Opened 15 years ago

Last modified 14 years ago

#127 new enhancement

[PATCH] Patches to add MySQL PASSWORD() encryption to auth.php

Reported by: rac-maia@… Owned by: rjl
Priority: normal Milestone:
Component: PHP scripts Version: 1.0.0 RC5
Severity: normal Keywords: mysql password() crypt
Cc:

Description

--- auth.old 2004-03-03 05:21:20.000000000 -0600
+++ auth.php 2004-12-21 23:23:15.000000000 -0600
@@ -78,7 +78,24 @@
     require_once ("mailtools.php");
     require_once ("db.php");

+//mysql_crypt - shamelessly stolen from php.net docs

+function mysql_crypt($passStr) {
+ $nr=0x50305735;
+ $nr2=0x12345671;
+ $add=7;
+ $charArr = preg_split("//", $passStr);
+
+ foreach ($charArr as $char) {
+ if (($char == '') || ($char == ' ') || ($char == '\t')) continue;
+ $charVal = ord($char);
+ $nr ^= ((($nr & 63) + $add) * $charVal) + ($nr << 8);
+ $nr2 += ($nr2 << 8) ^ $nr;
+ $add += $charVal;
+ }
+
+ return sprintf("%08x%08x", ($nr & 0x7fffffff), ($nr2 & 0x7fffffff));
+}
     /*
      * auth_pop3(): Authenticate against a POP3 server.
      */
@@ -237,7 +254,11 @@
                if (($dbpass == "**" . $pass) || (crypt($pass, $dbpass) == $dbpass)) {
                    return $email;
                }
- } else { // plaintext
+ } elseif ($auth_sql_password_type == "mysql") {
+ if (mysql_crypt($pass) == $dbpass) {
+ return $email;
+ }
+ } else { // plaintext
                 if ($dbpass == $pass) {
                    return $email;
                }
@@ -342,4 +363,4 @@

        return array($authenticated, $email);
     }
-?>
\ No newline at end of file
+?>

Change History (5)

comment:1 Changed 15 years ago by dmorton

Is this the right way to do it, or should it be done in an sql statement?

comment:2 Changed 15 years ago by rac-maia@…

Well, this does prevent one more DB access. I used a similar procedure in postfixadmin to add a MySQL auth method. It should be do-able either way with no problem, unless you want to limit the number DB queries.... Honestly, I didn't think of using an SQL statement here!

comment:3 Changed 14 years ago by dmorton

  • Summary changed from Patches to add MySQL PASSWORD() encryption to auth.php to [PATCH] Patches to add MySQL PASSWORD() encryption to auth.php

comment:4 Changed 14 years ago by rjl

  • patch set to 1
  • Summary changed from [PATCH] Patches to add MySQL PASSWORD() encryption to auth.php to Patches to add MySQL PASSWORD() encryption to auth.php

comment:5 Changed 14 years ago by rjl

  • Summary changed from Patches to add MySQL PASSWORD() encryption to auth.php to [PATCH] Patches to add MySQL PASSWORD() encryption to auth.php
Note: See TracTickets for help on using tickets.