Context Navigation

source: trunk/phpgwapi/inc/class.auth.inc.php @ 2

Revision 2, 9.2 KB checked in by niltonneto, 17 years ago (diff)
Removida todas as tags usadas pelo CVS ($Id, $Source). Primeira versão no CVS externo.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**************************************************************************\
3	* eGroupWare API - Password auth and crypt functions *
4	* This file written by Miles Lott <milos@groupwhere.org> *
5	* Copyright (C) 2004 Miles Lott *
6	* Many functions based on code from Frank Thomas <frank@thomas-alfeld.de> *
7	* which can be seen at http://www.thomas-alfeld.de/frank/ *
8	* Other functions from class.common.inc.php originally from phpGroupWare *
9	* ------------------------------------------------------------------------ *
10	* This library is free software; you can redistribute it and/or modify it *
11	* under the terms of the GNU Lesser General Public License as published by *
12	* the Free Software Foundation; either version 2.1 of the License, *
13	* or any later version. *
14	* This library is distributed in the hope that it will be useful, but *
15	* WITHOUT ANY WARRANTY; without even the implied warranty of *
16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
17	* See the GNU Lesser General Public License for more details. *
18	* You should have received a copy of the GNU Lesser General Public License *
19	* along with this library; if not, write to the Free Software Foundation, *
20	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
21	\**************************************************************************/
22
23
24	if(empty($GLOBALS['phpgw_info']['server']['auth_type']))
25	{
26	$GLOBALS['phpgw_info']['server']['auth_type'] = 'sql';
27	}
28	include(PHPGW_API_INC.'/class.auth_'.$GLOBALS['phpgw_info']['server']['auth_type'].'.inc.php');
29
30	class auth extends auth_
31	{
32	var $seeded = False;
33	var $error = '';
34
35	/*!
36	@function randomstring
37	@abstract return a random string of size $size
38	@param $size int-size of random string to return
39	*/
40	function randomstring($size)
41	{
42	$s = '';
43	$random_char = array(
44	'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f',
45	'g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v',
46	'w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L',
47	'M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'
48	);
49
50	if(!$this->seeded && phpversion() < '4.2.0')
51	{
52	list($usec, $sec) = explode(' ', microtime());
53	mt_srand((float)$sec + ((float)$usec * 100000));
54	$this->seeded = True;
55	}
56
57	for ($i=0; $i<$size; $i++)
58	{
59	$s .= $random_char[mt_rand(1,61)];
60	}
61	return $s;
62	}
63
64	/*!
65	@function encrypt_password
66	@abstract encrypt password
67	@abstract uses the encryption type set in setup and calls the appropriate encryption functions
68	@param $password password to encrypt
69	*/
70	function encrypt_password($password,$sql=False)
71	{
72	if($sql)
73	{
74	return $this->encrypt_sql($password);
75	}
76	return $this->encrypt_ldap($password);
77	}
78
79	/*!
80	@function encrypt_ldap
81	@abstract encrypt password for ldap
82	@abstract uses the encryption type set in setup and calls the appropriate encryption functions
83	@param $password password to encrypt
84	*/
85	function encrypt_ldap($password)
86	{
87	$type = strtolower($GLOBALS['phpgw_info']['server']['ldap_encryption_type']);
88	$salt = '';
89	switch($type)
90	{
91	case 'des':
92	$salt = $this->randomstring(2);
93	$_password = crypt($password, $salt);
94	$e_password = sprintf('%s%s', '{crypt}', $_password);
95	break;
96	case 'md5':
97	/* New method taken from the openldap-software list as recommended by
98	* Kervin L. Pierre" <kervin@blueprint-tech.com>
99	*/
100	$e_password = '{md5}' . base64_encode(pack("H*",md5($password)));
101	break;
102	case 'smd5':
103	if(!function_exists('mhash'))
104	{
105	return False;
106	}
107	$salt = $this->randomstring(8);
108	$hash = mhash(MHASH_MD5, $password . $salt);
109	$e_password = '{SMD5}' . base64_encode($hash . $salt);
110	break;
111	case 'sha':
112	if(!function_exists('mhash'))
113	{
114	return False;
115	}
116	$e_password = '{SHA}' . base64_encode(mhash(MHASH_SHA1, $password));
117	break;
118	case 'ssha':
119	if(!function_exists('mhash'))
120	{
121	return False;
122	}
123	$salt = $this->randomstring(8);
124	$hash = mhash(MHASH_SHA1, $password . $salt);
125	$e_password = '{SSHA}' . base64_encode($hash . $salt);
126	break;
127	default:
128	return False;
129	}
130	return $e_password;
131	}
132
133	/* Create a password for storage in the phpgw_accounts table */
134	function encrypt_sql($password)
135	{
136	/* Grab configured type, or default to md5() (old method) */
137	$type = @$GLOBALS['phpgw_info']['server']['sql_encryption_type']
