diff options
| author | andi <andi@splitbrain.org> | 2005-05-14 15:55:18 +0200 |
|---|---|---|
| committer | andi <andi@splitbrain.org> | 2005-05-14 15:55:18 +0200 |
| commit | d7be624595b8c52bc0e6c90d5286d787caaf1515 (patch) | |
| tree | 13132a620ec5da3ea3308137d8c1c8fa78b8d186 /inc/auth.php | |
| parent | 9fe6ae8c095ea218281f040b1eb8bd856de02f62 (diff) | |
| download | rpg-d7be624595b8c52bc0e6c90d5286d787caaf1515.tar.gz rpg-d7be624595b8c52bc0e6c90d5286d787caaf1515.tar.bz2 | |
Support for MySQL hashed passwords added (old and new style)
darcs-hash:20050514135518-9977f-217e9b111e8d42389e114a530209dbd3fdab3c76.gz
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 36 |
1 files changed, 30 insertions, 6 deletions
diff --git a/inc/auth.php b/inc/auth.php index 72fbd2c48..a948a544f 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -446,10 +446,13 @@ function isvalidemail($email){ * * The following methods are understood: * - * smd5 - Salted MD5 hashing - * md5 - Simple MD5 hashing - * sha1 - SHA1 hashing - * ssha - Salted SHA1 hashing + * smd5 - Salted MD5 hashing + * md5 - Simple MD5 hashing + * sha1 - SHA1 hashing + * ssha - Salted SHA1 hashing + * crypt - Unix crypt + * mysql - MySQL password (old method) + * my411 - MySQL 4.1.1 password * * @author Andreas Gohr <andi@splitbrain.org> * @return string The crypted password @@ -473,6 +476,22 @@ function auth_cryptPassword($clear,$method='',$salt=''){ return '{SSHA}'.base64_encode(pack("H*", sha1($clear.$salt)).$salt); case 'crypt': return crypt($clear,substr($salt,0,2)); + case 'mysql': + //from http://www.php.net/mysql comment by <soren at byu dot edu> + $nr=0x50305735; + $nr2=0x12345671; + $add=7; + $charArr = preg_split("//", $clear); + foreach ($charArr as $char) { + if (($char == '') || ($char == ' ') || ($char == '\t')) continue; + $charVal = ord($char); + $nr ^= ((($nr & 63) + $add) * $charVal) + ($nr << 8); + $nr2 += ($nr2 << 8) ^ $nr; + $add += $charVal; + } + return sprintf("%08x%08x", ($nr & 0x7fffffff), ($nr2 & 0x7fffffff)); + case 'my411': + return '*'.sha1(pack("H*", sha1($clear))); default: msg("Unsupported crypt method $method",-1); } @@ -493,16 +512,21 @@ function auth_verifyPassword($clear,$crypt){ $salt=''; //determine the used method and salt + $len = strlen($crypt); if(substr($crypt,0,3) == '$1$'){ $method = 'smd5'; $salt = substr($crypt,3,8); }elseif(substr($crypt,0,6) == '{SSHA}'){ $method = 'ssha'; $salt = substr(base64_decode(substr($crypt, 6)),20); - }elseif(strlen($crypt) == 32){ + }elseif($len == 32){ $method = 'md5'; - }elseif(strlen($crypt) == 40){ + }elseif($len == 40){ $method = 'sha1'; + }elseif($len == 16){ + $method = 'mysql'; + }elseif($len == 41 && $crypt[0] == '*'){ + $method = 'my411'; }else{ $method = 'crypt'; $salt = substr($crypt,0,2); |