PHP makeCryptPassword函数代码示例

/**
 * Function validatePasswordLogin
 *
 * compare user password-hash with given user-password
 * and check if they are the same
 * additionally it updates the hash if the system settings changed
 * or if the very old md5() sum is used
 *
 * @param array $userinfo user-data from table
 * @param string $password the password to validate
 * @param string $table either panel_customers or panel_admins
 * @param string $uid user-id-field in $table
 *
 * @return boolean
 */
function validatePasswordLogin($userinfo = null, $password = null, $table = 'panel_customers', $uid = 'customerid')
{
    $systype = 3;
    // SHA256
    if (Settings::Get('system.passwordcryptfunc') !== null) {
        $systype = (int) Settings::Get('system.passwordcryptfunc');
    }
    $pwd_hash = $userinfo['password'];
    $update_hash = false;
    // check for good'ole md5
    if (strlen($pwd_hash) == 32 && ctype_xdigit($pwd_hash)) {
        $pwd_check = md5($password);
        $update_hash = true;
    } else {
        // cut out the salt from the hash
        $pwd_salt = str_replace(substr(strrchr($pwd_hash, "\$"), 1), "", $pwd_hash);
        // create same hash to compare
        $pwd_check = crypt($password, $pwd_salt);
        // check whether the hash needs to be updated
        $hash_type_chk = substr($pwd_hash, 0, 3);
        if ($systype == 1 && $hash_type_chk != '$1$' || $systype == 2 && $hash_type_chk != '$2$' || $systype == 3 && $hash_type_chk != '$5$' || $systype == 4 && $hash_type_chk != '$6$') {
            $update_hash = true;
        }
    }
    if ($pwd_hash == $pwd_check) {
        // check for update of hash
        if ($update_hash) {
            $upd_stmt = Database::prepare("\n\t\t\t\tUPDATE " . $table . " SET `password` = :newpasswd WHERE `" . $uid . "` = :uid\n\t\t\t");
            $params = array('newpasswd' => makeCryptPassword($password), 'uid' => $userinfo[$uid]);
            Database::pexecute($upd_stmt, $params);
        }
        return true;
    }
    return false;
}

 // @FIXME use a good path-validating regex here (refs #1231)
 $path = validate($_POST['path'], 'path');
 $_setnewpass = false;
 if (isset($_POST['ftp_password']) && $_POST['ftp_password'] != '') {
     $password = validate($_POST['ftp_password'], 'password');
     $password = validatePassword($password);
     $_setnewpass = true;
 }
 if ($_setnewpass) {
     if ($password == '') {
         standard_error(array('stringisempty', 'mypassword'));
     } elseif ($result['username'] == $password) {
         standard_error('passwordshouldnotbeusername');
     }
     $log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'");
     $cryptPassword = makeCryptPassword($password);
     $stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`\n\t\t\t\t\t\tSET `password` = :password\n\t\t\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\t\t\tAND `id` = :id");
     Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id, "password" => $cryptPassword));
 }
 if ($path != '') {
     $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
     if ($path != $result['homedir']) {
         if (!file_exists($path)) {
             // it's the task for "new ftp" but that will
             // create all directories and correct their permissions
             inserttask(5);
         }
         $log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account homdir for '" . $result['username'] . "'");
         $stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`\n\t\t\t\t\t\t\tSET `homedir` = :homedir\n\t\t\t\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\t\t\t\tAND `id` = :id");
         $params = array("homedir" => $path, "customerid" => $userinfo['customerid'], "id" => $id);
         Database::pexecute($stmt, $params);

                 $new_password_confirm = validatePassword($_POST['new_password_confirm'], 'new password confirm');
             }
             if ($new_password == '') {
                 $message = $new_password;
             } elseif ($new_password_confirm == '') {
                 $message = $new_password_confirm;
             } elseif ($new_password != $new_password_confirm) {
                 $message = $new_password . " != " . $new_password_confirm;
             } else {
                 // Update user password
                 if ($result['admin'] == 1) {
                     $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_ADMINS . "`\n\t\t\t\t\t\t\t\tSET `password` = :newpassword\n\t\t\t\t\t\t\t\tWHERE `adminid` = :userid");
                 } else {
                     $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`\n\t\t\t\t\t\t\t\tSET `password` = :newpassword\n\t\t\t\t\t\t\t\tWHERE `customerid` = :userid");
                 }
                 Database::pexecute($stmt, array("newpassword" => makeCryptPassword($new_password), "userid" => $result['userid']));
                 $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'));
                 $rstlog->logAction(USR_ACTION, LOG_NOTICE, "changed password using password reset.");
                 // Remove activation code from DB
                 $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`\n\t\t\t\t\t\t\tWHERE `activationcode` = :activationcode\n\t\t\t\t\t\t\tAND `userid` = :userid");
                 Database::pexecute($stmt, array("activationcode" => $activationcode, "userid" => $result['userid']));
                 redirectTo('index.php', array("showmessage" => '6'));
             }
         } else {
             redirectTo('index.php', array("showmessage" => '7'));
         }
     }
     eval("echo \"" . getTemplate('rpwd') . "\";");
 } else {
     redirectTo('index.php', array("showmessage" => '7'));
 }

