diff options
Diffstat (limited to 'plugins/password/drivers')
-rw-r--r-- | plugins/password/drivers/sql.php | 39 |
1 files changed, 37 insertions, 2 deletions
diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php index 98e878a7d..9afaa65d8 100644 --- a/plugins/password/drivers/sql.php +++ b/plugins/password/drivers/sql.php @@ -5,7 +5,7 @@ * * Driver for passwords stored in SQL database * - * @version 1.1 + * @version 1.2 * @author Aleksander 'A.L.E.C' Machniak <alec@alec.pl> * */ @@ -34,6 +34,7 @@ function password_save($curpass, $passwd) if ($err = $db->is_error()) return PASSWORD_ERROR; + // crypted password if (strpos($sql, '%c') !== FALSE) { $salt = ''; if (CRYPT_MD5) { @@ -48,11 +49,45 @@ function password_save($curpass, $passwd) } $sql = str_replace('%c', $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql); } + + // hashed passwords + if (preg_match('/%[n|q]/', $sql)) { + + if (!extension_loaded('hash')) { + raise_error(array( + 'code' => 600, + 'type' => 'php', + 'file' => __FILE__, + 'message' => "Password plugin: 'hash' extension not loaded!" + ), true, false); + return PASSWORD_ERROR; + } + + if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm')))) + $hash_algo = 'sha1'; + + $hash_passwd = hash($hash_algo, $passwd); + $hash_curpass = hash($hash_algo, $curpass); + + if ($rcmail->config->get('password_hash_base64')) { + $hash_passwd = base64_encode(pack('H*', $hash_passwd)); + $hash_curpass = base64_encode(pack('H*', $hash_curpass)); + } + + $sql = str_replace('%n', $db->quote($hash_passwd, 'text'), $sql); + $sql = str_replace('%q', $db->quote($hash_curpass, 'text'), $sql); + } + $user_info = explode('@', $_SESSION['username']); + if (count($user_info) >= 2) { + $sql = str_replace('%l', $db->quote($user_info[0], 'text'), $sql); + $sql = str_replace('%d', $db->quote($user_info[0], 'text'), $sql); + } + $sql = str_replace('%u', $db->quote($_SESSION['username'],'text'), $sql); + $sql = str_replace('%h', $db->quote($_SESSION['imap_host'],'text'), $sql); $sql = str_replace('%p', $db->quote($passwd,'text'), $sql); $sql = str_replace('%o', $db->quote($curpass,'text'), $sql); - $sql = str_replace('%h', $db->quote($_SESSION['imap_host'],'text'), $sql); $res = $db->query($sql); |