let admin chose what password-hash-algorithm is to be used to crypt() passwords; fixes #852
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
@@ -38,9 +38,17 @@ return array(
|
|||||||
'default' => true,
|
'default' => true,
|
||||||
'save_method' => 'storeSettingField',
|
'save_method' => 'storeSettingField',
|
||||||
),
|
),
|
||||||
),
|
'system_passwordcryptfunc' => array(
|
||||||
),
|
'label' => $lng['serversettings']['passwordcryptfunc'],
|
||||||
),
|
'settinggroup' => 'system',
|
||||||
|
'varname' => 'passwordcryptfunc',
|
||||||
|
'type' => 'option',
|
||||||
|
'default' => 0,
|
||||||
|
'option_mode' => 'one',
|
||||||
|
'option_options' => array(0 => $lng['serversettings']['systemdefault'], 1 => 'MD5', 2 => 'BLOWFISH', 3 => 'SHA-256', 4 => 'SHA-512'),
|
||||||
|
'save_method' => 'storeSettingField',
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
?>
|
|
||||||
@@ -789,7 +789,7 @@ if($page == 'customers'
|
|||||||
}
|
}
|
||||||
|
|
||||||
inserttask('1');
|
inserttask('1');
|
||||||
$cryptPassword = makeCryptPassword($password ,1);
|
$cryptPassword = makeCryptPassword($password);
|
||||||
$result = $db->query("INSERT INTO `" . TABLE_FTP_USERS . "` " . "(`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', '" . $db->escape($cryptPassword) . "', '" . $db->escape($documentroot) . "', 'y', '" . (int)$guid . "', '" . (int)$guid . "')");
|
$result = $db->query("INSERT INTO `" . TABLE_FTP_USERS . "` " . "(`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', '" . $db->escape($cryptPassword) . "', '" . $db->escape($documentroot) . "', 'y', '" . (int)$guid . "', '" . (int)$guid . "')");
|
||||||
$result = $db->query("INSERT INTO `" . TABLE_FTP_GROUPS . "` " . "(`customerid`, `groupname`, `gid`, `members`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', '" . $db->escape($guid) . "', '" . $db->escape($loginname) . "')");
|
$result = $db->query("INSERT INTO `" . TABLE_FTP_GROUPS . "` " . "(`customerid`, `groupname`, `gid`, `members`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', '" . $db->escape($guid) . "', '" . $db->escape($loginname) . "')");
|
||||||
$result = $db->query("INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` (`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`) VALUES ('" . $db->escape($loginname) . "', 'user', '0', '0', '0', '0', '0', '0')");
|
$result = $db->query("INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` (`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`) VALUES ('" . $db->escape($loginname) . "', 'user', '0', '0', '0', '0', '0', '0')");
|
||||||
|
|||||||
@@ -458,7 +458,7 @@ elseif($page == 'accounts')
|
|||||||
$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
|
$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
|
||||||
}
|
}
|
||||||
|
|
||||||
$cryptPassword = makeCryptPassword($password, 1);
|
$cryptPassword = makeCryptPassword($password);
|
||||||
|
|
||||||
$email_user=substr($email_full,0,strrpos($email_full,"@"));
|
$email_user=substr($email_full,0,strrpos($email_full,"@"));
|
||||||
$email_domain=substr($email_full,strrpos($email_full,"@")+1);
|
$email_domain=substr($email_full,strrpos($email_full,"@")+1);
|
||||||
@@ -607,7 +607,7 @@ elseif($page == 'accounts')
|
|||||||
$password = validatePassword($password);
|
$password = validatePassword($password);
|
||||||
|
|
||||||
$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
|
$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
|
||||||
$cryptPassword = makeCryptPassword($password,1);
|
$cryptPassword = makeCryptPassword($password);
|
||||||
$result = $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET " . ($settings['system']['mailpwcleartext'] == '1' ? "`password` = '" . $db->escape($password) . "', " : '') . " `password_enc`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$result['popaccountid'] . "'");
|
$result = $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET " . ($settings['system']['mailpwcleartext'] == '1' ? "`password` = '" . $db->escape($password) . "', " : '') . " `password_enc`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$result['popaccountid'] . "'");