     standard_error(array('stringisempty', 'oldpassword'));
 } elseif ($new_password == '') {
     standard_error(array('stringisempty', 'newpassword'));
 } elseif ($new_password_confirm == '') {
     standard_error(array('stringisempty', 'newpasswordconfirm'));
 } elseif ($new_password != $new_password_confirm) {
     standard_error('newpasswordconfirmerror');
 } else {
     // Update user password
     $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`\n\t\t\t\tSET `password` = :newpassword\n\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\tAND `password` = :oldpassword");
     $params = array("newpassword" => md5($new_password), "customerid" => $userinfo['customerid'], "oldpassword" => md5($old_password));
     Database::pexecute($stmt, $params);
     $log->logAction(USR_ACTION, LOG_NOTICE, 'changed password');
     // Update ftp password
     if (isset($_POST['change_main_ftp']) && $_POST['change_main_ftp'] == 'true') {
         $cryptPassword = makeCryptPassword($new_password);
         $stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`\n\t\t\t\t\tSET `password` = :password\n\t\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\t\tAND `username` = :username");
         $params = array("password" => $cryptPassword, "customerid" => $userinfo['customerid'], "username" => $userinfo['loginname']);
         Database::pexecute($stmt, $params);
         $log->logAction(USR_ACTION, LOG_NOTICE, 'changed main ftp password');
     }
     // Update webalizer password
     if (isset($_POST['change_webalizer']) && $_POST['change_webalizer'] == 'true') {
         if (CRYPT_STD_DES == 1) {
             $saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
             $new_webalizer_password = crypt($new_password, $saltfordescrypt);
         } else {
             $new_webalizer_password = crypt($new_password);
         }
         $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`\n\t\t\t\t\tSET `password` = :password\n\t\t\t\t\tWHERE `customerid` = :customerid\n\t\t\t\t\tAND `username` = :username");
         $params = array("password" => $new_webalizer_password, "customerid" => $userinfo['customerid'], "username" => $userinfo['loginname']);

        if (!validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_ADMINS, 'adminid')) {
            standard_error('oldpasswordnotcorrect');
        }
        $new_password = validate($_POST['new_password'], 'new password');
        $new_password_confirm = validate($_POST['new_password_confirm'], 'new password confirm');
        if ($old_password == '') {
            standard_error(array('stringisempty', 'oldpassword'));
        } elseif ($new_password == '') {
            standard_error(array('stringisempty', 'newpassword'));
        } elseif ($new_password_confirm == '') {
            standard_error(array('stringisempty', 'newpasswordconfirm'));
        } elseif ($new_password != $new_password_confirm) {
            standard_error('newpasswordconfirmerror');
        } else {
            $chgpwd_stmt = Database::prepare("\n\t\t\t\tUPDATE `" . TABLE_PANEL_ADMINS . "`\n\t\t\t\tSET `password`= :newpasswd\n\t\t\t\tWHERE `adminid`= :adminid");
            Database::pexecute($chgpwd_stmt, array('newpasswd' => makeCryptPassword($new_password), 'adminid' => (int) $userinfo['adminid']));
            $log->logAction(ADM_ACTION, LOG_NOTICE, 'changed password');
            redirectTo($filename, array('s' => $s));
        }
    } else {
        eval("echo \"" . getTemplate("index/change_password") . "\";");
    }
} elseif ($page == 'change_language') {
    if (isset($_POST['send']) && $_POST['send'] == 'send') {
        $def_language = validate($_POST['def_language'], 'default language');
        if (isset($languages[$def_language])) {
            $lng_stmt = Database::prepare("\n\t\t\t\tUPDATE `" . TABLE_PANEL_ADMINS . "`\n\t\t\t\tSET `def_language`= :deflng\n\t\t\t\tWHERE `adminid`= :adminid");
            Database::pexecute($lng_stmt, array('deflng' => $def_language, 'adminid' => (int) $userinfo['adminid']));
            $lng_stmt = Database::prepare("\n\t\t\t\tUPDATE `" . TABLE_PANEL_SESSIONS . "`\n\t\t\t\tSET `language`= :lng\n\t\t\t\tWHERE `hash`= :hash");
            Database::pexecute($lng_stmt, array('lng' => $def_language, 'hash' => $s));
        }