Merge pull request #32 from scarya/ticket852
Added support for encrypted passwords, refs #852
This commit is contained in:
Andreas Burchert
@@ -820,7 +820,8 @@ if($page == 'customers'
|
|||||||
}
|
}
|
||||||
|
|
||||||
inserttask('1');
|
inserttask('1');
|
||||||
$result = $db->query("INSERT INTO `" . TABLE_FTP_USERS . "` " . "(`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', ENCRYPT('" . $db->escape($password) . "'), '" . $db->escape($documentroot) . "', 'y', '" . (int)$guid . "', '" . (int)$guid . "')");
|
$cryptPassword = makeCryptPassword($db->escape($password),1);
|
||||||
|
$result = $db->query("INSERT INTO `" . TABLE_FTP_USERS . "` " . "(`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', '" . $db->escape($cryptPassword) . "', '" . $db->escape($documentroot) . "', 'y', '" . (int)$guid . "', '" . (int)$guid . "')");
|
||||||
$result = $db->query("INSERT INTO `" . TABLE_FTP_GROUPS . "` " . "(`customerid`, `groupname`, `gid`, `members`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', '" . $db->escape($guid) . "', '" . $db->escape($loginname) . "')");
|
$result = $db->query("INSERT INTO `" . TABLE_FTP_GROUPS . "` " . "(`customerid`, `groupname`, `gid`, `members`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', '" . $db->escape($guid) . "', '" . $db->escape($loginname) . "')");
|
||||||
$result = $db->query("INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` (`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`) VALUES ('" . $db->escape($loginname) . "', 'user', '0', '0', '0', '0', '0', '0')");
|
$result = $db->query("INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` (`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`) VALUES ('" . $db->escape($loginname) . "', 'user', '0', '0', '0', '0', '0', '0')");
|
||||||
$log->logAction(ADM_ACTION, LOG_NOTICE, "automatically added ftp-account for user '" . $loginname . "'");
|
$log->logAction(ADM_ACTION, LOG_NOTICE, "automatically added ftp-account for user '" . $loginname . "'");
|
||||||
|
|||||||
@@ -438,6 +438,9 @@ elseif($page == 'accounts')
|
|||||||
{
|
{
|
||||||
$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
|
$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$cryptPassword = makeCryptPassword($db->escape($password),1);
|
||||||
|
|
||||||
$email_user=substr($email_full,0,strrpos($email_full,"@"));
|
$email_user=substr($email_full,0,strrpos($email_full,"@"));
|
||||||
$email_domain=substr($email_full,strrpos($email_full,"@")+1);
|
$email_domain=substr($email_full,strrpos($email_full,"@")+1);
|
||||||
$maildirname=trim($settings['system']['vmail_maildirname']);
|
$maildirname=trim($settings['system']['vmail_maildirname']);
|
||||||
@@ -452,7 +455,7 @@ elseif($page == 'accounts')
|
|||||||
"'" . $db->escape($email_full) . "', ".
|
"'" . $db->escape($email_full) . "', ".
|
||||||
"'" . $db->escape($username) . "', " .
|
"'" . $db->escape($username) . "', " .
|
||||||
($settings['system']['mailpwcleartext'] == '1' ? "'" . $db->escape($password) . "', " : '') .
|
($settings['system']['mailpwcleartext'] == '1' ? "'" . $db->escape($password) . "', " : '') .
|
||||||
"ENCRYPT('" . $db->escape($password) . "'), ".
|
"'" . $db->escape($cryptPassword) . "', ".
|
||||||
"'" . $db->escape($settings['system']['vmail_homedir']) . "', '" . $db->escape($userinfo['loginname'] . '/' . $email_domain . "/" . $email_user . "/" . $maildirpath) . "', ".
|
"'" . $db->escape($settings['system']['vmail_homedir']) . "', '" . $db->escape($userinfo['loginname'] . '/' . $email_domain . "/" . $email_user . "/" . $maildirpath) . "', ".
|
||||||
"'" . (int)$settings['system']['vmail_uid'] . "', ".
|
"'" . (int)$settings['system']['vmail_uid'] . "', ".
|
||||||
"'" . (int)$settings['system']['vmail_gid'] . "', ".
|
"'" . (int)$settings['system']['vmail_gid'] . "', ".
|
||||||
@@ -461,6 +464,7 @@ elseif($page == 'accounts')
|
|||||||
"'" . (int)$quota . "', ".
|
"'" . (int)$quota . "', ".
|
||||||
"'" . (int)$userinfo['imap'] . "', ".