|
||||||
redirectTo($filename, Array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
|
redirectTo($filename, Array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -188,7 +188,7 @@ elseif($page == 'accounts')
|
|||||||
{
|
{
|
||||||
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
|
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
|
||||||
|
|
||||||
$cryptPassword = makeCryptPassword($password, 1);
|
$cryptPassword = makeCryptPassword($password);
|
||||||
$db->query("INSERT INTO `" . TABLE_FTP_USERS . "` (`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) VALUES ('" . (int)$userinfo['customerid'] . "', '" . $db->escape($username) . "', '" . $db->escape($cryptPassword) . "', '" . $db->escape($path) . "', 'y', '" . (int)$userinfo['guid'] . "', '" . (int)$userinfo['guid'] . "')");
|
$db->query("INSERT INTO `" . TABLE_FTP_USERS . "` (`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) VALUES ('" . (int)$userinfo['customerid'] . "', '" . $db->escape($username) . "', '" . $db->escape($cryptPassword) . "', '" . $db->escape($path) . "', 'y', '" . (int)$userinfo['guid'] . "', '" . (int)$userinfo['guid'] . "')");
|
||||||
$result = $db->query("SELECT `bytes_in_used` FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = '" . $userinfo['loginname'] . "'");
|
$result = $db->query("SELECT `bytes_in_used` FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = '" . $userinfo['loginname'] . "'");
|
||||||
while($row = $db->fetch_array($result))
|
while($row = $db->fetch_array($result))
|
||||||
@@ -312,7 +312,7 @@ elseif($page == 'accounts')
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
$log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'");
|
$log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'");
|
||||||
$cryptPassword = makeCryptPassword($password, 1);
|
$cryptPassword = makeCryptPassword($password);
|
||||||
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
|
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
|
||||||
|
|
||||||
// also update customers backup user password if password of main ftp user is changed
|
// also update customers backup user password if password of main ftp user is changed
|
||||||
|
|||||||
@@ -124,7 +124,7 @@ elseif($page == 'change_password')
|
|||||||
if(isset($_POST['change_main_ftp'])
|
if(isset($_POST['change_main_ftp'])
|
||||||
&& $_POST['change_main_ftp'] == 'true')
|
&& $_POST['change_main_ftp'] == 'true')
|
||||||
{
|
{
|
||||||
$cryptPassword = makeCryptPassword($new_password, 1);
|
$cryptPassword = makeCryptPassword($new_password);
|
||||||
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $db->escape($userinfo['loginname']) . "'");
|
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $db->escape($userinfo['loginname']) . "'");
|
||||||
$log->logAction(USR_ACTION, LOG_NOTICE, 'changed main ftp password');
|
$log->logAction(USR_ACTION, LOG_NOTICE, 'changed main ftp password');
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -510,6 +510,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
|
|||||||
('system', 'phpreload_command', ''),
|
('system', 'phpreload_command', ''),
|
||||||
('system', 'apache24', '0'),
|
('system', 'apache24', '0'),
|
||||||
('system', 'documentroot_use_default_value', '0'),
|
('system', 'documentroot_use_default_value', '0'),
|
||||||
|
('system', 'passwordcryptfunc', '1'),
|
||||||
('panel', 'decimal_places', '4'),
|
('panel', 'decimal_places', '4'),
|
||||||
('panel', 'adminmail', 'admin@SERVERNAME'),
|
('panel', 'adminmail', 'admin@SERVERNAME'),
|
||||||
('panel', 'phpmyadmin_url', ''),
|
('panel', 'phpmyadmin_url', ''),
|
||||||
|
|||||||
@@ -2062,5 +2062,7 @@ if(isFroxlorVersion('0.9.28.1')) {
|
|||||||
$db->query("INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('panel', 'phpconfigs_hidestdsubdomain', '".$hide_stdsubdomains."');");
|
$db->query("INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('panel', 'phpconfigs_hidestdsubdomain', '".$hide_stdsubdomains."');");
|
||||||
lastStepStatus(0);
|
lastStepStatus(0);
|
||||||
|
|
||||||
|
