mirror of
https://github.com/moparisthebest/user_sql
synced 2024-11-28 11:52:19 -05:00
Added more encryption types based on PostfixAdmin
This commit is contained in:
parent
fce8ab0e14
commit
5690862150
@ -20,7 +20,7 @@
|
|||||||
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
$params = array('sql_host', 'sql_user', 'sql_database', 'sql_password', 'sql_table', 'sql_column_username', 'sql_column_password', 'sql_type', 'sql_column_active', 'strip_domain', 'default_domain');
|
$params = array('sql_host', 'sql_user', 'sql_database', 'sql_password', 'sql_table', 'sql_column_username', 'sql_column_password', 'sql_type', 'sql_column_active', 'strip_domain', 'default_domain', 'crypt_type');
|
||||||
|
|
||||||
OCP\Util::addscript('user_sql', 'settings');
|
OCP\Util::addscript('user_sql', 'settings');
|
||||||
|
|
||||||
@ -56,5 +56,6 @@ $tmpl->assign( 'sql_type', OCP\Config::getAppValue( 'user_sql', 'sql_type', OC_U
|
|||||||
$tmpl->assign( 'sql_column_active', OCP\Config::getAppValue( 'user_sql', 'sql_column_active', ''));
|
$tmpl->assign( 'sql_column_active', OCP\Config::getAppValue( 'user_sql', 'sql_column_active', ''));
|
||||||
$tmpl->assign( 'strip_domain', OCP\Config::getAppValue( 'user_sql', 'strip_domain', 0));
|
$tmpl->assign( 'strip_domain', OCP\Config::getAppValue( 'user_sql', 'strip_domain', 0));
|
||||||
$tmpl->assign( 'default_domain', OCP\Config::getAppValue( 'user_sql', 'default_domain', ''));
|
$tmpl->assign( 'default_domain', OCP\Config::getAppValue( 'user_sql', 'default_domain', ''));
|
||||||
|
$tmpl->assign( 'crypt_type', OCP\Config::getAppValue( 'user_sql', 'crypt_type', 'mysql_encrypt'));
|
||||||
|
|
||||||
return $tmpl->fetchPage();
|
return $tmpl->fetchPage();
|
||||||
|
@ -23,6 +23,20 @@
|
|||||||
<p><label for="sql_table"><?php echo $l->t('Table');?></label><input type="text" id="sql_table" name="sql_table" value="<?php echo $_['sql_table']; ?>" /></p>
|
<p><label for="sql_table"><?php echo $l->t('Table');?></label><input type="text" id="sql_table" name="sql_table" value="<?php echo $_['sql_table']; ?>" /></p>
|
||||||
<p><label for="sql_column_username"><?php echo $l->t('Username Column');?></label><input type="text" id="sql_column_username" name="sql_column_username" value="<?php echo $_['sql_column_username']; ?>" /></p>
|
<p><label for="sql_column_username"><?php echo $l->t('Username Column');?></label><input type="text" id="sql_column_username" name="sql_column_username" value="<?php echo $_['sql_column_username']; ?>" /></p>
|
||||||
<p><label for="sql_column_password"><?php echo $l->t('Password Column');?></label><input type="text" id="sql_column_password" name="sql_column_password" value="<?php echo $_['sql_column_password']; ?>" /></p>
|
<p><label for="sql_column_password"><?php echo $l->t('Password Column');?></label><input type="text" id="sql_column_password" name="sql_column_password" value="<?php echo $_['sql_column_password']; ?>" /></p>
|
||||||
|
<p><label for="crypt_type"><?php echo $l->t('Encryption Type');?></label>
|
||||||
|
<?php $crypt_types = array('md5' => 'MD5', 'md5crypt' => 'MD5 Crypt', 'cleartext' => 'Cleartext', 'mysql_encrypt' => 'mySQL ENCRYPT()', 'system' => 'System');?>
|
||||||
|
<select id="crypt_type" name="crypt_type">
|
||||||
|
<?php
|
||||||
|
foreach ($crypt_types as $driver => $name):
|
||||||
|
echo $_['crypt_type'];
|
||||||
|
if($_['crypt_type'] == $driver): ?>
|
||||||
|
<option selected="selected" value="<?php echo $driver; ?>"><?php echo $name; ?></option>
|
||||||
|
<?php else: ?>
|
||||||
|
<option value="<?php echo $driver; ?>"><?php echo $name; ?></option>
|
||||||
|
<?php endif;
|
||||||
|
endforeach; ?>
|
||||||
|
</select>
|
||||||
|
</p>
|
||||||
<p><label for="sql_column_active"><?php echo $l->t('User Active Column');?></label><input type="text" id="sql_column_active" name="sql_column_active" value="<?php echo $_['sql_column_active']; ?>" /></p>