|
"'" . (int)$userinfo['imap'] . "', ".
|
||||||
"'" . (int)$userinfo['pop3'] . "')");
|
"'" . (int)$userinfo['pop3'] . "')");
|
||||||
|
|
||||||
$popaccountid = $db->insert_id();
|
$popaccountid = $db->insert_id();
|
||||||
$result['destination'].= ' ' . $email_full;
|
$result['destination'].= ' ' . $email_full;
|
||||||
$db->query("UPDATE `" . TABLE_MAIL_VIRTUAL . "` SET ".
|
$db->query("UPDATE `" . TABLE_MAIL_VIRTUAL . "` SET ".
|
||||||
@@ -584,7 +588,8 @@ elseif($page == 'accounts')
|
|||||||
$password = validatePassword($password);
|
$password = validatePassword($password);
|
||||||
|
|
||||||
$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
|
$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
|
||||||
$result = $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET " . ($settings['system']['mailpwcleartext'] == '1' ? "`password` = '" . $db->escape($password) . "', " : '') . " `password_enc`=ENCRYPT('" . $db->escape($password) . "') WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$result['popaccountid'] . "'");
|
$cryptPassword = makeCryptPassword($db->escape($password),1);
|
||||||
|
$result = $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET " . ($settings['system']['mailpwcleartext'] == '1' ? "`password` = '" . $db->escape($password) . "', " : '') . " `password_enc`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$result['popaccountid'] . "'");
|
||||||
redirectTo($filename, Array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
|
redirectTo($filename, Array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|||||||
@@ -187,8 +187,9 @@ elseif($page == 'accounts')
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
|
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
|
||||||
|
|
||||||
$db->query("INSERT INTO `" . TABLE_FTP_USERS . "` (`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) VALUES ('" . (int)$userinfo['customerid'] . "', '" . $db->escape($username) . "', ENCRYPT('" . $db->escape($password) . "'), '" . $db->escape($path) . "', 'y', '" . (int)$userinfo['guid'] . "', '" . (int)$userinfo['guid'] . "')");
|
$cryptPassword = makeCryptPassword($db->escape($password),1);
|
||||||
|
$db->query("INSERT INTO `" . TABLE_FTP_USERS . "` (`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) VALUES ('" . (int)$userinfo['customerid'] . "', '" . $db->escape($username) . "', '" . $db->escape($cryptPassword) . "', '" . $db->escape($path) . "', 'y', '" . (int)$userinfo['guid'] . "', '" . (int)$userinfo['guid'] . "')");
|
||||||
$result = $db->query("SELECT `bytes_in_used` FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = '" . $userinfo['loginname'] . "'");
|
$result = $db->query("SELECT `bytes_in_used` FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = '" . $userinfo['loginname'] . "'");
|
||||||
while($row = $db->fetch_array($result))
|
while($row = $db->fetch_array($result))
|
||||||
{
|
{
|
||||||
@@ -311,11 +312,12 @@ elseif($page == 'accounts')
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
$log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'");
|
$log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'");
|
||||||
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`=ENCRYPT('" . $db->escape($password) . "') WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
|
$cryptPassword = makeCryptPassword($db->escape($password),1);
|
||||||
|
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
|
||||||
|
|
||||||
// also update customers backup user password if password of main ftp user is changed
|
// also update customers backup user password if password of main ftp user is changed
|
||||||
if(!preg_match('/' . $settings['customer']['ftpprefix'] . '/', $result['username'])){
|
if(!preg_match('/' . $settings['customer']['ftpprefix'] . '/', $result['username'])){
|
||||||
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`=ENCRYPT('" . $db->escape($password) . "') WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $result['username'] . "_backup'");
|
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $result['username'] . "_backup'");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -124,7 +124,8 @@ elseif($page == 'change_password')
|
|||||||
if(isset($_POST['change_main_ftp'])
|
if(isset($_POST['change_main_ftp'])
|
||||||
&& $_POST['change_main_ftp'] == 'true')
|
&& $_POST['change_main_ftp'] == 'true')
|
||||||
{
|
{
|
||||||
