librenms/html/includes/authentication/mysql.inc.php

<?php

function authenticate($username,$password)
{
  $encrypted_old = md5($password);
  $row = dbFetchRow("SELECT username,password FROM `users` WHERE `username`= ?", array($username));
  if ($row['username'] && $row['username'] == $username)
  {
    // Migrate from old, unhashed password
    if ($row['password'] == $encrypted_old)
    {
      $row_type = dbFetchRow("DESCRIBE users password");
      if ($row_type['Type'] == 'varchar(34)')
      {
        changepassword($username,$password);
      }
      return 1;
    }
    elseif(substr($row['password'],0,3) == '$1$')
    {
      $row_type = dbFetchRow("DESCRIBE users password");
      if ($row_type['Type'] == 'varchar(60)')
      {
        if ($row['password'] == crypt($password,$row['password']))
        {
          changepassword($username,$password);
        }
      }
    }
    $hasher = new PasswordHash(8, FALSE);
    if($hasher->CheckPassword($password, $row['password']))
    {
      return 1;
    }
  }
  return 0;
}

function reauthenticate($sess_id,$token)
{
  list($uname,$hash) = explode("|",$token);
  $session = dbFetchRow("SELECT * FROM `session` WHERE `session_username` = '$uname' AND session_value='$sess_id'");
  $hasher = new PasswordHash(8, FALSE);
  if($hasher->CheckPassword($uname.$session['session_token'],$hash))
  {
    $_SESSION['username'] = $uname;
    return 1;
  }
  else
  {
    return 0;
  }
}

function passwordscanchange($username = "")
{
  /*
   * By default allow the password to be modified, unless the existing
   * user is explicitly prohibited to do so.
   */

  if (empty($username) || !user_exists($username))
  {
    return 1;
  } else {
    return dbFetchCell("SELECT can_modify_passwd FROM users WHERE username = ?", array($username));
  }
}

/**
 * From: http://code.activestate.com/recipes/576894-generate-a-salt/
 * This function generates a password salt as a string of x (default = 15) characters
 * ranging from a-zA-Z0-9.
 * @param $max integer The number of characters in the string
 * @author AfroSoft <scripts@afrosoft.co.cc>
 */
function generateSalt($max = 15)
{
  $characterList = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
  $i = 0;
  $salt = "";
  do
  {
    $salt .= $characterList{mt_rand(0,strlen($characterList))};
    $i++;
  } while ($i <= $max);

  return $salt;
}

function changepassword($username,$password)
{
  $hasher = new PasswordHash(8, FALSE);
  $encrypted = $hasher->HashPassword($password);
  return dbUpdate(array('password' => $encrypted), 'users', '`username` = ?', array($username));
}

function auth_usermanagement()
{
  return 1;
}

function adduser($username, $password, $level, $email = "", $realname = "", $can_modify_passwd='1')
{
  if (!user_exists($username))
  {
    $hasher = new PasswordHash(8, FALSE);
    $encrypted = $hasher->HashPassword($password);
    return dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd), 'users');
  } else {
    return FALSE;
  }
}

function user_exists($username)
{
  return @dbFetchCell("SELECT COUNT(*) FROM users WHERE username = ?", array($username));
}

function get_userlevel($username)
{
  return dbFetchCell("SELECT `level` FROM `users` WHERE `username` = ?", array($username));
}

function get_userid($username)
{
  return dbFetchCell("SELECT `user_id` FROM `users` WHERE `username` = ?", array($username));
}

function deluser($username)
{

  dbDelete('bill_perms', "`user_name` =  ?", array($username));
  dbDelete('devices_perms', "`user_name` =  ?", array($username));
  dbDelete('ports_perms', "`user_name` =  ?", array($username));
  dbDelete('users_prefs', "`user_name` =  ?", array($username));
  dbDelete('users', "`user_name` =  ?", array($username));

  return dbDelete('users', "`username` =  ?", array($username));

}

function get_userlist()
{
  return dbFetchRows("SELECT * FROM `users`");
}

?>
auth modules! please test http-auth again, i haven't, but i think i got it right... git-svn-id: http://www.observium.org/svn/observer/trunk@973 61d68cd4-352d-0410-923a-c4978735b2b8 2010-02-28 13:04:07 +00:00			`<?php`