|
<p><label for="sql_column_active"><?php echo $l->t('User Active Column');?></label><input type="text" id="sql_column_active" name="sql_column_active" value="<?php echo $_['sql_column_active']; ?>" /></p>
|
||||||
<p><label for="strip_domain"><?php echo $l->t('Strip Domain Part from Username');?></label><input type="checkbox" id="strip_domain" name="strip_domain" value="1"<?php if($_['strip_domain']) echo ' checked'; ?> title="Strip Domain Part from Username when logging in and retrieving username lists"></p>
|
<p><label for="strip_domain"><?php echo $l->t('Strip Domain Part from Username');?></label><input type="checkbox" id="strip_domain" name="strip_domain" value="1"<?php if($_['strip_domain']) echo ' checked'; ?> title="Strip Domain Part from Username when logging in and retrieving username lists"></p>
|
||||||
<p><label for="default_domain"><?php echo $l->t('Add default domain to Usernames');?></label><input type="text" id="default_domain" name="default_domain" value="<?php echo $_['default_domain']; ?>" /></p>
|
<p><label for="default_domain"><?php echo $l->t('Add default domain to Usernames');?></label><input type="text" id="default_domain" name="default_domain" value="<?php echo $_['default_domain']; ?>" /></p>
|
||||||
|
557
user_sql.php
557
user_sql.php
@ -23,212 +23,405 @@
|
|||||||
|
|
||||||
class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface {
|
class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface {
|
||||||
|
|
||||||
// cached settings
|
// cached settings
|
||||||
protected $sql_host;
|
protected $sql_host;
|
||||||
protected $sql_username;
|
protected $sql_username;
|
||||||
protected $sql_database;
|
protected $sql_database;
|
||||||
protected $sql_password;
|
protected $sql_password;
|
||||||
protected $sql_table;
|
protected $sql_table;
|
||||||
protected $sql_column_username;
|
protected $sql_column_username;
|
||||||
protected $sql_column_password;
|
protected $sql_column_password;
|
||||||
protected $sql_column_active;
|
protected $sql_column_active;
|
||||||
protected $sql_type;
|
protected $sql_type;
|
||||||
protected $db_conn;
|
protected $db_conn;
|
||||||
protected $db;
|
protected $db;
|
||||||
protected $default_domain;
|
protected $default_domain;
|
||||||
protected $strip_domain;
|
protected $strip_domain;
|
||||||
|
protected $crypt_type;
|
||||||
|
|
||||||
public function __construct()
|
public function __construct()
|
||||||
|
{
|
||||||
|
$this->db_conn = false;
|
||||||
|
$this->sql_host = OCP\Config::getAppValue('user_sql', 'sql_host', '');
|
||||||
|
$this->sql_username = OCP\Config::getAppValue('user_sql', 'sql_user', '');
|
||||||
|
$this->sql_database = OCP\Config::getAppValue('user_sql', 'sql_database', '');
|
||||||
|
$this->sql_password = OCP\Config::getAppValue('user_sql', 'sql_password', '');
|
||||||
|
$this->sql_table = OCP\Config::getAppValue('user_sql', 'sql_table', '');
|
||||||
|
$this->sql_column_username = OCP\Config::getAppValue('user_sql', 'sql_column_username', '');
|
||||||
|
$this->sql_column_password = OCP\Config::getAppValue('user_sql', 'sql_column_password', '');
|
||||||
|
$this->sql_column_active = OCP\Config::getAppValue('user_sql', 'sql_column_active', '');
|
||||||
|
$this->sql_type = OCP\Config::getAppValue('user_sql', 'sql_type', '');
|
||||||
|
$this->default_domain = OCP\Config::getAppValue('user_sql', 'default_domain', '');
|
||||||
|
$this->strip_domain = OCP\Config::getAppValue('user_sql', 'strip_domain', 0);
|
||||||
|
$this->crypt_type = OCP\Config::getAppValue('user_sql', 'crypt_type', 'md5crypt');
|
||||||
|
$dsn = $this->sql_type.":host=".$this->sql_host.";dbname=".$this->sql_database;
|
||||||
|
try
|
||||||
{
|
{
|
||||||
$this->db_conn = false;
|
$this->db = new PDO($dsn, $this->sql_username, $this->sql_password);
|
||||||
