MDL-20365 auth_db: Add salted crypt() password hash option

2025-01-18 05:58:34 +01:00 · 2014-11-12 16:32:34 -06:00 · 2014-11-12 16:32:34 -06:00 · f97b63bfd1
commit f97b63bfd1
parent 2ee5b9cdc6
3 changed files with 21 additions and 15 deletions
--- a/auth/db/auth.php
+++ b/auth/db/auth.php
@ -105,29 +105,33 @@ class auth_plugin_db extends auth_plugin_base {

            $authdb = $this->db_init();

-            if ($this->config->passtype === 'md5') {   // Re-format password accordingly.
-                $extpassword = md5($extpassword);
-            } else if ($this->config->passtype === 'sha1') {
-                $extpassword = sha1($extpassword);
-            }
-
-            $rs = $authdb->Execute("SELECT *
-                                      FROM {$this->config->table}
-                                     WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."'
-                                           AND {$this->config->fieldpass} = '".$this->ext_addslashes($extpassword)."'");
+            $rs = $authdb->Execute("SELECT {$this->config->fieldpass} FROM {$this->config->table}
+                                     WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."'");
            if (!$rs) {
                $authdb->Close();
                debugging(get_string('auth_dbcantconnect','auth_db'));
                return false;
            }

-            if (!$rs->EOF) {
+            if ($rs->EOF) {
+                $authdb->Close();
+                return false;
+            }
+
+            $fromdb = $rs->fields[$this->config->fieldpass];
            $rs->Close();
            $authdb->Close();
-                return true;
+
+            if ($this->config->passtype === 'plaintext') {
+                return ($fromdb == $extpassword);
+            } else if ($this->config->passtype === 'md5') {
+                return ($fromdb == md5($extpassword));
+            } else if ($this->config->passtype === 'sha1') {
+                return ($fromdb == sha1($extpassword));
+            } else if ($this->config->passtype === 'saltedcrypt') {
+                require_once($CFG->libdir.'/password_compat/lib/password.php');
+                return password_verify($extpassword, $fromdb);
            } else {
-                $rs->Close();
-                $authdb->Close();
                return false;
            }

--- a/auth/db/config.html
+++ b/auth/db/config.html
@ -191,6 +191,7 @@
        $passtype["plaintext"] = get_string("plaintext", "auth");
        $passtype["md5"]       = get_string("md5", "auth");
        $passtype["sha1"]      = get_string("sha1", "auth");
+        $passtype["saltedcrypt"]      = get_string("auth_dbsaltedcrypt", "auth_db");
        $passtype["internal"]  = get_string("internal", "auth");
        echo html_writer::select($passtype, "passtype", $config->passtype, false);

--- a/auth/db/lang/en/auth_db.php
+++ b/auth/db/lang/en/auth_db.php
@ -49,6 +49,7 @@ $string['auth_dbpasstype'] = '<p>Specify the format that the password field is u
 $string['auth_dbpasstype_key'] = 'Password format';
 $string['auth_dbreviveduser'] = 'Revived user {$a->name} id {$a->id}';
 $string['auth_dbrevivedusererror'] = 'Error reviving user {$a}';
+$string['auth_dbsaltedcrypt'] = 'Salted crypt()';
 $string['auth_dbsetupsql'] = 'SQL setup command';
 $string['auth_dbsetupsqlhelp'] = 'SQL command for special database setup, often used to setup communication encoding - example for MySQL and PostgreSQL: <em>SET NAMES \'utf8\'</em>';
 $string['auth_dbsuspenduser'] = 'Suspended user {$a->name} id {$a->id}';