mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
librenms-librenms/html/includes/authentication/mysql.inc.php
Tom Laermans 2f0c69c9ef only update password to salted if database field is long enough 
git-svn-id: http://www.observium.org/svn/observer/trunk@1939 61d68cd4-352d-0410-923a-c4978735b2b8
2011-03-20 21:13:59 +00:00

99 lines
2.5 KiB
PHP
Raw Blame History

<?php
function authenticate($username,$password)
{
$encrypted_old = md5($password);
$sql = "SELECT username,password FROM `users` WHERE `username`='".$username."'";
$query = mysql_query($sql);
$row = @mysql_fetch_assoc($query);
if ($row['username'] && $row['username'] == $username)
{
// Migrate from old, unhashed password
if ($row['password'] == $encrypted_old)
{
$query = mysql_query("DESCRIBE users password");
$row = mysql_fetch_assoc($query);
if ($row['Type'] == 'varchar(34)')
{
changepassword($username,$password);
}
return 1;
}
if ($row['password'] == crypt($password,$row['password']))
{
return 1;
}
}
return 0;
}
function passwordscanchange()
{
return 1;
}
/**
* From: http://code.activestate.com/recipes/576894-generate-a-salt/
* This function generates a password salt as a string of x (default = 15) characters
* ranging from a-zA-Z0-9.
* @param $max integer The number of characters in the string
* @author AfroSoft <scripts@afrosoft.co.cc>
*/
function generateSalt($max = 15)
{
$characterList = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$i = 0;
$salt = "";
do
{
$salt .= $characterList{mt_rand(0,strlen($characterList))};
$i++;
} while ($i <= $max);
return $salt;
}
function changepassword($username,$password)
{
$encrypted = crypt($password,'$1$' . generateSalt(8).'$');
$sql = "UPDATE `users` SET `password` = '$encrypted' WHERE `username`='".$username."'";
$query = mysql_query($sql);
}
function auth_usermanagement()
{
return 1;
}
function adduser($username, $password, $level, $email = "", $realname = "")
{
if (!user_exists($username))
{
$encrypted = crypt($password,'$1$' . generateSalt(8).'$');
mysql_query("INSERT INTO `users` (`username`,`password`,`level`, `email`, `realname`) VALUES ('".mres($username)."','".mres($encrypted)."','".mres($level)."','".mres($email)."','".mres($realname)."')");
}
return mysql_affected_rows();
}
function user_exists($username)
{
return @mysql_result(mysql_query("SELECT * FROM users WHERE username = '".mres($username)."'"),0);
}
function get_userlevel($username)
{
$sql = "SELECT level FROM `users` WHERE `username`='".mres($username)."'";
$row = mysql_fetch_array(mysql_query($sql));
return $row['level'];
}
function get_userid($username)
{
$sql = "SELECT user_id FROM `users` WHERE `username`='".mres($username)."'";
$row = mysql_fetch_array(mysql_query($sql));
return $row['user_id'];
}
?>
Reference in New Issue View Git Blame Copy Permalink