// don't advertise security questions - just set a default silently
|
||||||
|
$db->query("INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('system', 'passwordcryptfunc', '1');");
|
||||||
updateToVersion('0.9.29-dev1');
|
updateToVersion('0.9.29-dev1');
|
||||||
}
|
}
|
||||||
@@ -18,7 +18,6 @@
|
|||||||
/**
|
/**
|
||||||
* Make crypted password from clear text password
|
* Make crypted password from clear text password
|
||||||
* @param string Password to be crypted
|
* @param string Password to be crypted
|
||||||
* @param int Type of algorithm
|
|
||||||
* @return string encrypted password
|
* @return string encrypted password
|
||||||
*
|
*
|
||||||
* @author Michal Wojcik <m.wojcik@sonet3.pl>
|
* @author Michal Wojcik <m.wojcik@sonet3.pl>
|
||||||
@@ -30,10 +29,13 @@
|
|||||||
* 4 - SHA-512 $6$
|
* 4 - SHA-512 $6$
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function makeCryptPassword ($password, $type = 0)
|
function makeCryptPassword ($password) {
|
||||||
{
|
|
||||||
switch($type)
|
global $settings;
|
||||||
{
|
|
||||||
|
$type = isset($settings['system']['passwordcryptfunc']) ? (int)$settings['system']['passwordcryptfunc'] : 1;
|
||||||
|
|
||||||
|
switch ($type) {
|
||||||
case 0:
|
case 0:
|
||||||
$cryptPassword = crypt($password);
|
$cryptPassword = crypt($password);
|
||||||
break;
|
break;
|
||||||
@@ -53,6 +55,5 @@ function makeCryptPassword ($password, $type = 0)
|
|||||||
$cryptPassword = crypt($password);
|
$cryptPassword = crypt($password);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
return $cryptPassword;
|
||||||
return ($cryptPassword);
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1936,3 +1936,5 @@ $lng['admin']['domain_editable']['desc'] = 'If set to yes, the customer is allow
|
|||||||
// Added in Froxlor 0.9.29-dev1
|
// Added in Froxlor 0.9.29-dev1
|
||||||
$lng['serversettings']['panel_phpconfigs_hidestdsubdomain']['title'] = 'Hide standard-subdomains in PHP-configuration overview';
|
$lng['serversettings']['panel_phpconfigs_hidestdsubdomain']['title'] = 'Hide standard-subdomains in PHP-configuration overview';
|
||||||
$lng['serversettings']['panel_phpconfigs_hidestdsubdomain']['description'] = 'If activated the standard-subdomains for customers will not be displayed in the php-configurations overview<br /><br />Note: This is only visible if you have enabled FCGID or PHP-FPM';
|
$lng['serversettings']['panel_phpconfigs_hidestdsubdomain']['description'] = 'If activated the standard-subdomains for customers will not be displayed in the php-configurations overview<br /><br />Note: This is only visible if you have enabled FCGID or PHP-FPM';
|
||||||
|
$lng['serversettings']['passwordcryptfunc']['title'] = 'Chose which password-crypt method is to be used';
|
||||||
|
$lng['serversettings']['systemdefault'] = 'System default';
|
||||||
|
|||||||
@@ -1657,3 +1657,5 @@ $lng['admin']['domain_editable']['desc'] = 'Wenn ja, darf der Kunde verschiedene
|
|||||||
// Added in Froxlor 0.9.29-dev1
|
// Added in Froxlor 0.9.29-dev1
|
||||||
$lng['serversettings']['panel_phpconfigs_hidestdsubdomain']['title'] = 'Verstecke Standard-Subdomains in PHP-Konfigurations-Übersicht';
|
$lng['serversettings']['panel_phpconfigs_hidestdsubdomain']['title'] = 'Verstecke Standard-Subdomains in PHP-Konfigurations-Übersicht';
|
||||||
$lng['serversettings']['panel_phpconfigs_hidestdsubdomain']['description'] = 'Wenn aktiviert, werden die Standard-Subdomains der Kunden nicht mehr in der PHP-Konfigurations-Übersicht angezeigt.<br /><br />Hinweis: Nur relevant, wenn FCGID oder PHP-FPM aktiviert ist.';
|
$lng['serversettings']['panel_phpconfigs_hidestdsubdomain']['description'] = 'Wenn aktiviert, werden die Standard-Subdomains der Kunden nicht mehr in der PHP-Konfigurations-Übersicht angezeigt.<br /><br />Hinweis: Nur relevant, wenn FCGID oder PHP-FPM aktiviert ist.';
|
||||||
|
$lng['serversettings']['passwordcryptfunc']['title'] = 'Wähle zu verwendende Passwort-Verschlüsselungsmethode';
|
||||||
|
$lng['serversettings']['systemdefault'] = 'Systemstandard';
|
||||||
|
|||||||
Reference in New Issue
Block a user