$this->sql_host = OCP\Config::getAppValue('user_sql', 'sql_host', '');
|
$this->db_conn = true;
|
||||||
$this->sql_username = OCP\Config::getAppValue('user_sql', 'sql_user', '');
|
|
||||||
$this->sql_database = OCP\Config::getAppValue('user_sql', 'sql_database', '');
|
|
||||||
$this->sql_password = OCP\Config::getAppValue('user_sql', 'sql_password', '');
|
|
||||||
$this->sql_table = OCP\Config::getAppValue('user_sql', 'sql_table', '');
|
|
||||||
$this->sql_column_username = OCP\Config::getAppValue('user_sql', 'sql_column_username', '');
|
|
||||||
$this->sql_column_password = OCP\Config::getAppValue('user_sql', 'sql_column_password', '');
|
|
||||||
$this->sql_column_active = OCP\Config::getAppValue('user_sql', 'sql_column_active', '');
|
|
||||||
$this->sql_type = OCP\Config::getAppValue('user_sql', 'sql_type', '');
|
|
||||||
$this->default_domain = OCP\Config::getAppValue('user_sql', 'default_domain', '');
|
|
||||||
$this->strip_domain = OCP\Config::getAppValue('user_sql', 'strip_domain', 0);
|
|
||||||
$dsn = $this->sql_type.":host=".$this->sql_host.";dbname=".$this->sql_database;
|
|
||||||
try
|
|
||||||
{
|
|
||||||
$this->db = new PDO($dsn, $this->sql_username, $this->sql_password);
|
|
||||||
$this->db_conn = true;
|
|
||||||
}
|
|
||||||
catch (PDOException $e)
|
|
||||||
{
|
|
||||||
OC_Log::write('OC_USER_SQL', 'OC_USER_SQL, Failed to connect to the database: ' . $e->getMessage(), OC_Log::ERROR);
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
catch (PDOException $e)
|
||||||
public function implementsAction($actions)
|
{
|
||||||
{
|
OC_Log::write('OC_USER_SQL', 'OC_USER_SQL, Failed to connect to the database: ' . $e->getMessage(), OC_Log::ERROR);
|
||||||
return (bool)((OC_USER_BACKEND_CHECK_PASSWORD) & $actions);
|
}
|
||||||
}
|
return false;
|
||||||
|
}
|
||||||
public function createUser() {
|
|
||||||
// Can't create user
|
public function implementsAction($actions)
|
||||||
OC_Log::write('OC_USER_SQL', 'Not possible to create local users from web frontend using SQL user backend', OC_Log::ERROR);
|
{
|
||||||
return false;
|
return (bool)((OC_USER_BACKEND_CHECK_PASSWORD) & $actions);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function deleteUser( $uid )
|
public function createUser() {
|
||||||
|
// Can't create user
|
||||||
|
OC_Log::write('OC_USER_SQL', 'Not possible to create local users from web frontend using SQL user backend', OC_Log::ERROR);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function deleteUser( $uid )
|
||||||
|
{
|
||||||
|
// Can't delete user
|
||||||
|
OC_Log::write('OC_USER_SQL', 'Not possible to delete local users from web frontend using SQL user backend', OC_Log::ERROR);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setPassword ( $uid, $password ) {
|
||||||
|
// Update the user's password - this might affect other services, that user the same database, as well
|
||||||
|
if(!$this->db_conn)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if($this->strip_domain)
|
||||||
|
{
|
||||||
|
$uid .= "@".$this->default_domain;
|
||||||
|
}
|
||||||
|
$query = "SELECT $this->sql_column_password FROM $this->sql_table WHERE $this->sql_column_username = '$uid'";
|
||||||
|
$result = $this->db->prepare($query);
|
||||||
|
if(!$result->execute())
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$row = $result->fetch();
|
||||||
|
if(!$row)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$old_password = $row[$this->sql_column_password];
|
||||||
|
$enc_password = pacrypt($password, $old_password);
|
||||||
|
$query = "UPDATE $this->sql_table SET $this->sql_column_password = '$enc_password' WHERE $this->sql_column_username = '$uid'";
|
||||||
|
$result = $this->db->prepare($query);
|
||||||
|
if(!$result->execute())
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Check if the password is correct
|
||||||
|
* @param $uid The username
|
||||||
|
* @param $password The password
|
||||||
|
* @returns true/false
|
||||||
|
*
|
||||||
|
* Check if the password is correct without logging in the user
|
||||||
|
*/
|
||||||
|
public function checkPassword($uid, $password)
|
||||||
|
{
|
||||||
|
if(!$this->db_conn)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$suid = $uid;
|
||||||
|
if($this->strip_domain)
|
||||||
|
{
|
||||||
|
$suid = $uid."@".$this->default_domain;
|
||||||
|
}
|
||||||
|
|
||||||
|
$query = "SELECT $this->sql_column_username, $this->sql_column_password FROM $this->sql_table WHERE $this->sql_column_username = '$suid'";
|
||||||
|
if($this->sql_column_active != '')
|
||||||
|
$query .= " AND $this->sql_column_active = 1";
|
||||||
|
$result = $this->db->prepare($query);
|
||||||
|
if(!$result->execute())
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$row = $result->fetch();
|
||||||
|
if(!$row)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if($this->pacrypt($password, $row[$this->sql_column_password]) == $row[$this->sql_column_password])
|
||||||
|
{
|
||||||
|
return $uid;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Get a list of all users
|
||||||
|
* @returns array with all uids
|
||||||
|
*
|
||||||
|
* Get a list of all users.
|
||||||
|
*/
|
||||||
|
|
||||||
|
public function getUsers($search = '', $limit = null, $offset = null)
|
||||||
|
{
|
||||||
|
$users = array();
|
||||||
|
if(!$this->db_conn)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$query = "SELECT $this->sql_column_username FROM $this->sql_table";
|
||||||
|
if($search != '')
|
||||||
|
$query .= " WHERE $this->sql_column_username LIKE '%$search%'";
|
||||||
|
if($this->sql_column_active != '')
|
||||||
|
{
|
||||||
|
if($search != '')
|
||||||
|
$query .= " AND";
|
||||||
|
else
|
||||||
|
$query .= " WHERE";
|
||||||
|
$query .= " $this->sql_column_active = 1";
|
||||||
|
}
|
||||||
|
if($limit != null)
|
||||||
|
$query .= " LIMIT $limit";
|
||||||
|
if($offset != null)
|
||||||
|
$query .= " OFFSET $offset";
|
||||||
|
$result = $this->db->prepare($query);
|
||||||
|
if(!$result->execute())
|
||||||
|
{
|
||||||
|
return array();
|
||||||
|
}
|
||||||
|
while($row = $result->fetch())
|
||||||
|
{
|
||||||
|
$uid = $row[$this->sql_column_username];
|
||||||
|
if($this->strip_domain)
|
||||||
|
{
|
||||||
|
$uid = explode("@", $uid);
|
||||||
|
$uid = $uid[0];
|
||||||
|
}
|
||||||
|
$users[] = $uid;
|
||||||
|
}
|
||||||
|
return $users;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief check if a user exists
|
||||||
|
* @param string $uid the username
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
|
||||||
|
public function userExists($uid)
|
||||||
|
{
|
||||||
|
if(!$this->db_conn)
|
||||||
{
|
{
|
||||||
// Can't delete user
|
|
||||||
OC_Log::write('OC_USER_SQL', 'Not possible to delete local users from web frontend using SQL user backend', OC_Log::ERROR);
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function setPassword ( $uid, $password ) {
|
if($this->strip_domain)
|
||||||
// Update the user's password - this might affect other services, that user the same database, as well
|
{
|
||||||
|
$uid .= "@".$this->default_domain;
|
||||||
|
}
|
||||||
|
|
||||||
|
$query = "SELECT $this->sql_column_username FROM $this->sql_table WHERE $this->sql_column_username = '$uid'";
|
||||||
|
if($this->sql_column_active != '')
|
||||||
|
$query .= " AND $this->sql_column_active = 1";
|
||||||
|
$result = $this->db->prepare($query);
|
||||||
|
if(!$result->execute())
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$row = $result->fetch();
|
||||||
|
if(!$row)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The following functions were directly taken from PostfixAdmin and just slightly modified
|
||||||
|
* to suit our needs.
