moparisthebest/user_sql
1
0
Fork 0
mirror of https://github.com/moparisthebest/user_sql synced 2024-11-28 03:52:14 -05:00
Code Issues Releases Wiki Activity

Add support for Joomla 2.5.18+ encryption support using phpass

Browse Source
This commit is contained in:
Andreas Boehler 2014-11-18 21:48:59 +01:00
parent f5f34cbcac
commit b04e98170e
2 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
templates/settings.php
View File

@ -44,7 +44,7 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
<tr><td><label for="sql_column_password"><?php echo $l -> t('Password Column'); ?></label></td><td><input type="text" id="sql_column_password" name="sql_column_password" value="<?php echo $_['sql_column_password']; ?>" /></td></tr> <tr><td><label for="sql_column_password"><?php echo $l -> t('Password Column'); ?></label></td><td><input type="text" id="sql_column_password" name="sql_column_password" value="<?php echo $_['sql_column_password']; ?>" /></td></tr>
<tr><td><label for="sql_column_displayname"><?php echo $l -> t('Real Name Column'); ?></label></td><td><input type="text" id="sql_column_displayname" name="sql_column_displayname" value="<?php echo $_['sql_column_displayname']; ?>" /></td></tr> <tr><td><label for="sql_column_displayname"><?php echo $l -> t('Real Name Column'); ?></label></td><td><input type="text" id="sql_column_displayname" name="sql_column_displayname" value="<?php echo $_['sql_column_displayname']; ?>" /></td></tr>
<tr><td><label for="crypt_type"><?php echo $l -> t('Encryption Type'); ?></label></td> <tr><td><label for="crypt_type"><?php echo $l -> t('Encryption Type'); ?></label></td>
<?php $crypt_types = array('md5' => 'MD5', 'md5crypt' => 'MD5 Crypt', 'cleartext' => 'Cleartext', 'mysql_encrypt' => 'mySQL ENCRYPT()', 'system' => 'System (crypt)', 'mysql_password' => 'mySQL PASSWORD()', 'joomla' => 'Joomla MD5 Encryption'); ?> <?php $crypt_types = array('md5' => 'MD5', 'md5crypt' => 'MD5 Crypt', 'cleartext' => 'Cleartext', 'mysql_encrypt' => 'mySQL ENCRYPT()', 'system' => 'System (crypt)', 'mysql_password' => 'mySQL PASSWORD()', 'joomla' => 'Joomla MD5 Encryption', 'joomla2' => 'Joomla > 2.5.18 phpass'); ?>
<td><select id="crypt_type" name="crypt_type"> <td><select id="crypt_type" name="crypt_type">
<?php <?php
foreach ($crypt_types as $driver => $name): foreach ($crypt_types as $driver => $name):

27
user_sql.php
View File

@ -8,7 +8,7 @@
* *
* credits go to Ed W for several SQL injection fixes and caching support * credits go to Ed W for several SQL injection fixes and caching support
* credits go to Frédéric France for providing Joomla support * credits go to Frédéric France for providing Joomla support
* credits go to * credits go to Mark Jansenn for providing Joomla 2.5.18+ / 3.2.1+ support
* *
* This library is free software; you can redistribute it and/or * This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
@ -150,7 +150,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface
public function setPassword($uid, $password) public function setPassword($uid, $password)
{ {
// Update the user's password - this might affect other services, that // Update the user's password - this might affect other services, that
// user the same database, as well // use the same database, as well
OC_Log::write('OC_USER_SQL', "Entering setPassword for UID: $uid", OC_Log::DEBUG); OC_Log::write('OC_USER_SQL', "Entering setPassword for UID: $uid", OC_Log::DEBUG);
if(!$this -> db_conn) if(!$this -> db_conn)
{ {
@ -174,7 +174,14 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface
return false; return false;
} }
$old_password = $row[$this -> sql_column_password]; $old_password = $row[$this -> sql_column_password];
$enc_password = $this -> pacrypt($password, $old_password); if($this -> crypt_type == 'joomla2')
{
$hasher = new PasswordHash(10, true);
$enc_password = $hasher->HashPassword($password);
} else
{
$enc_password = $this -> pacrypt($password, $old_password);
}
$query = "UPDATE $this->sql_table SET $this->sql_column_password = :enc_password WHERE $this->sql_column_username = :uid"; $query = "UPDATE $this->sql_table SET $this->sql_column_password = :enc_password WHERE $this->sql_column_username = :uid";
OC_Log::write('OC_USER_SQL', "Preapring query: $query", OC_Log::DEBUG); OC_Log::write('OC_USER_SQL', "Preapring query: $query", OC_Log::DEBUG);
$result = $this -> db -> prepare($query); $result = $this -> db -> prepare($query);
@ -230,7 +237,17 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface
return false; return false;
} }
OC_Log::write('OC_USER_SQL', "Encrypting and checking password", OC_Log::DEBUG); OC_Log::write('OC_USER_SQL', "Encrypting and checking password", OC_Log::DEBUG);
if($this -> pacrypt($password, $row[$this -> sql_column_password]) == $row[$this -> sql_column_password]) // Joomla 2.5.18 switched to phPass, which doesn't play nice with the way
// we check passwords
if($this -> crypt_type == 'joomla2')
{
$hasher = new PasswordHash(10, true);
$ret = $hasher -> CheckPassword($password, $row[$this -> sql_column_password]);
} else
{
$ret = $this -> pacrypt($password, $row[$this -> sql_column_password]) == $row[$this -> sql_column_password];
}
if($ret)
{ {
OC_Log::write('OC_USER_SQL', "Passwords matching, return true", OC_Log::DEBUG); OC_Log::write('OC_USER_SQL', "Passwords matching, return true", OC_Log::DEBUG);
if($this -> strip_domain) if($this -> strip_domain)
@ -262,7 +279,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface
return false; return false;
} }
$query = "SELECT $this->sql_column_username FROM $this->sql_table"; $query = "SELECT $this->sql_column_username FROM $this->sql_table";
$search = $this->doUserDomainMapping($search); $search = $this -> doUserDomainMapping($search);
if($search != '') if($search != '')
$query .= " WHERE $this->sql_column_username LIKE :search"; $query .= " WHERE $this->sql_column_username LIKE :search";
if($this -> sql_column_active != '') if($this -> sql_column_active != '')