138	? strtolower($GLOBALS['phpgw_info']['server']['sql_encryption_type'])
139	: 'md5';
140	switch($type)
141	{
142	case 'crypt':
143	if(@defined('CRYPT_STD_DES') && CRYPT_STD_DES == 1)
144	{
145	$salt = $this->randomstring(2);
146	return crypt($password,$salt);
147	}
148	$this->error = 'no std crypt';
149	break;
150	case 'blowfish_crypt':
151	if(@defined('CRYPT_BLOWFISH') && CRYPT_BLOWFISH == 1)
152	{
153	$salt = '$2$' . $this->randomstring(13);
154	return crypt($password,$salt);
155	}
156	$this->error = 'no blowfish crypt';
157	break;
158	case 'md5_crypt':
159	if(@defined('CRYPT_MD5') && CRYPT_MD5 == 1)
160	{
161	$salt = '$1$' . $this->randomstring(9);
162	return crypt($password,$salt);
163	}
164	$this->error = 'no md5 crypt';
165	break;
166	case 'ext_crypt':
167	if(@defined('CRYPT_EXT_DES') && CRYPT_EXT_DES == 1)
168	{
169	$salt = $this->randomstring(9);
170	return crypt($password,$salt);
171	}
172	$this->error = 'no ext crypt';
173	break;
174	case 'smd5':
175	if(!function_exists('mhash'))
176	{
177	return False;
178	}
179	$salt = $this->randomstring(8);
180	$hash = mhash(MHASH_MD5, $password . $salt);
181	return '{SMD5}' . base64_encode($hash . $salt);
182	case 'sha':
183	if(!function_exists('mhash'))
184	{
185	$this->error = 'no sha';
186	return False;
187	}
188	return '{SHA}' . base64_encode(mhash(MHASH_SHA1,$password));
189	case 'ssha':
190	if(!function_exists('mhash'))
191	{
192	$this->error = 'no ssha';
193	return False;
194	}
195	$salt = $this->randomstring(8);
196	$hash = mhash(MHASH_SHA1, $password . $salt);
197	return '{SSHA}' . base64_encode($hash . $salt);
198	case 'md5':
199	default:
200	/* This is the old standard for password storage in SQL */
201	return md5($password);
202	}
203	$this->error = $this->error ? $this->error : 'no valid encryption available';
204	return False;
205	}
206
207	/**
208	@function smd5_compare
209	@abstract compare SMD5-encrypted passwords for authentication
210	@param $form_val user input value for comparison
211	@param $db_val stored value (from database)
212	@return boolean True on successful comparison
213	*/
214	function smd5_compare($form_val,$db_val)
215	{
216	/* Start with the first char after {SMD5} */
217	$hash = base64_decode(substr($db_val,6));
218
219	/* SMD5 hashes are 16 bytes long */
220	$orig_hash = substr($hash, 0, 16);
221	$salt = substr($hash, 16);
222
223	$new_hash = mhash(MHASH_MD5,$form_val . $salt);
224	//echo '<br> DB: ' . base64_encode($orig_hash) . '<br>FORM: ' . base64_encode($new_hash);
225
226	if(strcmp($orig_hash,$new_hash) == 0)
227	{
228	return True;
229	}
230	return False;
231	}
232
233	/**
234	@function sha_compare
235	@abstract compare SHA-encrypted passwords for authentication
236	@param $form_val user input value for comparison
237	@param $db_val stored value (from database)
238	@return boolean True on successful comparison
239	*/
240	function sha_compare($form_val,$db_val)
241	{
242	/* Start with the first char after {SHA} */
243	$hash = base64_decode(substr($db_val,5));
244	$new_hash = mhash(MHASH_SHA1,$form_val);
245	//echo '<br> DB: ' . base64_encode($orig_hash) . '<br>FORM: ' . base64_encode($new_hash);
246
247	if(strcmp($hash,$new_hash) == 0)
248	{
249	return True;
250	}
251	return False;
252	}
253
254	/**
255	@function ssha_compare
256	@abstract compare SSHA-encrypted passwords for authentication
257	@param $form_val user input value for comparison
258	@param $db_val stored value (from database)
259	@return boolean True on successful comparison
260	*/
261	function ssha_compare($form_val,$db_val)
262	{
263	/* Start with the first char after {SSHA} */
264	$hash = base64_decode(substr($db_val, 6));
265
266	// SHA-1 hashes are 160 bits long
267	$orig_hash = substr($hash, 0, 20);
268	$salt = substr($hash, 20);
269	$new_hash = mhash(MHASH_SHA1, $form_val . $salt);
270
271	if(strcmp($orig_hash,$new_hash) == 0)
272	{
273	return True;
274	}
275	return False;
276	}
277
278	/**
279	@function crypt_compare
280	@abstract compare crypted passwords for authentication whether des,ext_des,md5, or blowfish crypt
281	@param $form_val user input value for comparison
282	@param $db_val stored value (from database)
283	@param $type crypt() type
284	@return boolean True on successful comparison
285	*/
286	function crypt_compare($form_val,$db_val,$type)
287	{
288	$saltlen = array(
289	'blowfish_crypt' => 16,
290	'md5_crypt' => 12,
291	'ext_crypt' => 9,
292	'crypt' => 2
293	);
294
295	// PHP's crypt(): salt + hash
296	// notice: "The encryption type is triggered by the salt argument."
297	$salt = substr($db_val, 0, (int)$saltlen[$type]);
298	$new_hash = crypt($form_val, $salt);
299
300	if(strcmp($db_val,$new_hash) == 0)
301	{
302	return True;
303	}
304	return False;
305	}
306	}
307	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: