7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Some last changes

Browse Source
This commit is contained in:
andryyy
2016-12-12 21:53:58 +01:00
parent 64d92e504a
commit 5e883b6f51
22 changed files with 84 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
data/web/inc/functions.inc.php
View File

@@ -1,12 +1,7 @@
<?php
function hash_password($password) {
$salt_str = bin2hex(openssl_random_pseudo_bytes(8));
if ($GLOBALS['HASHING'] == "SHA512-CRYPT") {
return "{SHA512-CRYPT}".crypt($password, '$6$'.$salt_str.'$');
}
else {
return "{SSHA256}".base64_encode(hash('sha256', $password.$salt_str, true).$salt_str);
}
return "{SSHA256}".base64_encode(hash('sha256', $password.$salt_str, true).$salt_str);
}
function hasDomainAccess($username, $role, $domain) {
global $pdo;
@@ -37,6 +32,23 @@ function hasDomainAccess($username, $role, $domain) {
}
return false;
}
function verify_ssha256($password, $hash) {
// Remove tag if any
$hash = ltrim($hash, '{SSHA256}');
// Decode hash
$dhash = base64_decode($hash);
// Get first 32 bytes of binary which equals a SHA256 hash
$ohash = substr($dhash, 0, 32);
// Remove SHA256 hash from decoded hash to get original salt string
$osalt = str_replace($ohash, '', $dhash);
// Check single salted SHA256 hash against extracted hash
if (hash('sha256', $password . $osalt, true) == $ohash) {
return true;
}
else {
return false;
}
}
function doveadm_authenticate($hash, $algorithm, $password) {
$descr = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w'));
$pipes = array();
@@ -76,7 +88,7 @@ function check_login($user, $pass) {
$stmt->execute(array(':user' => $user));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($rows as $row) {
if (doveadm_authenticate($row['password'], $GLOBALS['HASHING'], $pass) !== false) {
if (verify_ssha256($row['password'], $pass) !== false) {
unset($_SESSION['ldelay']);
return "admin";
}
@@ -88,7 +100,7 @@ function check_login($user, $pass) {
$stmt->execute(array(':user' => $user));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($rows as $row) {
if (doveadm_authenticate($row['password'], $GLOBALS['HASHING'], $pass) !== false) {
if (doveadm_authenticate($row['password'], $pass) !== false) {
unset($_SESSION['ldelay']);
return "domainadmin";
}
@@ -99,7 +111,7 @@ function check_login($user, $pass) {
$stmt->execute(array(':user' => $user));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($rows as $row) {
if (doveadm_authenticate($row['password'], $GLOBALS['HASHING'], $pass) !== false) {
if (doveadm_authenticate($row['password'], $pass) !== false) {
unset($_SESSION['ldelay']);
return "user";
}