mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-02 20:57:26 +02:00
Code Issues Releases Wiki Activity

Joomla password check method fix, new Magento password check method

Browse Source
This commit is contained in:
secretr
2011-09-13 10:29:14 +00:00
parent 594feaf20c
commit 27e95d93c3
1 changed files with 26 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
e107_plugins/alt_auth/extended_password_handler.php
View File

@@ -42,6 +42,7 @@ require_once(e_HANDLER.'user_handler.php');
define('PASSWORD_PLAINTEXT',6); define('PASSWORD_PLAINTEXT',6);
define('PASSWORD_GENERAL_SHA1',7); define('PASSWORD_GENERAL_SHA1',7);
define('PASSWORD_WORDPRESS_SALT', 8); define('PASSWORD_WORDPRESS_SALT', 8);
define('PASSWORD_MAGENTO_SALT', 9);
// Supported formats: // Supported formats:
define('PASSWORD_PHPBB_ID','$H$'); // PHPBB salted define('PASSWORD_PHPBB_ID','$H$'); // PHPBB salted
@@ -189,7 +190,8 @@ class ExtendedPasswordHandler extends UserHandler
'smf_sha1' => IMPORTDB_LAN_5, 'smf_sha1' => IMPORTDB_LAN_5,
'sha1' => IMPORTDB_LAN_6, 'sha1' => IMPORTDB_LAN_6,
'phpbb3_salt' => IMPORTDB_LAN_12, 'phpbb3_salt' => IMPORTDB_LAN_12,
'wordpress_salt' => IMPORTDB_LAN_13 'wordpress_salt' => IMPORTDB_LAN_13,
'wordpress_salt' => IMPORTDB_LAN_14,
)); ));
} }
return $vals; return $vals;
@@ -212,7 +214,8 @@ class ExtendedPasswordHandler extends UserHandler
'e107_salt' => PASSWORD_E107_SALT, 'e107_salt' => PASSWORD_E107_SALT,
'phpbb2_salt' => PASSWORD_PHPBB_SALT, 'phpbb2_salt' => PASSWORD_PHPBB_SALT,
'phpbb3_salt' => PASSWORD_PHPBB_SALT, 'phpbb3_salt' => PASSWORD_PHPBB_SALT,
'wordpress_salt' => PASSWORD_WORDPRESS_SALT 'wordpress_salt' => PASSWORD_WORDPRESS_SALT,
'magento_salt' => PASSWORD_MAGENTO_SALT,
); );
if (isset($maps[$ptype])) return $maps[$ptype]; if (isset($maps[$ptype])) return $maps[$ptype];
return FALSE; return FALSE;
@@ -235,17 +238,35 @@ class ExtendedPasswordHandler extends UserHandler
break; break;
case PASSWORD_JOOMLA_SALT : case PASSWORD_JOOMLA_SALT :
case PASSWORD_MAMBO_SALT : case PASSWORD_MAMBO_SALT :var_dump($stored_hash, strlen($stored_hash));
if ((strpos($row['user_password'], ':') === false) || (strlen($row[0]) < 40)) if ((strpos($stored_hash, ':') === false) || (strlen($stored_hash) < 40))
{ {
return PASSWORD_INVALID; return PASSWORD_INVALID;
} }
// Mambo/Joomla salted hash - should be 32-character md5 hash, ':', 16-character salt (but could be 8-char salt, maybe) // Mambo/Joomla salted hash - should be 32-character md5 hash, ':', 16-character salt (but could be 8-char salt, maybe)
list($hash, $salt) = explode(':', $stored_hash); list($hash, $salt) = explode(':', $stored_hash); var_dump($hash, $salt, md5($pword.$salt));
$pwHash = md5($pword.$salt); $pwHash = md5($pword.$salt);
$stored_hash = $hash; $stored_hash = $hash;
break; break;
case PASSWORD_MAGENTO_SALT :
if ((strpos($stored_hash, ':') === false))
{
return PASSWORD_INVALID;
}
// Magento salted hash - should be 32-character md5 hash, ':', 2-character salt
list($hash, $salt) = explode(':', $stored_hash);
if(strlen($hash) !== 32)
{
return PASSWORD_INVALID;
}
$pwHash = md5($salt.$pword);
$stored_hash = $hash;
break;
case PASSWORD_E107_SALT : case PASSWORD_E107_SALT :
return UserHandler::CheckPassword($password, $login_name, $stored_hash); return UserHandler::CheckPassword($password, $login_name, $stored_hash);
break; break;