mirror of
https://github.com/Froxlor/Froxlor.git
synced 2024-09-21 10:27:29 +00:00
Added support for encrypted passwords, refs #852
Thanks to sardyna12 Signed-off-by: Andreas Burchert (scarya) <scarya@froxlor.org>
This commit is contained in:
parent
f0ba09dd93
commit
46e788f875
@ -820,7 +820,8 @@ if($page == 'customers'
|
||||
}
|
||||
|
||||
inserttask('1');
|
||||
$result = $db->query("INSERT INTO `" . TABLE_FTP_USERS . "` " . "(`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', ENCRYPT('" . $db->escape($password) . "'), '" . $db->escape($documentroot) . "', 'y', '" . (int)$guid . "', '" . (int)$guid . "')");
|
||||
$cryptPassword = makeCryptPassword($db->escape($password),1);
|
||||
$result = $db->query("INSERT INTO `" . TABLE_FTP_USERS . "` " . "(`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', '" . $db->escape($cryptPassword) . "', '" . $db->escape($documentroot) . "', 'y', '" . (int)$guid . "', '" . (int)$guid . "')");
|
||||
$result = $db->query("INSERT INTO `" . TABLE_FTP_GROUPS . "` " . "(`customerid`, `groupname`, `gid`, `members`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', '" . $db->escape($guid) . "', '" . $db->escape($loginname) . "')");
|
||||
$result = $db->query("INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` (`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`) VALUES ('" . $db->escape($loginname) . "', 'user', '0', '0', '0', '0', '0', '0')");
|
||||
$log->logAction(ADM_ACTION, LOG_NOTICE, "automatically added ftp-account for user '" . $loginname . "'");
|
||||
|
@ -439,7 +439,8 @@ elseif($page == 'accounts')
|
||||
$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
|
||||
}
|
||||
|
||||
$db->query("INSERT INTO `" . TABLE_MAIL_USERS . "` (`customerid`, `email`, `username`, " . ($settings['system']['mailpwcleartext'] == '1' ? '`password`, ' : '') . " `password_enc`, `homedir`, `maildir`, `uid`, `gid`, `domainid`, `postfix`, `quota`, `imap`, `pop3`) VALUES ('" . (int)$userinfo['customerid'] . "', '" . $db->escape($email_full) . "', '" . $db->escape($username) . "', " . ($settings['system']['mailpwcleartext'] == '1' ? "'" . $db->escape($password) . "'," : '') . " ENCRYPT('" . $db->escape($password) . "'), '" . $db->escape($settings['system']['vmail_homedir']) . "', '" . $db->escape($userinfo['loginname'] . '/' . $email_full . '/') . "', '" . (int)$settings['system']['vmail_uid'] . "', '" . (int)$settings['system']['vmail_gid'] . "', '" . (int)$result['domainid'] . "', 'y', '" . (int)$quota . "', '" . (int)$userinfo['imap'] . "', '" . (int)$userinfo['pop3'] . "')");
|
||||
$cryptPassword = makeCryptPassword($db->escape($password),1);
|
||||
$db->query("INSERT INTO `" . TABLE_MAIL_USERS . "` (`customerid`, `email`, `username`, " . ($settings['system']['mailpwcleartext'] == '1' ? '`password`, ' : '') . " `password_enc`, `homedir`, `maildir`, `uid`, `gid`, `domainid`, `postfix`, `quota`, `imap`, `pop3`) VALUES ('" . (int)$userinfo['customerid'] . "', '" . $db->escape($email_full) . "', '" . $db->escape($username) . "', " . ($settings['system']['mailpwcleartext'] == '1' ? "'" . $db->escape($password) . "'," : '') . " '" . $db->escape($cryptPassword) . "', '" . $db->escape($settings['system']['vmail_homedir']) . "', '" . $db->escape($userinfo['loginname'] . '/' . $email_full . '/') . "', '" . (int)$settings['system']['vmail_uid'] . "', '" . (int)$settings['system']['vmail_gid'] . "', '" . (int)$result['domainid'] . "', 'y', '" . (int)$quota . "', '" . (int)$userinfo['imap'] . "', '" . (int)$userinfo['pop3'] . "')");
|
||||
$popaccountid = $db->insert_id();
|
||||
$result['destination'].= ' ' . $email_full;
|
||||
$db->query("UPDATE `" . TABLE_MAIL_VIRTUAL . "` SET `destination` = '" . $db->escape(makeCorrectDestination($result['destination'])) . "', `popaccountid` = '" . (int)$popaccountid . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
