convert validate/check functions
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
@@ -7,6 +7,86 @@ use Froxlor\Database\Database;
|
||||
class Cronjob
|
||||
{
|
||||
|
||||
/**
|
||||
* Function checkLastGuid
|
||||
*
|
||||
* Checks if the system's last guid is not higher than the one saved
|
||||
* in froxlor's database. If it's higher, froxlor needs to
|
||||
* set its last guid to this one to avoid conflicts with libnss-users
|
||||
*
|
||||
* @return null
|
||||
*/
|
||||
public static function checkLastGuid()
|
||||
{
|
||||
$mylog = \Froxlor\FroxlorLogger::getInstanceOf();
|
||||
|
||||
$group_lines = array();
|
||||
$group_guids = array();
|
||||
$update_to_guid = 0;
|
||||
|
||||
$froxlor_guid = 0;
|
||||
$result_stmt = Database::query("SELECT MAX(`guid`) as `fguid` FROM `" . TABLE_PANEL_CUSTOMERS . "`");
|
||||
$result = $result_stmt->fetch(\PDO::FETCH_ASSOC);
|
||||
$froxlor_guid = $result['fguid'];
|
||||
|
||||
// possibly no customers yet or f*cked up lastguid settings
|
||||
if ($froxlor_guid < Settings::Get('system.lastguid')) {
|
||||
$froxlor_guid = Settings::Get('system.lastguid');
|
||||
}
|
||||
|
||||
$g_file = '/etc/group';
|
||||
|
||||
if (file_exists($g_file)) {
|
||||
if (is_readable($g_file)) {
|
||||
if (true == ($groups = file_get_contents($g_file))) {
|
||||
|
||||
$group_lines = explode("\n", $groups);
|
||||
|
||||
foreach ($group_lines as $group) {
|
||||
$group_guids[] = explode(":", $group);
|
||||
}
|
||||
|
||||
foreach ($group_guids as $group) {
|
||||
/**
|
||||
* nogroup | nobody have very high guids
|
||||
* ignore them
|
||||
*/
|
||||
if ($group[0] == 'nogroup' || $group[0] == 'nobody') {
|
||||
continue;
|
||||
}
|
||||
|
||||
$guid = isset($group[2]) ? (int) $group[2] : 0;
|
||||
|
||||
if ($guid > $update_to_guid) {
|
||||
$update_to_guid = $guid;
|
||||
}
|
||||
}
|
||||
|
||||
// if it's lower, then froxlor's highest guid is the last
|
||||
if ($update_to_guid < $froxlor_guid) {
|
||||
$update_to_guid = $froxlor_guid;
|
||||
} elseif ($update_to_guid == $froxlor_guid) {
|
||||
// if it's equal, that means we already have a collision
|
||||
// to ensure it won't happen again, increase the guid by one
|
||||
$update_to_guid = (int) $update_to_guid ++;
|
||||
}
|
||||
|
||||
// now check if it differs from our settings
|
||||
if ($update_to_guid != Settings::Get('system.lastguid')) {
|
||||
$mylog->logAction(CRON_ACTION, LOG_NOTICE, 'Updating froxlor last guid to ' . $update_to_guid);
|
||||
Settings::Set('system.lastguid', $update_to_guid);
|
||||
}
|
||||
} else {
|
||||
$mylog->logAction(CRON_ACTION, LOG_NOTICE, 'File /etc/group not readable; cannot check for latest guid');
|
||||
}
|
||||
} else {
|
||||
$mylog->logAction(CRON_ACTION, LOG_NOTICE, 'File /etc/group not readable; cannot check for latest guid');
|
||||
}
|
||||
} else {
|
||||
$mylog->logAction(CRON_ACTION, LOG_NOTICE, 'File /etc/group does not exist; cannot check for latest guid');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Inserts a task into the PANEL_TASKS-Table
|
||||
*
|
||||
|
||||
@@ -137,4 +137,151 @@ class Crypt
|
||||
|
||||
return $available_pwdhashes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Function validatePassword
|
||||
*
|
||||
* if password-min-length is set in settings
|
||||
* we check against the length, if not matched
|
||||
* an error message will be output and 'exit' is called
|
||||
*
|
||||
* @param string $password the password to validate
|
||||
*
|
||||
* @return string either the password or an errormessage+exit
|
||||
*/
|
||||
public static function validatePassword($password = null, $json_response = false) {
|
||||
|
||||
if (Settings::Get('panel.password_min_length') > 0) {
|
||||
$password = validate(
|
||||
$password,
|
||||
Settings::Get('panel.password_min_length'),
|
||||
'/^.{'.(int)Settings::Get('panel.password_min_length').',}$/D',
|
||||
'notrequiredpasswordlength',
|
||||
array(),
|
||||
$json_response
|
||||