|
||||||
|
* Encrypt a password, using the apparopriate hashing mechanism as defined in
|
||||||
|
* config.inc.php ($this->crypt_type).
|
||||||
|
* When wanting to compare one pw to another, it's necessary to provide the salt used - hence
|
||||||
|
* the second parameter ($pw_db), which is the existing hash from the DB.
|
||||||
|
*
|
||||||
|
* @param string $pw
|
||||||
|
* @param string $encrypted password
|
||||||
|
* @return string encrypted password.
|
||||||
|
*/
|
||||||
|
private function pacrypt ($pw, $pw_db="")
|
||||||
|
{
|
||||||
|
$pw = stripslashes($pw);
|
||||||
|
$password = "";
|
||||||
|
$salt = "";
|
||||||
|
|
||||||
|
if ($this->crypt_type == 'md5crypt') {
|
||||||
|
$split_salt = preg_split ('/\$/', $pw_db);
|
||||||
|
if (isset ($split_salt[2])) {
|
||||||
|
$salt = $split_salt[2];
|
||||||
|
}
|
||||||
|
$password = $this->md5crypt ($pw, $salt);
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif ($this->crypt_type == 'md5') {
|
||||||
|
$password = md5($pw);
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif ($this->crypt_type == 'system') {
|
||||||
|
if (preg_match("/\\$1\\$/", $pw_db)) {
|
||||||
|
$split_salt = preg_split ('/\$/', $pw_db);
|
||||||
|
$salt = "\$1\$${split_salt[2]}\$";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if (strlen($pw_db) == 0) {
|
||||||
|
$salt = substr (md5 (mt_rand ()), 0, 2);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$salt = substr ($pw_db, 0, 2);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$password = crypt ($pw, $salt);
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif ($this->crypt_type == 'cleartext') {
|
||||||
|
$password = $pw;
|
||||||
|
}
|
||||||
|
|
||||||
|
// See https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1793352&group_id=191583
|
||||||
|
// this is apparently useful for pam_mysql etc.