|
||||
@ -557,7 +558,8 @@ elseif($page == 'accounts')
|
||||
$password = validatePassword($password);
|
||||
|
||||
$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
|
||||
$result = $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET " . ($settings['system']['mailpwcleartext'] == '1' ? "`password` = '" . $db->escape($password) . "', " : '') . " `password_enc`=ENCRYPT('" . $db->escape($password) . "') WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$result['popaccountid'] . "'");
|
||||
$cryptPassword = makeCryptPassword($db->escape($password),1);
|
||||
$result = $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET " . ($settings['system']['mailpwcleartext'] == '1' ? "`password` = '" . $db->escape($password) . "', " : '') . " `password_enc`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$result['popaccountid'] . "'");
|
||||
redirectTo($filename, Array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
|
||||
}
|
||||
else
|
||||
|
@ -187,8 +187,9 @@ elseif($page == 'accounts')
|
||||
else
|
||||
{
|
||||
$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
|
||||
|
||||
$db->query("INSERT INTO `" . TABLE_FTP_USERS . "` (`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) VALUES ('" . (int)$userinfo['customerid'] . "', '" . $db->escape($username) . "', ENCRYPT('" . $db->escape($password) . "'), '" . $db->escape($path) . "', 'y', '" . (int)$userinfo['guid'] . "', '" . (int)$userinfo['guid'] . "')");
|
||||
|
||||
$cryptPassword = makeCryptPassword($db->escape($password),1);
|
||||
$db->query("INSERT INTO `" . TABLE_FTP_USERS . "` (`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) VALUES ('" . (int)$userinfo['customerid'] . "', '" . $db->escape($username) . "', '" . $db->escape($cryptPassword) . "', '" . $db->escape($path) . "', 'y', '" . (int)$userinfo['guid'] . "', '" . (int)$userinfo['guid'] . "')");
|
||||
$result = $db->query("SELECT `bytes_in_used` FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = '" . $userinfo['loginname'] . "'");
|
||||
while($row = $db->fetch_array($result))
|
||||
{
|
||||
@ -311,11 +312,12 @@ elseif($page == 'accounts')
|
||||
else
|
||||
{
|
||||
$log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'");
|
||||
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`=ENCRYPT('" . $db->escape($password) . "') WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
|
||||
$cryptPassword = makeCryptPassword($db->escape($password),1);
|
||||
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
|
||||
|
||||
// also update customers backup user password if password of main ftp user is changed
|
||||
if(!preg_match('/' . $settings['customer']['ftpprefix'] . '/', $result['username'])){
|
||||
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`=ENCRYPT('" . $db->escape($password) . "') WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $result['username'] . "_backup'");
|
||||
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $result['username'] . "_backup'");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -124,7 +124,8 @@ elseif($page == 'change_password')
|
||||
if(isset($_POST['change_main_ftp'])
|
||||
&& $_POST['change_main_ftp'] == 'true')
|
||||
{
|
||||
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`=ENCRYPT('" . $db->escape($new_password) . "') WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $db->escape($userinfo['loginname']) . "'");
|
||||
$cryptPassword = makeCryptPassword($db->escape($new_password),1);
|
||||
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $db->escape($userinfo['loginname']) . "'");
|
||||
$log->logAction(USR_ACTION, LOG_NOTICE, 'changed main ftp password');
|
||||
}
|
||||
|
||||
|
@ -34,7 +34,7 @@ CREATE TABLE `ftp_users` (
|
||||