			`function authenticate($username,$password)`
			`{`
change from unsalted md5 to salted md5 passwords, migrating passwords as authentication succeeds git-svn-id: http://www.observium.org/svn/observer/trunk@1936 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-19 20:23:23 +00:00			`$encrypted_old = md5($password);`
fix some stuff, break some stuff (ports disaply is missing some stuff atm) git-svn-id: http://www.observium.org/svn/observer/trunk@2290 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-12 22:14:56 +00:00			$row = dbFetchRow("SELECT username,password FROM `users` WHERE `username`= ?", array($username));
just another cleanup commit, don't mind me... git-svn-id: http://www.observium.org/svn/observer/trunk@1885 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-16 18:28:52 +00:00			`if ($row['username'] && $row['username'] == $username)`
auth modules! please test http-auth again, i haven't, but i think i got it right... git-svn-id: http://www.observium.org/svn/observer/trunk@973 61d68cd4-352d-0410-923a-c4978735b2b8 2010-02-28 13:04:07 +00:00			`{`
change from unsalted md5 to salted md5 passwords, migrating passwords as authentication succeeds git-svn-id: http://www.observium.org/svn/observer/trunk@1936 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-19 20:23:23 +00:00			`// Migrate from old, unhashed password`
			`if ($row['password'] == $encrypted_old)`
			`{`
Updated mysql auth to use PHPass 2014-02-03 10:45:34 +00:00			`$row_type = dbFetchRow("DESCRIBE users password");`
			`if ($row_type['Type'] == 'varchar(34)')`
only update password to salted if database field is long enough git-svn-id: http://www.observium.org/svn/observer/trunk@1939 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-20 21:13:59 +00:00			`{`
			`changepassword($username,$password);`
			`}`
change from unsalted md5 to salted md5 passwords, migrating passwords as authentication succeeds git-svn-id: http://www.observium.org/svn/observer/trunk@1936 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-19 20:23:23 +00:00			`return 1;`
			`}`
Updated mysql auth to use PHPass 2014-02-03 10:45:34 +00:00			`elseif(substr($row['password'],0,3) == '$1$')`
			`{`
			`$row_type = dbFetchRow("DESCRIBE users password");`
			`if ($row_type['Type'] == 'varchar(60)')`
			`{`
			`if ($row['password'] == crypt($password,$row['password']))`
			`{`
			`changepassword($username,$password);`
			`}`
			`}`
			`}`
			`$hasher = new PasswordHash(8, FALSE);`
			`if($hasher->CheckPassword($password, $row['password']))`
change from unsalted md5 to salted md5 passwords, migrating passwords as authentication succeeds git-svn-id: http://www.observium.org/svn/observer/trunk@1936 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-19 20:23:23 +00:00			`{`
			`return 1;`
			`}`
auth modules! please test http-auth again, i haven't, but i think i got it right... git-svn-id: http://www.observium.org/svn/observer/trunk@973 61d68cd4-352d-0410-923a-c4978735b2b8 2010-02-28 13:04:07 +00:00			`}`
			`return 0;`
			`}`

Updated session / cookie support 2014-02-03 22:32:45 +00:00			`function reauthenticate($sess_id,$token)`
			`{`
			`list($uname,$hash) = explode("\|",$token);`
			$session = dbFetchRow("SELECT * FROM `session` WHERE `session_username` = '$uname' AND session_value='$sess_id'");
			`$hasher = new PasswordHash(8, FALSE);`
			`if($hasher->CheckPassword($uname.$session['session_token'],$hash))`
			`{`
			`$_SESSION['username'] = $uname;`
			`return 1;`
			`}`
			`else`
			`{`
			`return 0;`
			`}`
			`}`

fixes and cleanups git-svn-id: http://www.observium.org/svn/observer/trunk@3018 61d68cd4-352d-0410-923a-c4978735b2b8 2012-04-10 15:53:10 +00:00			`function passwordscanchange($username = "")`
change password option in the auth modules, not used in the webinterface yet git-svn-id: http://www.observium.org/svn/observer/trunk@990 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 00:00:05 +00:00			`{`
- Added support in MySQL auth to prohibit users from modifying their password. git-svn-id: http://www.observium.org/svn/observer/trunk@2252 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-05 14:54:12 +00:00			`/*`
			`* By default allow the password to be modified, unless the existing`
			`* user is explicitly prohibited to do so.`
			`*/`
kill a whole bunch of trailing spaces git-svn-id: http://www.observium.org/svn/observer/trunk@2516 61d68cd4-352d-0410-923a-c4978735b2b8 2011-09-20 09:55:11 +00:00
fix ldap auth plugin, broke a lot of userlevel stuff a long time ago due to mysql layer changes git-svn-id: http://www.observium.org/svn/observer/trunk@2482 61d68cd4-352d-0410-923a-c4978735b2b8 2011-09-16 10:08:05 +00:00			`if (empty($username) \|\| !user_exists($username))`
			`{`
- Added support in MySQL auth to prohibit users from modifying their password. git-svn-id: http://www.observium.org/svn/observer/trunk@2252 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-05 14:54:12 +00:00			`return 1;`
			`} else {`
fix some stuff, break some stuff (ports disaply is missing some stuff atm) git-svn-id: http://www.observium.org/svn/observer/trunk@2290 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-12 22:14:56 +00:00			`return dbFetchCell("SELECT can_modify_passwd FROM users WHERE username = ?", array($username));`
- Added support in MySQL auth to prohibit users from modifying their password. git-svn-id: http://www.observium.org/svn/observer/trunk@2252 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-05 14:54:12 +00:00			`}`
change password option in the auth modules, not used in the webinterface yet git-svn-id: http://www.observium.org/svn/observer/trunk@990 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 00:00:05 +00:00			`}`