);
|
||||
}
|
||||
|
||||
if (Settings::Get('panel.password_regex') != '') {
|
||||
$password = validate(
|
||||
$password,
|
||||
Settings::Get('panel.password_regex'),
|
||||
Settings::Get('panel.password_regex'),
|
||||
'notrequiredpasswordcomplexity',
|
||||
array(),
|
||||
$json_response
|
||||
);
|
||||
} else {
|
||||
if (Settings::Get('panel.password_alpha_lower')) {
|
||||
$password = validate(
|
||||
$password,
|
||||
'/.*[a-z]+.*/',
|
||||
'/.*[a-z]+.*/',
|
||||
'notrequiredpasswordcomplexity',
|
||||
array(),
|
||||
$json_response
|
||||
);
|
||||
}
|
||||
if (Settings::Get('panel.password_alpha_upper')) {
|
||||
$password = validate(
|
||||
$password,
|
||||
'/.*[A-Z]+.*/',
|
||||
'/.*[A-Z]+.*/',
|
||||
'notrequiredpasswordcomplexity',
|
||||
array(),
|
||||
$json_response
|
||||
);
|
||||
}
|
||||
if (Settings::Get('panel.password_numeric')) {
|
||||
$password = validate(
|
||||
$password,
|
||||
'/.*[0-9]+.*/',
|
||||
'/.*[0-9]+.*/',
|
||||
'notrequiredpasswordcomplexity',
|
||||
array(),
|
||||
$json_response
|
||||
);
|
||||
}
|
||||
if (Settings::Get('panel.password_special_char_required')) {
|
||||
$password = validate(
|
||||
$password,
|
||||
'/.*[' . preg_quote(Settings::Get('panel.password_special_char')) . ']+.*/',
|
||||
'/.*[' . preg_quote(Settings::Get('panel.password_special_char')) . ']+.*/',
|
||||
'notrequiredpasswordcomplexity',
|
||||
array(),
|
||||
$json_response
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
return $password;
|
||||
}
|
||||
|
||||
/**
|
||||
* Function validatePasswordLogin
|
||||
*
|
||||
* compare user password-hash with given user-password
|
||||
* and check if they are the same
|
||||
* additionally it updates the hash if the system settings changed
|
||||
* or if the very old md5() sum is used
|
||||
*
|
||||
* @param array $userinfo user-data from table
|
||||
* @param string $password the password to validate
|
||||
* @param string $table either panel_customers or panel_admins
|
||||
* @param string $uid user-id-field in $table
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
public static function validatePasswordLogin($userinfo = null, $password = null, $table = 'panel_customers', $uid = 'customerid') {
|
||||
|
||||
$systype = 3; // SHA256
|
||||
if (Settings::Get('system.passwordcryptfunc') !== null) {
|
||||
$systype = (int)Settings::Get('system.passwordcryptfunc');
|
||||
}
|
||||
|
||||
$pwd_hash = $userinfo['password'];
|
||||
|
||||
$update_hash = false;
|
||||
// check for good'ole md5
|
||||
if (strlen($pwd_hash) == 32 && ctype_xdigit($pwd_hash)) {
|
||||
$pwd_check = md5($password);
|
||||
$update_hash = true;
|
||||
} else {
|
||||
// cut out the salt from the hash
|
||||
$pwd_salt = str_replace(substr(strrchr($pwd_hash, "$"), 1), "", $pwd_hash);
|
||||
// create same hash to compare
|
||||
$pwd_check = crypt($password, $pwd_salt);
|
||||
// check whether the hash needs to be updated
|
||||
$hash_type_chk = substr($pwd_hash, 0, 3);
|
||||
if (($systype == 1 && $hash_type_chk != '$1$') || // MD5
|
||||
($systype == 2 && $hash_type_chk != '$2$') || // BLOWFISH
|
||||
($systype == 3 && $hash_type_chk != '$5$') || // SHA256
|
||||
($systype == 4 && $hash_type_chk != '$6$') // SHA512
|
||||
) {
|
||||
$update_hash = true;
|
||||
}
|
||||
}
|
||||
|
||||
if ($pwd_hash == $pwd_check) {
|
||||
|
||||
// check for update of hash (only if our database is ready to handle the bigger string)
|
||||
$is_ready = (version_compare2("0.9.33", \Froxlor\Froxlor::getVersion()) <= 0 ? true : false);
|
||||
if ($update_hash && $is_ready) {
|
||||
$upd_stmt = \Froxlor\Database\Database::prepare("
|
||||
UPDATE " . $table . " SET `password` = :newpasswd WHERE `" . $uid . "` = :uid
|
||||
");
|
||||
$params = array (
|
||||
'newpasswd' => self::makeCryptPassword($password),
|
||||
'uid' => $userinfo[$uid]
|
||||
);
|
||||
\Froxlor\Database\Database::pexecute($upd_stmt, $params);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user