($username));
 }
 

html/includes/authentication/ad-authorization.inc.php

@@ -53,6 +53,14 @@ function authenticate($username, $password)
     return 0;
 }
 
+
+function reauthenticate()
+{
+    // not supported so return 0
+    return 0;
+}
+
+
 function passwordscanchange()
 {
     // not supported so return 0
@@ -196,7 +204,6 @@ function deluser($username)
     dbDelete('ports_perms', '`user_name` =  ?', array($username));
     dbDelete('users_prefs', '`user_name` =  ?', array($username));
     dbDelete('users', '`user_name` =  ?', array($username));
-    dbDelete('session', '`session_username` =  ?', array($username));
     return dbDelete('users', '`username` =  ?', array($username));
 }
 

html/includes/authentication/http-auth.inc.php

@@ -23,6 +23,13 @@ function authenticate($username, $password)
     return 0;
 }
 
+
+function reauthenticate($sess_id = '', $token = '')
+{
+    return 0;
+}
+
+
 function passwordscanchange($username = '')
 {
     return 0;

html/includes/authentication/ldap-authorization.inc.php

@@ -81,6 +81,14 @@ function authenticate($username, $password)
     return 0;
 }
 
+
+function reauthenticate($sess_id = '', $token = '')
+{
+    // Not supported
+    return 0;
+}
+
+
 function passwordscanchange($username = '')
 {
     // Not supported

html/includes/authentication/ldap.inc.php

@@ -47,6 +47,13 @@ function authenticate($username, $password)
     return 0;
 }
 
+
+function reauthenticate($sess_id, $token)
+{
+    return 0;
+}
+
+
 function passwordscanchange($username = '')
 {
     return 0;

html/includes/authentication/mysql.inc.php

@@ -32,6 +32,21 @@ function authenticate($username, $password)
     return 0;
 }//end authenticate()
 
+
+function reauthenticate($sess_id, $token)
+{
+    list($uname,$hash) = explode('|', $token);
+    $session           = dbFetchRow("SELECT * FROM `session` WHERE `session_username` = '$uname' AND session_value='$sess_id'", array(), true);
+    $hasher            = new PasswordHash(8, false);
+    if ($hasher->CheckPassword($uname.$session['session_token'], $hash)) {
+        $_SESSION['username'] = $uname;
+        return 1;
+    } else {
+        return 0;
+    }
+}//end reauthenticate()
+
+
 function passwordscanchange($username = '')
 {
     /*
@@ -128,7 +143,7 @@ function deluser($username)
     dbDelete('ports_perms', '`user_name` =  ?', array($username));
     dbDelete('users_prefs', '`user_name` =  ?', array($username));
     dbDelete('users', '`user_name` =  ?', array($username));
-    dbDelete('session', '`session_username` =  ?', array($username));
+
     return dbDelete('users', '`username` =  ?', array($username));
 }//end deluser()
 

html/includes/authentication/radius.inc.php

@@ -24,6 +24,12 @@ function authenticate($username, $password)
     }
 }
 
+function reauthenticate()
+{
+    return 0;
+}
+
+
 function passwordscanchange()
 {
     // not supported so return 0
@@ -94,7 +100,6 @@ function deluser($username)
     dbDelete('ports_perms', '`user_name` =  ?', array($username));
     dbDelete('users_prefs', '`user_name` =  ?', array($username));
     dbDelete('users', '`user_name` =  ?', array($username));
-    dbDelete('session', '`session_username` =  ?', array($username));
     return dbDelete('users', '`username` =  ?', array($username));
 }