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`=ENCRYPT('" . $db->escape($new_password) . "') WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $db->escape($userinfo['loginname']) . "'");
|
$cryptPassword = makeCryptPassword($db->escape($new_password),1);
|
||||||
|
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $db->escape($userinfo['loginname']) . "'");
|
||||||
$log->logAction(USR_ACTION, LOG_NOTICE, 'changed main ftp password');
|
$log->logAction(USR_ACTION, LOG_NOTICE, 'changed main ftp password');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ CREATE TABLE `ftp_users` (
|
|||||||
`username` varchar(255) NOT NULL default '',
|
`username` varchar(255) NOT NULL default '',
|
||||||
`uid` int(5) NOT NULL default '0',
|
`uid` int(5) NOT NULL default '0',
|
||||||
`gid` int(5) NOT NULL default '0',
|
`gid` int(5) NOT NULL default '0',
|
||||||
`password` varchar(20) NOT NULL default '',
|
`password` varchar(128) NOT NULL default '',
|
||||||
`homedir` varchar(255) NOT NULL default '',
|
`homedir` varchar(255) NOT NULL default '',
|
||||||
`shell` varchar(255) NOT NULL default '/bin/false',
|
`shell` varchar(255) NOT NULL default '/bin/false',
|
||||||
`login_enabled` enum('N','Y') NOT NULL default 'N',
|
`login_enabled` enum('N','Y') NOT NULL default 'N',
|
||||||
|
|||||||
@@ -1910,7 +1910,10 @@ if(isFroxlorVersion('0.9.28-svn1')) {
|
|||||||
if(isFroxlorVersion('0.9.28-svn2')) {
|
if(isFroxlorVersion('0.9.28-svn2')) {
|
||||||
showUpdateStep("Updating from 0.9.28-svn2 to 0.9.28-svn3");
|
showUpdateStep("Updating from 0.9.28-svn2 to 0.9.28-svn3");
|
||||||
lastStepStatus(0);
|
lastStepStatus(0);
|
||||||
|
|
||||||
|
// change lenght of passwd column
|
||||||
|
$db->query("ALTER TABLE `" . TABLE_FTP_USERS . "` MODIFY `password` varchar(128) NOT NULL default ''");
|
||||||
|
|
||||||
// Add default setting for vmail_maildirname if not already in place
|
// Add default setting for vmail_maildirname if not already in place
|
||||||
$handle = $db->query("SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' AND `varname` = 'vmail_maildirname';");
|
$handle = $db->query("SELECT `value` FROM `panel_settings` WHERE `settinggroup` = 'system' AND `varname` = 'vmail_maildirname';");
|
||||||
if ($db->num_rows($handle) < 1) {
|
if ($db->num_rows($handle) < 1) {
|
||||||
|
|||||||
58
lib/functions/system/function.makeCryptPassword.php
Normal file
58
lib/functions/system/function.makeCryptPassword.php
Normal file
@@ -0,0 +1,58 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This file is part of the Froxlor project.
|
||||||
|
* Copyright (c) 2010 the Froxlor Team (see authors).
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the COPYING
|
||||||
|
* file that was distributed with this source code. You can also view the
|
||||||
|
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
|
||||||
|
*
|
||||||
|
* @copyright (c) the authors
|
||||||
|
* @author Michal Wojcik <m.wojcik@sonet3.pl>
|
||||||
|
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
|
||||||
|
* @package Functions
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Make crypted password from clear text password
|
||||||
|
* @param string Password to be crypted
|
||||||
|
* @param int Type of algorithm
|
||||||
|
* @return string encrypted password
|
||||||
|
*
|
||||||
|
* @author Michal Wojcik <m.wojcik@sonet3.pl>
|
||||||
|
*
|
||||||
|
* 0 - default crypt (depenend on system configuration)
|
||||||
|
* 1 - MD5 $1$
|
||||||
|
* 2 - BLOWFISH $2a$
|
||||||
|
* 3 - SHA-256 $5$
|
||||||
|
* 4 - SHA-512 $6$
|
||||||
|
*/
|
||||||
|
|
||||||
|
function makeCryptPassword ($password, $type = 0)
|
||||||
|
{
|
||||||
|
switch($type)
|
||||||
|
{
|
||||||
|
case 0:
|
||||||
|
$cryptPassword = crypt($password);
|
||||||
|
break;
|
||||||
|
case 1:
|
||||||
|
$cryptPassword = crypt($password, '$1$' . generatePassword(). generatePassword());
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
$cryptPassword = crypt($password, '$2a$' . generatePassword(). generatePassword());
|
||||||
|
break;
|
||||||
|
case 3:
|
||||||
|
$cryptPassword = crypt($password, '$5$' . generatePassword(). generatePassword());
|
||||||
|
break;
|
||||||
|
case 4:
|
||||||
|
$cryptPassword = crypt($password, '$6$' . generatePassword(). generatePassword());
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
$cryptPassword = crypt($password);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ($cryptPassword);
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user