`username` varchar(255) NOT NULL default '',
|
||||
`uid` int(5) NOT NULL default '0',
|
||||
`gid` int(5) NOT NULL default '0',
|
||||
`password` varchar(20) NOT NULL default '',
|
||||
`password` varchar(128) NOT NULL default '',
|
||||
`homedir` varchar(255) NOT NULL default '',
|
||||
`shell` varchar(255) NOT NULL default '/bin/false',
|
||||
`login_enabled` enum('N','Y') NOT NULL default 'N',
|
||||
@ -469,7 +469,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('syste
|
||||
INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('system', 'bind_enable', '1');
|
||||
INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('system', 'bindconf_directory', '/etc/bind/');
|
||||
INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('system', 'bindreload_command', '/etc/init.d/bind9 reload');
|
||||
INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('panel', 'version', '0.9.28-svn2');
|
||||
INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('panel', 'version', '0.9.28-svn3');
|
||||
INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('system', 'hostname', 'SERVERNAME');
|
||||
INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('login', 'maxloginattempts', '3');
|
||||
INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('login', 'deactivatetime', '900');
|
||||
|
@ -1907,4 +1907,12 @@ if(isFroxlorVersion('0.9.28-svn1')) {
|
||||
updateToVersion('0.9.28-svn2');
|
||||
}
|
||||
|
||||
|
||||
if(isFroxlorVersion('0.9.28-svn2')) {
|
||||
showUpdateStep("Updating from 0.9.28-svn2 to 0.9.28-svn3");
|
||||
lastStepStatus(0);
|
||||
|
||||
// change lenght of passwd column
|
||||
$db->query("ALTER TABLE `" . TABLE_FTP_USERS . "` MODIFY `password` varchar(128) NOT NULL default ''");
|
||||
|
||||
updateToVersion('0.9.28-svn3');
|
||||
}
|
||||
|
58
lib/functions/system/function.makeCryptPassword.php
Normal file
58
lib/functions/system/function.makeCryptPassword.php
Normal file
@ -0,0 +1,58 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* This file is part of the Froxlor project.
|
||||
* Copyright (c) 2010 the Froxlor Team (see authors).
|
||||
*
|
||||
* For the full copyright and license information, please view the COPYING
|
||||
* file that was distributed with this source code. You can also view the
|
||||
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
|
||||
*
|
||||
* @copyright (c) the authors
|
||||
* @author Michal Wojcik <m.wojcik@sonet3.pl>
|
||||
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
|
||||
* @package Functions
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* Make crypted password from clear text password
|
||||
* @param string Password to be crypted
|
||||
* @param int Type of algorithm
|
||||
* @return string encrypted password
|
||||
*
|
||||
* @author Michal Wojcik <m.wojcik@sonet3.pl>
|
||||
*
|
||||
* 0 - default crypt (depenend on system configuration)
|
||||
* 1 - MD5 $1$
|
||||
* 2 - BLOWFISH $2a$
|
||||
* 3 - SHA-256 $5$
|
||||
* 4 - SHA-512 $6$
|
||||
*/
|
||||
|
||||
function makeCryptPassword ($password, $type = 0)
|
||||
{
|
||||
switch($type)
|
||||
{
|
||||
case 0:
|
||||
$cryptPassword = crypt($password);
|
||||
break;
|
||||
case 1:
|
||||
$cryptPassword = crypt($password, '$1$' . generatePassword(). generatePassword());
|
||||
break;
|
||||
case 2:
|
||||
$cryptPassword = crypt($password, '$2a$' . generatePassword(). generatePassword());
|
||||
break;
|
||||
case 3:
|
||||
$cryptPassword = crypt($password, '$5$' . generatePassword(). generatePassword());
|
||||
break;
|
||||
case 4:
|
||||
$cryptPassword = crypt($password, '$6$' . generatePassword(). generatePassword());
|
||||
break;
|
||||
default:
|
||||
$cryptPassword = crypt($password);
|
||||
break;
|
||||
}
|
||||
|
||||
return ($cryptPassword);
|
||||
}
|
Loading…
Reference in New Issue
Block a user