change from unsalted md5 to salted md5 passwords, migrating passwords as authentication succeeds git-svn-id: http://www.observium.org/svn/observer/trunk@1936 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-19 20:23:23 +00:00			`/**`
			`* From: http://code.activestate.com/recipes/576894-generate-a-salt/`
			`* This function generates a password salt as a string of x (default = 15) characters`
			`* ranging from a-zA-Z0-9.`
			`* @param $max integer The number of characters in the string`
			`* @author AfroSoft <scripts@afrosoft.co.cc>`
			`*/`
			`function generateSalt($max = 15)`
			`{`
			`$characterList = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";`
			`$i = 0;`
			`$salt = "";`
			`do`
			`{`
			`$salt .= $characterList{mt_rand(0,strlen($characterList))};`
			`$i++;`
			`} while ($i <= $max);`

			`return $salt;`
			`}`

fix password change for mysql auth git-svn-id: http://www.observium.org/svn/observer/trunk@1232 61d68cd4-352d-0410-923a-c4978735b2b8 2010-06-21 15:39:43 +00:00			`function changepassword($username,$password)`
change password option in the auth modules, not used in the webinterface yet git-svn-id: http://www.observium.org/svn/observer/trunk@990 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 00:00:05 +00:00			`{`
Updated mysql auth to use PHPass 2014-02-03 10:45:34 +00:00			`$hasher = new PasswordHash(8, FALSE);`
			`$encrypted = $hasher->HashPassword($password);`
fix some stuff, break some stuff (ports disaply is missing some stuff atm) git-svn-id: http://www.observium.org/svn/observer/trunk@2290 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-12 22:14:56 +00:00			return dbUpdate(array('password' => $encrypted), 'users', '`username` = ?', array($username));
change password option in the auth modules, not used in the webinterface yet git-svn-id: http://www.observium.org/svn/observer/trunk@990 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 00:00:05 +00:00			`}`

MOAR AUTHMODULE, with some parts left to do... git-svn-id: http://www.observium.org/svn/observer/trunk@991 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 01:10:05 +00:00			`function auth_usermanagement()`
			`{`
			`return 1;`
			`}`
remove dead map.php code, rename some .inc to .inc.php files, general trailing space cleanup part 1, some reindent. No expected functionality change whatsoever ;) git-svn-id: http://www.observium.org/svn/observer/trunk@1824 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-12 08:50:47 +00:00
- Added support in MySQL auth to prohibit users from modifying their password. git-svn-id: http://www.observium.org/svn/observer/trunk@2252 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-05 14:54:12 +00:00			`function adduser($username, $password, $level, $email = "", $realname = "", $can_modify_passwd='1')`
MOAR AUTHMODULE, with some parts left to do... git-svn-id: http://www.observium.org/svn/observer/trunk@991 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 01:10:05 +00:00			`{`
check for existing user in adduser git-svn-id: http://www.observium.org/svn/observer/trunk@1930 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-18 16:56:02 +00:00			`if (!user_exists($username))`
			`{`
Updated mysql auth to use PHPass 2014-02-03 10:45:34 +00:00			`$hasher = new PasswordHash(8, FALSE);`
			`$encrypted = $hasher->HashPassword($password);`
fix some stuff, break some stuff (ports disaply is missing some stuff atm) git-svn-id: http://www.observium.org/svn/observer/trunk@2290 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-12 22:14:56 +00:00			`return dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd), 'users');`
			`} else {`
			`return FALSE;`
check for existing user in adduser git-svn-id: http://www.observium.org/svn/observer/trunk@1930 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-18 16:56:02 +00:00			`}`
MOAR AUTHMODULE, with some parts left to do... git-svn-id: http://www.observium.org/svn/observer/trunk@991 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 01:10:05 +00:00			`}`

