Modifications to MailZu to allow MySQL CRYPT'd passwords for authentication

by Robert Cooper (racooper -at- users.sourceforge.net) 04/05/2007
2011-02-11 15:15:16 +01:00 · 2011-02-11 15:15:16 +01:00 · 18f71affd5
commit 18f71affd5
parent e8d8d896ad
2 changed files with 28 additions and 0 deletions
--- a/config/config.php.sample
+++ b/config/config.php.sample
@ -237,6 +237,10 @@ $conf['auth']['dbTableMail'] = '';
 // true   = passwords are md5 encrypted in database
 // false  = passwords are cleartext in database
 $conf['auth']['dbIsMd5'] = true;
+// Password hash is (or isn't) MySQL CRYPT()'d in database
+// dbIsMd5 and dbIsCrypt are mutually exclusive.  Only one
+// can be 'true', but both could be 'false' for plaintext.
+$conf['auth']['dbIsCrypt'] = false;


 /*** Exchange 5.5 Authentication Settings ***/
--- a/lib/DBAuth.class.php
+++ b/lib/DBAuth.class.php
@ -90,6 +90,7 @@ class DBAuth {
 		$this->dbUser = $conf['auth']['dbUser'];
 		$this->dbPass = $conf['auth']['dbPass'];
 		$this->isMd5 = $conf['auth']['dbIsMd5'];
+		$this->isCrypt = $conf['auth']['dbIsCrypt'];
 		$this->dbTable = $conf['auth']['dbTable'];
 		$this->dbTableUsername = $conf['auth']['dbTableUsername'];
 		$this->dbTablePassword = $conf['auth']['dbTablePassword'];
@ -148,6 +149,9 @@ class DBAuth {
 		if ( $this->isMd5 )
 			$password = md5( $password );

+		if ( $this->isCrypt )
+			$password = $this->mysql_crypt( $password );
+
 		$query = "SELECT $this->dbTableUsername, $this->dbTableMail"
 				. (! empty($this->dbTableName) ? ", $this->dbTableName" : '')
                                . " FROM $this->dbTable"
@ -232,6 +236,26 @@ class DBAuth {
        	);
        	return $return;
    	}
+//mysql_crypt - shamelessly stolen from php.net docs
+
+function mysql_crypt($passStr) {
+       $nr=0x50305735;
+       $nr2=0x12345671;
+       $add=7;
+       $charArr = preg_split("//", $passStr);
+
+       foreach ($charArr as $char) {
+               if (($char == '') || ($char == ' ') || ($char == '\t')) continue;
+               $charVal = ord($char);
+                 $nr ^= ((($nr & 63) + $add) * $charVal) + ($nr << 8);
+               $nr2 += ($nr2 << 8) ^ $nr;
+                 $add += $charVal;
+       }
+
+       return sprintf("%08x%08x", ($nr & 0x7fffffff), ($nr2 & 0x7fffffff));
+}
+
+

 }
 ?>