geos_one/go-mailzu
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Modifications to MailZu to allow MySQL CRYPT'd passwords for authentication

Browse Source 
by Robert Cooper (racooper -at- users.sourceforge.net) 04/05/2007
This commit is contained in:
Mario Fetka 2011-02-11 15:15:16 +01:00
parent e8d8d896ad
commit 18f71affd5
2 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/config.php.sample
View File

@ -237,6 +237,10 @@ $conf['auth']['dbTableMail'] = '';
// true = passwords are md5 encrypted in database // true = passwords are md5 encrypted in database
// false = passwords are cleartext in database // false = passwords are cleartext in database
$conf['auth']['dbIsMd5'] = true; $conf['auth']['dbIsMd5'] = true;
// Password hash is (or isn't) MySQL CRYPT()'d in database
// dbIsMd5 and dbIsCrypt are mutually exclusive. Only one
// can be 'true', but both could be 'false' for plaintext.
$conf['auth']['dbIsCrypt'] = false;
/*** Exchange 5.5 Authentication Settings ***/ /*** Exchange 5.5 Authentication Settings ***/

24
lib/DBAuth.class.php
View File

@ -90,6 +90,7 @@ class DBAuth {
$this->dbUser = $conf['auth']['dbUser']; $this->dbUser = $conf['auth']['dbUser'];
$this->dbPass = $conf['auth']['dbPass']; $this->dbPass = $conf['auth']['dbPass'];
$this->isMd5 = $conf['auth']['dbIsMd5']; $this->isMd5 = $conf['auth']['dbIsMd5'];
$this->isCrypt = $conf['auth']['dbIsCrypt'];
$this->dbTable = $conf['auth']['dbTable']; $this->dbTable = $conf['auth']['dbTable'];
$this->dbTableUsername = $conf['auth']['dbTableUsername']; $this->dbTableUsername = $conf['auth']['dbTableUsername'];
$this->dbTablePassword = $conf['auth']['dbTablePassword']; $this->dbTablePassword = $conf['auth']['dbTablePassword'];
@ -148,6 +149,9 @@ class DBAuth {
if ( $this->isMd5 ) if ( $this->isMd5 )
$password = md5( $password ); $password = md5( $password );
if ( $this->isCrypt )
$password = $this->mysql_crypt( $password );
$query = "SELECT $this->dbTableUsername, $this->dbTableMail" $query = "SELECT $this->dbTableUsername, $this->dbTableMail"
. (! empty($this->dbTableName) ? ", $this->dbTableName" : '') . (! empty($this->dbTableName) ? ", $this->dbTableName" : '')
. " FROM $this->dbTable" . " FROM $this->dbTable"
@ -232,6 +236,26 @@ class DBAuth {
); );
return $return; return $return;
} }
//mysql_crypt - shamelessly stolen from php.net docs
function mysql_crypt($passStr) {
$nr=0x50305735;
$nr2=0x12345671;
$add=7;
$charArr = preg_split("//", $passStr);
foreach ($charArr as $char) {
if (($char == '') || ($char == ' ') || ($char == '\t')) continue;
$charVal = ord($char);
$nr ^= ((($nr & 63) + $add) * $charVal) + ($nr << 8);
$nr2 += ($nr2 << 8) ^ $nr;
$add += $charVal;
}
return sprintf("%08x%08x", ($nr & 0x7fffffff), ($nr2 & 0x7fffffff));
}
} }
?> ?>