			`function user_exists($username)`
			`{`
fixes git-svn-id: http://www.observium.org/svn/observer/trunk@2294 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-12 23:17:44 +00:00			`return @dbFetchCell("SELECT COUNT(*) FROM users WHERE username = ?", array($username));`
MOAR AUTHMODULE, with some parts left to do... git-svn-id: http://www.observium.org/svn/observer/trunk@991 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 01:10:05 +00:00			`}`
remove dead map.php code, rename some .inc to .inc.php files, general trailing space cleanup part 1, some reindent. No expected functionality change whatsoever ;) git-svn-id: http://www.observium.org/svn/observer/trunk@1824 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-12 08:50:47 +00:00
userlevel via authmodule git-svn-id: http://www.observium.org/svn/observer/trunk@992 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 01:15:52 +00:00			`function get_userlevel($username)`
			`{`
fixes git-svn-id: http://www.observium.org/svn/observer/trunk@2294 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-12 23:17:44 +00:00			return dbFetchCell("SELECT `level` FROM `users` WHERE `username` = ?", array($username));
userlevel via authmodule git-svn-id: http://www.observium.org/svn/observer/trunk@992 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 01:15:52 +00:00			`}`
remove dead map.php code, rename some .inc to .inc.php files, general trailing space cleanup part 1, some reindent. No expected functionality change whatsoever ;) git-svn-id: http://www.observium.org/svn/observer/trunk@1824 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-12 08:50:47 +00:00
more working less sucking git-svn-id: http://www.observium.org/svn/observer/trunk@994 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 01:22:09 +00:00			`function get_userid($username)`
			`{`
fixes git-svn-id: http://www.observium.org/svn/observer/trunk@2294 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-12 23:17:44 +00:00			return dbFetchCell("SELECT `user_id` FROM `users` WHERE `username` = ?", array($username));
more working less sucking git-svn-id: http://www.observium.org/svn/observer/trunk@994 61d68cd4-352d-0410-923a-c4978735b2b8 2010-03-06 01:22:09 +00:00			`}`
remove dead map.php code, rename some .inc to .inc.php files, general trailing space cleanup part 1, some reindent. No expected functionality change whatsoever ;) git-svn-id: http://www.observium.org/svn/observer/trunk@1824 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-12 08:50:47 +00:00
r1984: BIG BROTHER RELEASE // Move user deletion code into authentication module git-svn-id: http://www.observium.org/svn/observer/trunk@1984 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-28 10:48:43 +00:00			`function deluser($username)`
			`{`
fixes to auth and deleting users git-svn-id: http://www.observium.org/svn/observer/trunk@2372 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-26 21:35:25 +00:00
			dbDelete('bill_perms', "`user_name` = ?", array($username));
			dbDelete('devices_perms', "`user_name` = ?", array($username));
			dbDelete('ports_perms', "`user_name` = ?", array($username));
			dbDelete('users_prefs', "`user_name` = ?", array($username));
			dbDelete('users', "`user_name` = ?", array($username));

fix some stuff, break some stuff (ports disaply is missing some stuff atm) git-svn-id: http://www.observium.org/svn/observer/trunk@2290 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-12 22:14:56 +00:00			return dbDelete('users', "`username` = ?", array($username));
fixes to auth and deleting users git-svn-id: http://www.observium.org/svn/observer/trunk@2372 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-26 21:35:25 +00:00
r1984: BIG BROTHER RELEASE // Move user deletion code into authentication module git-svn-id: http://www.observium.org/svn/observer/trunk@1984 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-28 10:48:43 +00:00			`}`

add get_userlist function, pull from LDAP in case of LDAP backend -- now awaiting fix of edituser page git-svn-id: http://www.observium.org/svn/observer/trunk@2545 61d68cd4-352d-0410-923a-c4978735b2b8 2011-09-22 16:46:30 +00:00			`function get_userlist()`
			`{`
			return dbFetchRows("SELECT * FROM `users`");
			`}`
fixes git-svn-id: http://www.observium.org/svn/observer/trunk@2294 61d68cd4-352d-0410-923a-c4978735b2b8 2011-05-12 23:17:44 +00:00
fix password change for mysql auth git-svn-id: http://www.observium.org/svn/observer/trunk@1232 61d68cd4-352d-0410-923a-c4978735b2b8 2010-06-21 15:39:43 +00:00			`?>`