Re: [Postfixadmin-devel] Owncloud Authenticate against postfixadmin database
Brought to you by:
christian_boltz,
gingerdog
From: Rudi F. <rud...@go...> - 2012-11-08 23:10:13
|
<?php /** * ownCloud * * @author Steffen Zieger * @copyright 2012 Steffen Zieger <me...@sa...> * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE * License as published by the Free Software Foundation; either * version 3 of the License, or any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Affero General Public * License along with this library. If not, see <http://www.gnu.org/licenses/>. * */ class OC_User_Postfixadmin extends OC_User_Backend { protected $postfixadmin_db_host; protected $postfixadmin_db_name; protected $postfixadmin_db_user; protected $postfixadmin_db_password; protected $db; protected $db_conn; function __construct() { $this->db_conn = false; $db_host = OC_Appconfig::getValue('user_postfixadmin', 'postfixadmin_db_host',''); $db_name = OC_Appconfig::getValue('user_postfixadmin', 'postfixadmin_db_name',''); $db_driver = OC_Appconfig::getValue('user_postfixadmin', 'postfixadmin_db_driver', 'mysql'); $db_user = OC_Appconfig::getValue('user_postfixadmin', 'postfixadmin_db_user',''); $db_password = OC_Appconfig::getValue('user_postfixadmin', 'postfixadmin_db_password',''); $dsn = "${db_driver}:host=${db_host};dbname=${db_name}"; try { $this->db = new PDO($dsn, $db_user, $db_password); $this->db_conn = true; } catch (PDOException $e) { OC_Log::write('OC_User_Postfixadmin', 'OC_User_Postfixadmin, Failed to connect to postfixadmin database: ' . $e->getMessage(), OC_Log::ERROR); } return false; } /** * @brief Set email address * @param $uid The username */ private function setEmail($uid) { if (!$this->db_conn) { return false; } $sql = 'SELECT username FROM mailbox WHERE username = :uid'; $sth = $this->db->prepare($sql); if ($sth->execute(array(':uid' => $uid))) { $row = $sth->fetch(); if ($row) { if (OC_Preferences::setValue($uid, 'settings', 'email', $row['mail'])) { return true; } } } return false; } /** * @brief Check if the password is correct * @param $uid The username * @param $password The password * @returns true/false */ public function checkPassword($uid, $password){ if (!$this->db_conn) { return false; } $pw = ""; $pw = OC_User_Postfixadmin::md5crypt ($password, ""); $sql = 'SELECT username FROM mailbox WHERE username = :uid'; $sql .= ' AND password = :password'; $sth = $this->db->prepare($sql); if ($sth->execute(array(':uid' => $uid, ':password' => $pw))) { $row = $sth->fetch(); if ($row) { $this->setEmail($uid); return $row['username']; } } return false; } /** * @brief Get a list of all users * @returns array with all uids * * Get a list of all users */ public function getUsers($search = '', $limit = null, $offset = null){ $users = array(); // we only know about logged in users if (isset($_SESSION['user_id']) AND $_SESSION['user_id'] ){ $users[] = $_SESSION['user_id']; } return $users; } /** * @brief check if a user exists * @param string $uid the username * @return boolean */ public function userExists($uid){ return(isset($_SESSION['user_id']) && $_SESSION['user_id'] == $uid); } // // md5crypt // Action: Creates MD5 encrypted password // Call: md5crypt (string cleartextpassword) // public function md5crypt ($pw, $salt="", $magic="") { $MAGIC = "$1$"; if ($magic == "") $magic = $MAGIC; if ($salt == "") $salt = create_salt (); $slist = explode ("$", $salt); if ($slist[0] == "1") $salt = $slist[1]; $salt = substr ($salt, 0, 8); $ctx = $pw . $magic . $salt; $final = hex2bin (md5 ($pw . $salt . $pw)); for ($i=strlen ($pw); $i>0; $i-=16) { if ($i > 16) { $ctx .= substr ($final,0,16); } else { $ctx .= substr ($final,0,$i); } } $i = strlen ($pw); while ($i > 0) { if ($i & 1) $ctx .= chr (0); else $ctx .= $pw[0]; $i = $i >> 1; } $final = hex2bin (md5 ($ctx)); for ($i=0;$i<1000;$i++) { $ctx1 = ""; if ($i & 1) { $ctx1 .= $pw; } else { $ctx1 .= substr ($final,0,16); } if ($i % 3) $ctx1 .= $salt; if ($i % 7) $ctx1 .= $pw; if ($i & 1) { $ctx1 .= substr ($final,0,16); } else { $ctx1 .= $pw; } $final = hex2bin (md5 ($ctx1)); } $passwd = ""; $passwd .= to64 (((ord ($final[0]) << 16) | (ord ($final[6]) << 8) | (ord ($final[12]))), 4); $passwd .= to64 (((ord ($final[1]) << 16) | (ord ($final[7]) << 8) | (ord ($final[13]))), 4); $passwd .= to64 (((ord ($final[2]) << 16) | (ord ($final[8]) << 8) | (ord ($final[14]))), 4); $passwd .= to64 (((ord ($final[3]) << 16) | (ord ($final[9]) << 8) | (ord ($final[15]))), 4); $passwd .= to64 (((ord ($final[4]) << 16) | (ord ($final[10]) << 8) | (ord ($final[5]))), 4); $passwd .= to64 (ord ($final[11]), 2); return "$magic$salt\$$passwd"; } } /**/ if (!function_exists('hex2bin')) { # PHP around 5.3.8 includes hex2bin as native function - http://php.net/hex2bin function hex2bin ($str) { $len = strlen ($str); $nstr = ""; for ($i=0;$i<$len;$i+=2) { $num = sscanf (substr ($str,$i,2), "%x"); $nstr.=chr ($num[0]); } return $nstr; } /**/ } |