7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Fixes super annoying password verification bug

Browse Source
This commit is contained in:
andre.peters
2018-01-19 11:52:59 +01:00
parent c38fad27e5
commit ea6c6a5e84
1 changed files with 3 additions and 1 deletions

4
data/web/inc/functions.inc.php

@@ -129,7 +129,9 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
} }
function verify_ssha256($hash, $password) { function verify_ssha256($hash, $password) {
// Remove tag if any // Remove tag if any
$hash = ltrim($hash, '{SSHA256}'); if (substr($hash, 0, strlen('{SSHA256}')) == '{SSHA256}') {
$hash = substr($hash, strlen('{SSHA256}'));
}
// Decode hash // Decode hash
$dhash = base64_decode($hash); $dhash = base64_decode($hash);
// Get first 32 bytes of binary which equals a SHA256 hash // Get first 32 bytes of binary which equals a SHA256 hash