[Bobs-cvs] CVS: bobs/inc class_admin.php,1.3,1.4 class_config.php,1.13,1.14 class_server.php,1.3,1.4 config.php.in,1.6,1.7

[Joe Z. <jz...@us...>]

Update of /cvsroot/bobs/bobs/inc
In directory sc8-pr-cvs1:/tmp/cvs-serv5001/bobs/inc

Modified Files:
	class_admin.php class_config.php class_server.php 
	config.php.in 
Log Message:
The admin password is now encrypted. There is a link at the bottom of the 
'servers' page to change the admin password.


Index: class_admin.php
===================================================================
RCS file: /cvsroot/bobs/bobs/inc/class_admin.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- class_admin.php	1 Sep 2002 02:24:01 -0000	1.3
+++ class_admin.php	8 May 2003 05:46:51 -0000	1.4
@@ -5,22 +5,82 @@
 
 class admin extends config {
 
+    var $admin_pwd;                 // Administrator password
     var $admin_ok       = 'no';     // no admin login accepted yet
 
 // ---------------------------------------------------------
+// config - class constructor
+// ---------------------------------------------------------
+function admin () {
+
+    parent::config();                                   // Execute config class constructor
+
+    // Get and store admin password
+
+    $pwdfile = ($this->get_datadir()) . '/admin.pwd';   // And the password file name is
+    if(! ($fp = fopen ($pwdfile, "r"))){                // Open it for writing.
+        return("Error opening $pwdfile");               // Aawww, couldn't open it.
+    }
+    $this->admin_pwd = rtrim(fgets($fp));               // Store pwd in class data
+    fclose($fp);
+}
+
+// ---------------------------------------------------------
 // check_admin
 // Used by: admin.php
 // ---------------------------------------------------------
 function check_admin ($password) {
 
     if ( $this->admin_ok != "yes" ) {
-        if ( $this->admin_pwd == $password ) {
+        if (crypt("$password", "$this->admin_pwd") == "$this->admin_pwd"){
             $this->admin_ok = "yes";
         }
     }
     return $this->admin_ok;
 }
 
-} // class end bracket
+// ---------------------------------------------------------------------------
+// chg_pwd
+// Desc:    Encrypts and stores password in config.php
+// Parms:   Current unencrypted password
+//          Unencrypted password
+//          and again
+// Returns: string - message if error, otherwise null string (false)
+// Used by: chgadminpwd.php
+// ---------------------------------------------------------------------------
+function chg_pwd ($curpass, $pass1, $pass2) {
+
+    // Verify the current password is correct
+
+    if (crypt("$curpass", "$this->admin_pwd") != "$this->admin_pwd"){
+        return("Current password is not correct.");
+    }
+    
+    // Verify pass1 and pass2 are equal
+
+    if ($pass1 != $pass2){
+        return("New passwords don't match.");
+    }
+    
+    // Encrypt the password
+    
+    $crypt_pass = crypt($pass1);
+    
+    // Store it in the database
+
+    $pwdfile = ($this->get_datadir()) . '/admin.pwd';    // And the password file name is
+    if(! ($fp = fopen ($pwdfile, "w"))){                // Open it for writing.
+        return("Error opening $pwdfile");               // Aawww, couldn't open it.
+    }
+    fwrite($fp, $crypt_pass);                           // Write the crypted password to it.
+    fclose($fp);
 
+    // and store it in the current session
+    
+    $this->admin_pwd = $crypt_pass;
+
+    return "";                                          // No error if we got here
+}
+
+} // class end bracket
 ?>

Index: class_config.php
===================================================================
RCS file: /cvsroot/bobs/bobs/inc/class_config.php,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- class_config.php	24 Apr 2003 06:15:59 -0000	1.13
+++ class_config.php	8 May 2003 05:46:51 -0000	1.14
@@ -5,7 +5,6 @@
 
 class config {
 
-    var $admin_pwd;                 // Administrator password
     var $sys_conf;                  // Configuration settings
     var $server_defs;               // Server field definitions    
     var $serverdir      = '';       // location of server configs
@@ -20,7 +19,6 @@
 
     // Store configuration data from config.php
     
-    $this->admin_pwd = $admin_pwd;
     $this->sys_conf = $sys_conf;
     $this->server_defs = $server_defs;
 

Index: class_server.php
===================================================================
RCS file: /cvsroot/bobs/bobs/inc/class_server.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- class_server.php	26 Apr 2003 22:39:43 -0000	1.3
+++ class_server.php	8 May 2003 05:46:51 -0000	1.4
@@ -226,7 +226,8 @@
                         break;
         case 'smb':     $mntcmd = 'smbmount "//' . $server_handle . '/' . $this->config['smb_share'] .
                              '" "' . $mountdir . '"  -o username=' . 
-                            $this->config['login'] . ',password=' . $this->config['password'];
+                            $this->config['login'] . ',password=' . $this->config['password'] .
+                            ' &>/dev/null';
                         break;
         case 'nfs':     $mntcmd = 'mount -t nfs ' . '"' . $server_handle . ':' . 
                             $this->config['nfs_share'] . '"  "' . $mountdir . '"';

Index: config.php.in
===================================================================
RCS file: /cvsroot/bobs/bobs/inc/config.php.in,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- config.php.in	24 Apr 2003 06:15:59 -0000	1.6
+++ config.php.in	8 May 2003 05:46:51 -0000	1.7
@@ -1,9 +1,6 @@
 <?php
 // @configure_input@
 
-// master password
-$admin_pwd = '@myPASS@';
-
 // define locations of various files
 
 // Base data directory