* Support for password hashes using text, md5 and hash, fix #77.

2025-08-07 00:26:33 +02:00 · 2015-07-25 22:58:04 +02:00
parent aaf34fd0b5
commit 555c3f0185
6 changed files with 75 additions and 39 deletions
--- a/REVISION.md
+++ b/REVISION.md
@@ -8,6 +8,7 @@ Revision history
 v0.7.0.x (latest)
 -------------------------------------

+* Support for password hashes using `text`, `md5` and `hash`, fix #77.
 * Using `CWhitelist` for checking hotlinking to images, fix #88.
 * Added mode for `test` which enables logging verbose mode to file, fix #97.
 * Improved codestyle and added `phpcs.xml` to start using phpcs to check code style, fix #95.
--- a/webroot/img.php
+++ b/webroot/img.php
@@ -229,20 +229,27 @@ if ($defaultTimezone) {
 */
 $pwdConfig   = getConfig('password', false);
 $pwdAlways   = getConfig('password_always', false);
+$pwdType     = getConfig('password_type', 'text');
 $pwd         = get(array('password', 'pwd'), null);

 // Check if passwords match, if configured to use passwords
-$passwordMatch = null;
-if ($pwdAlways) {
-
+$passwordMatch = false;
+if ($pwd) {
+    switch($pwdType) {
+        case 'md5':
+            $passwordMatch = ($pwdConfig === md5($pwd));
+            break;
+        case 'hash':
+            $passwordMatch = password_verify($pwd, $pwdConfig);
+            break;
+        case 'text':
            $passwordMatch = ($pwdConfig === $pwd);
-    if (!$passwordMatch) {
-        errorPage("Password required and does not match or exists.");
+            break;
    }
+}

-} elseif ($pwdConfig && $pwd) {
-
-    $passwordMatch = ($pwdConfig === $pwd);
+if ($pwdAlways && $passwordMatch !== true) {
+    errorPage("Password required and does not match or exists.");
 }

 verbose("password match = $passwordMatch");
--- a/webroot/img_config.php
+++ b/webroot/img_config.php
@@ -51,12 +51,19 @@ return array(
    * Passwords are only used together with the options for remote download
    * and aliasing.
    *
+    * Create a passwords like this, depending on the type used:
+    *  text: 'my_password'
+    *  md5:  md5('my_password')
+    *  hash: password_hash('my_password', PASSWORD_DEFAULT)
+    *
    * Default values.
-    *  password:        false // as in do not use password
    *  password_always: false  // do not always require password,
+    *  password:        false  // as in do not use password
+    *  password_type:   'text' // use plain password, not encoded,
    */
-    //'password'        => false, // "secret-password",
    //'password_always' => false, // always require password,
+    //'password'        => false, // "secret-password",
+    //'password_type'   => 'text', // supports 'text', 'md5', 'hash',



--- a/webroot/imgd.php
+++ b/webroot/imgd.php
@@ -3322,20 +3322,27 @@ if ($defaultTimezone) {
 */
 $pwdConfig   = getConfig('password', false);
 $pwdAlways   = getConfig('password_always', false);
+$pwdType     = getConfig('password_type', 'text');
 $pwd         = get(array('password', 'pwd'), null);

 // Check if passwords match, if configured to use passwords
-$passwordMatch = null;
-if ($pwdAlways) {
-
+$passwordMatch = false;
+if ($pwd) {
+    switch($pwdType) {
+        case 'md5':
+            $passwordMatch = ($pwdConfig === md5($pwd));
+            break;
+        case 'hash':
+            $passwordMatch = password_verify($pwd, $pwdConfig);
+            break;
+        case 'text':
            $passwordMatch = ($pwdConfig === $pwd);
-    if (!$passwordMatch) {
-        errorPage("Password required and does not match or exists.");
+            break;
    }
+}

-} elseif ($pwdConfig && $pwd) {
-
-    $passwordMatch = ($pwdConfig === $pwd);
+if ($pwdAlways && $passwordMatch !== true) {
+    errorPage("Password required and does not match or exists.");
 }

 verbose("password match = $passwordMatch");
--- a/webroot/imgp.php
+++ b/webroot/imgp.php
@@ -3322,20 +3322,27 @@ if ($defaultTimezone) {
 */
 $pwdConfig   = getConfig('password', false);
 $pwdAlways   = getConfig('password_always', false);
+$pwdType     = getConfig('password_type', 'text');
 $pwd         = get(array('password', 'pwd'), null);

 // Check if passwords match, if configured to use passwords
-$passwordMatch = null;
-if ($pwdAlways) {
-
+$passwordMatch = false;
+if ($pwd) {
+    switch($pwdType) {
+        case 'md5':
+            $passwordMatch = ($pwdConfig === md5($pwd));
+            break;
+        case 'hash':
+            $passwordMatch = password_verify($pwd, $pwdConfig);
+            break;
+        case 'text':
            $passwordMatch = ($pwdConfig === $pwd);
-    if (!$passwordMatch) {
-        errorPage("Password required and does not match or exists.");
+            break;
    }
+}

-} elseif ($pwdConfig && $pwd) {
-
-    $passwordMatch = ($pwdConfig === $pwd);
+if ($pwdAlways && $passwordMatch !== true) {
+    errorPage("Password required and does not match or exists.");
 }

 verbose("password match = $passwordMatch");
--- a/webroot/imgs.php
+++ b/webroot/imgs.php
@@ -3322,20 +3322,27 @@ if ($defaultTimezone) {
 */
 $pwdConfig   = getConfig('password', false);
 $pwdAlways   = getConfig('password_always', false);
+$pwdType     = getConfig('password_type', 'text');
 $pwd         = get(array('password', 'pwd'), null);

 // Check if passwords match, if configured to use passwords
-$passwordMatch = null;
-if ($pwdAlways) {
-
+$passwordMatch = false;
+if ($pwd) {
+    switch($pwdType) {
+        case 'md5':
+            $passwordMatch = ($pwdConfig === md5($pwd));
+            break;
+        case 'hash':
+            $passwordMatch = password_verify($pwd, $pwdConfig);
+            break;
+        case 'text':
            $passwordMatch = ($pwdConfig === $pwd);
-    if (!$passwordMatch) {
-        errorPage("Password required and does not match or exists.");
+            break;
    }
+}

-} elseif ($pwdConfig && $pwd) {
-
-    $passwordMatch = ($pwdConfig === $pwd);
+if ($pwdAlways && $passwordMatch !== true) {
+    errorPage("Password required and does not match or exists.");
 }

 verbose("password match = $passwordMatch");