|
||||||
|
elseif ($this->crypt_type == 'mysql_encrypt')
|
||||||
|
{
|
||||||
|
if ($pw_db!="") {
|
||||||
|
$salt=substr($pw_db,0,2);
|
||||||
|
$query = "SELECT ENCRYPT('".$pw."','".$salt."');";
|
||||||
|
} else {
|
||||||
|
$query = "SELECT ENCRYPT('".$pw."');";
|
||||||
|
}
|
||||||
|
|
||||||
if(!$this->db_conn)
|
if(!$this->db_conn)
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if($this->strip_domain)
|
|
||||||
{
|
|
||||||
$uid .= "@".$this->default_domain;
|
|
||||||
}
|
|
||||||
$query = "UPDATE $this->sql_table SET $this->sql_column_password = ENCRYPT('$password') WHERE $this->sql_column_username = '$uid'";
|
|
||||||
$result = $this->db->prepare($query);
|
$result = $this->db->prepare($query);
|
||||||
if(!$result->execute())
|
if(!$result->execute())
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Check if the password is correct
|
|
||||||
* @param $uid The username
|
|
||||||
* @param $password The password
|
|
||||||
* @returns true/false
|
|
||||||
*
|
|
||||||
* Check if the password is correct without logging in the user
|
|
||||||
*/
|
|
||||||
public function checkPassword($uid, $password)
|
|
||||||
{
|
|
||||||
if(!$this->db_conn)
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
$suid = $uid;
|
|
||||||
if($this->strip_domain)
|
|
||||||
{
|
|
||||||
$suid = $uid."@".$this->default_domain;
|
|
||||||
}
|
|
||||||
|
|
||||||
$query = "SELECT $this->sql_column_username, $this->sql_column_password FROM $this->sql_table WHERE $this->sql_column_username = '$suid'";
|
|
||||||
if($this->sql_column_active != '')
|
|
||||||
$query .= " AND $this->sql_column_active = 1";
|
|
||||||
$result = $this->db->prepare($query);
|
|
||||||
if(!$result->execute())
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
$row = $result->fetch();
|
|
||||||
if(!$row)
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
if(crypt($password, $row[$this->sql_column_password]) == $row[$this->sql_column_password])
|
|
||||||
{
|
|
||||||
return $uid;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Get a list of all users
|
|
||||||
* @returns array with all uids
|
|
||||||
*
|
|
||||||
* Get a list of all users.
|
|
||||||
*/
|
|
||||||
|
|
||||||
public function getUsers($search = '', $limit = null, $offset = null)
|
|
||||||
{
|
|
||||||
$users = array();
|
|
||||||
if(!$this->db_conn)
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
$query = "SELECT $this->sql_column_username FROM $this->sql_table";
|
|
||||||
if($search != '')
|
|
||||||
$query .= " WHERE $this->sql_column_username LIKE '%$search%'";
|
|
||||||
if($this->sql_column_active != '')
|
|
||||||
{
|
|
||||||
if($search != '')
|
|
||||||
$query .= " AND";
|
|
||||||
else
|
|
||||||
$query .= " WHERE";
|
|
||||||
$query .= " $this->sql_column_active = 1";
|
|
||||||
}
|
|
||||||
if($limit != null)
|
|
||||||
$query .= " LIMIT $limit";
|
|
||||||
if($offset != null)
|
|
||||||
$query .= " OFFSET $offset";
|
|
||||||
$result = $this->db->prepare($query);
|
|
||||||
if(!$result->execute())
|
|
||||||
{
|
|
||||||
return array();
|
|
||||||
}
|
|
||||||
while($row = $result->fetch())
|
|
||||||
{
|
|
||||||
$uid = $row[$this->sql_column_username];
|
|
||||||
if($this->strip_domain)
|
|
||||||
{
|
|
||||||
$uid = explode("@", $uid);
|
|
||||||
$uid = $uid[0];
|
|
||||||
}
|
|
||||||
$users[] = $uid;
|
|
||||||
}
|
|
||||||
return $users;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief check if a user exists
|
|
||||||
* @param string $uid the username
|
|
||||||
* @return boolean
|
|
||||||
*/
|
|
||||||
|
|
||||||
public function userExists($uid)
|
|
||||||
{
|
|
||||||
if(!$this->db_conn)
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if($this->strip_domain)
|
|
||||||
{
|
|
||||||
