mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
librenms-librenms/html/includes/authentication/mysql.inc.php

166 lines
4.4 KiB
PHP
Raw Blame History

<?php
function authenticate($username,$password)
{
$encrypted_old = md5($password);
$row = dbFetchRow("SELECT username,password FROM `users` WHERE `username`= ?", array($username));
if ($row['username'] && $row['username'] == $username)
{
// Migrate from old, unhashed password
if ($row['password'] == $encrypted_old)
{
$row_type = dbFetchRow("DESCRIBE users password");
if ($row_type['Type'] == 'varchar(34)')
{
changepassword($username,$password);
}
return 1;
}
elseif(substr($row['password'],0,3) == '$1$')
{
$row_type = dbFetchRow("DESCRIBE users password");
if ($row_type['Type'] == 'varchar(60)')
{
if ($row['password'] == crypt($password,$row['password']))
{
changepassword($username,$password);
}
}
}
$hasher = new PasswordHash(8, FALSE);
if($hasher->CheckPassword($password, $row['password']))
{
return 1;
}
}
return 0;
}
function reauthenticate($sess_id,$token)
{
list($uname,$hash) = explode("|",$token);
$session = dbFetchRow("SELECT * FROM `session` WHERE `session_username` = '$uname' AND session_value='$sess_id'");
$hasher = new PasswordHash(8, FALSE);
if($hasher->CheckPassword($uname.$session['session_token'],$hash))
{
$_SESSION['username'] = $uname;
return 1;
}
else
{
return 0;
}
}
function passwordscanchange($username = "")
{
/*
* By default allow the password to be modified, unless the existing
* user is explicitly prohibited to do so.
*/
if (empty($username) || !user_exists($username))
{
return 1;
} else {
return dbFetchCell("SELECT can_modify_passwd FROM users WHERE username = ?", array($username));
}
}
/**
* From: http://code.activestate.com/recipes/576894-generate-a-salt/
* This function generates a password salt as a string of x (default = 15) characters
* ranging from a-zA-Z0-9.
* @param $max integer The number of characters in the string
* @author AfroSoft <scripts@afrosoft.co.cc>
*/
function generateSalt($max = 15)
{
$characterList = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$i = 0;
$salt = "";
do
{
$salt .= $characterList{mt_rand(0,strlen($characterList))};
$i++;
} while ($i <= $max);
return $salt;
}
function changepassword($username,$password)
{
$hasher = new PasswordHash(8, FALSE);
$encrypted = $hasher->HashPassword($password);
return dbUpdate(array('password' => $encrypted), 'users', '`username` = ?', array($username));
}
function auth_usermanagement()
{
return 1;
}
function adduser($username, $password, $level, $email = "", $realname = "", $can_modify_passwd=1, $description ="", $twofactor=0)
{
if (!user_exists($username))
{
$hasher = new PasswordHash(8, FALSE);
$encrypted = $hasher->HashPassword($password);
return dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'descr' => $description, 'twofactor' => $twofactor), 'users');
} else {
return FALSE;
}
}
function user_exists($username)
{
$return = @dbFetchCell("SELECT COUNT(*) FROM users WHERE username = ?", array($username));
return $return;
}
function get_userlevel($username)
{
return dbFetchCell("SELECT `level` FROM `users` WHERE `username` = ?", array($username));
}
function get_userid($username)
{
return dbFetchCell("SELECT `user_id` FROM `users` WHERE `username` = ?", array($username));
}
function deluser($username)
{
dbDelete('bill_perms', "`user_name` = ?", array($username));
dbDelete('devices_perms', "`user_name` = ?", array($username));
dbDelete('ports_perms', "`user_name` = ?", array($username));
dbDelete('users_prefs', "`user_name` = ?", array($username));
dbDelete('users', "`user_name` = ?", array($username));
return dbDelete('users', "`username` = ?", array($username));
}
function get_userlist()
{
return dbFetchRows("SELECT * FROM `users`");
}
function can_update_users()
{
# supported so return 1
return 1;
}
function get_user($user_id)
{
return dbFetchRow("SELECT * FROM `users` WHERE `user_id` = ?", array($user_id));
}
function update_user($user_id,$realname,$level,$can_modify_passwd,$email)
{
dbUpdate(array('realname' => $realname, 'level' => $level, 'can_modify_passwd' => $can_modify_passwd, 'email' => $email), 'users', '`user_id` = ?', array($user_id));
}
?>
Reference in New Issue View Git Blame Copy Permalink