CoreLibs/development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix login with new blowfish passwords

Browse Source
This commit is contained in:
Clemens Schwaighofer
2014-01-29 11:36:54 +09:00
parent 4591eab732
commit e7dd073c07
1 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
www/libs/Class.Login.inc
View File

@@ -2,8 +2,8 @@
/*********************************************************************
* $HeadURL: svn://svn/development/core_data/php/www/libs/Class.Login.inc $
* $LastChangedBy: gullevek $
* $LastChangedDate: 2014-01-23 15:09:57 +0900 (Thu, 23 Jan 2014) $
* $LastChangedRevision: 4838 $
* $LastChangedDate: 2014-01-29 11:36:52 +0900 (Wed, 29 Jan 2014) $
* $LastChangedRevision: 4849 $
*********************************************************************
* AUTHOR: Clemens "Gullevek" Schwaighofer (www.gullevek.org)
* CREATED: 2000/06/01
@@ -172,8 +172,8 @@
$this->class_info["login"] = array(
"class_name" => "Login",
"class_version" => "4.0.0",
"class_revision" => '$LastChangedRevision: 4838 $',
"class_last_changed" => '$LastChangedDate: 2014-01-23 15:09:57 +0900 (Thu, 23 Jan 2014) $',
"class_revision" => '$LastChangedRevision: 4849 $',
"class_last_changed" => '$LastChangedDate: 2014-01-29 11:36:52 +0900 (Wed, 29 Jan 2014) $',
"class_created" => "2000-06-01",
"class_author" => "cs/gullevek/at"
);
@@ -275,22 +275,22 @@
else
{
// check with what kind of prefix the password begins:
// $2a$: BLOWFISCH
// $2a$ or $2y$: BLOWFISCH
// $1$: MD5
// $ and one alphanumeric letter, 13 chars long, but nor $ at the end: STD_DESC
// if no $ => normal password
// NOW, if we have a password encoded, but not the correct encoder available, throw special error
if ((preg_match("/^\\$2a\\$/", $res['password']) && CRYPT_BLOWFISH != 1) || (preg_match("/^\\$1\\$/", $res['password']) && CRYPT_MD5 != 1) || (preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password']) && CRYPT_STD_DES != 1))
if ((preg_match("/^\\$2(a|y)\\$/", $res['password']) && CRYPT_BLOWFISH != 1) || (preg_match("/^\\$1\\$/", $res['password']) && CRYPT_MD5 != 1) || (preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password']) && CRYPT_STD_DES != 1))
{
$this->login_error = 9999; // this means password cannot be decrypted because of missing crypt methods
}
// check passwword as crypted, $2a$ is blowfish start, $1$ is MD5 start, $\w{12} is standard DES
elseif ((preg_match("/^\\$2a\\$/", $res['password']) || preg_match("/^\\$1\\$/", $res['password']) || preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password'])) && !$this->verifyCryptString($this->password, $res['password']))
// check passwword as crypted, $2a$ or $2y$ is blowfish start, $1$ is MD5 start, $\w{12} is standard DES
elseif ((preg_match("/^\\$2(a|y)\\$/", $res['password']) || preg_match("/^\\$1\\$/", $res['password']) || preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password'])) && !$this->verifyCryptString($this->password, $res['password']))
{
$this->login_error = 1011;
}
// check old plain password, non case sensitive
elseif (!preg_match("/^\\$2a\\$/", $res['password']) && !preg_match("/^\\$1\\$/", $res['password']) && !preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password']) && $res['password'] != $this->password)
elseif (!preg_match("/^\\$2(a|y)\\$/", $res['password']) && !preg_match("/^\\$1\\$/", $res['password']) && !preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password']) && $res['password'] != $this->password)
{
$this->login_error = 1012;
}
@@ -977,5 +977,5 @@ EOM;
} // close class
// $Id: Class.Login.inc 4838 2014-01-23 06:09:57Z gullevek $
// $Id: Class.Login.inc 4849 2014-01-29 02:36:52Z gullevek $
?>