$uid .= "@".$this->default_domain;
|
|
||||||
}
|
|
||||||
|
|
||||||
$query = "SELECT $this->sql_column_username FROM $this->sql_table WHERE $this->sql_column_username = '$uid'";
|
|
||||||
if($this->sql_column_active != '')
|
|
||||||
$query .= " AND $this->sql_column_active = 1";
|
|
||||||
$result = $this->db->prepare($query);
|
|
||||||
if(!$result->execute())
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
$row = $result->fetch();
|
$row = $result->fetch();
|
||||||
if(!$row)
|
if(!$row)
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
|
$password = $row[0];
|
||||||
|
}
|
||||||
|
|
||||||
|
else {
|
||||||
|
die ('unknown/invalid $CONF["encrypt"] setting: ' . $this->crypt_type);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $password;
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// md5crypt
|
||||||
|
// Action: Creates MD5 encrypted password
|
||||||
|
// Call: md5crypt (string cleartextpassword)
|
||||||
|
//
|
||||||
|
|
||||||
|
function md5crypt ($pw, $salt="", $magic="")
|
||||||
|
{
|
||||||
|
$MAGIC = "$1$";
|
||||||
|
|
||||||
|
if ($magic == "") $magic = $MAGIC;
|
||||||
|
if ($salt == "") $salt = $this->create_salt ();
|
||||||
|
$slist = explode ("$", $salt);
|
||||||
|
if ($slist[0] == "1") $salt = $slist[1];
|
||||||
|
|
||||||
|
$salt = substr ($salt, 0, 8);
|
||||||
|
$ctx = $pw . $magic . $salt;
|
||||||
|
$final = $this->hex2bin (md5 ($pw . $salt . $pw));
|
||||||
|
|
||||||
|
for ($i=strlen ($pw); $i>0; $i-=16)
|
||||||
|
{
|
||||||
|
if ($i > 16)
|
||||||
|
{
|
||||||
|
$ctx .= substr ($final,0,16);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
return true;
|
$ctx .= substr ($final,0,$i);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
$i = strlen ($pw);
|
||||||
|
|
||||||
}
|
while ($i > 0)
|
||||||
|
{
|
||||||
|
if ($i & 1) $ctx .= chr (0);
|
||||||
|
else $ctx .= $pw[0];
|
||||||
|
$i = $i >> 1;
|
||||||
|
}
|
||||||
|
$final = $this->hex2bin (md5 ($ctx));
|
||||||
|
|
||||||
|
for ($i=0;$i<1000;$i++)
|
||||||
|
{
|
||||||
|
$ctx1 = "";
|
||||||
|
if ($i & 1)
|
||||||
|
{
|
||||||
|
$ctx1 .= $pw;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$ctx1 .= substr ($final,0,16);
|
||||||
|
}
|
||||||
|
if ($i % 3) $ctx1 .= $salt;
|
||||||
|
if ($i % 7) $ctx1 .= $pw;
|
||||||
|
if ($i & 1)
|
||||||
|
{
|
||||||
|
$ctx1 .= substr ($final,0,16);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$ctx1 .= $pw;
|
||||||
|
}
|
||||||
|
$final = $this->hex2bin (md5 ($ctx1));
|
||||||
|
}
|
||||||
|
$passwd = "";
|
||||||
|
$passwd .= $this->to64 (((ord ($final[0]) << 16) | (ord ($final[6]) << 8) | (ord ($final[12]))), 4);
|
||||||
|
$passwd .= $this->to64 (((ord ($final[1]) << 16) | (ord ($final[7]) << 8) | (ord ($final[13]))), 4);
|
||||||
|
$passwd .= $this->to64 (((ord ($final[2]) << 16) | (ord ($final[8]) << 8) | (ord ($final[14]))), 4);
|
||||||
|
$passwd .= $this->to64 (((ord ($final[3]) << 16) | (ord ($final[9]) << 8) | (ord ($final[15]))), 4);
|
||||||
|
$passwd .= $this->to64 (((ord ($final[4]) << 16) | (ord ($final[10]) << 8) | (ord ($final[5]))), 4);
|
||||||
|
$passwd .= $this->to64 (ord ($final[11]), 2);
|
||||||
|
return "$magic$salt\$$passwd";
|
||||||
|
}
|
||||||
|
|
||||||
|
function create_salt ()
|
||||||
|
{
|
||||||
|
srand ((double) microtime ()*1000000);
|
||||||
|
$salt = substr (md5 (rand (0,9999999)), 0, 8);
|
||||||
|
return $salt;
|
||||||
|
}
|
||||||
|
|
||||||
|
function to64 ($v, $n)
|
||||||
|
{
|
||||||
|
$ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
|
||||||
|
$ret = "";
|
||||||
|
while (($n - 1) >= 0)
|
||||||
|
{
|
||||||
|
$n--;
|
||||||
|
$ret .= $ITOA64[$v & 0x3f];
|
||||||
|
$v = $v >> 6;
|
||||||
|
}
|
||||||
|
return $ret;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user