Commit a074328f authored by Benjamin Sonntag's avatar Benjamin Sonntag

adding crypt_apr1_md5 method into awstats

parent a80e22b0
......@@ -478,7 +478,7 @@ class m_aws {
$err->raise("aws",_("Login already exist"));
return false;
}
$pass=_md5cr($pass);
$pass=$this->crypt_apr1_md5($pass);
// FIXME retourner une erreur l'insert se passe pas bien
$db->query("INSERT INTO aws_users (uid,login,pass) VALUES ('$cuid','$login','$pass');");
return $this->_createhtpasswd();
......@@ -498,7 +498,7 @@ class m_aws {
$err->raise("aws",_("Login does not exists")); // Login does not exists
return false;
}
$pass=_md5c($pass);
$pass=$this->crypt_apr1_md5($pass);
$db->query("UPDATE aws_users SET pass='$pass' WHERE login='$login';");
return $this->_createhtpasswd();
}
......@@ -794,6 +794,42 @@ class m_aws {
return $str;
}
/* ----------------------------------------------------------------- */
/**
* from http://php.net/crypt#73619
*/
function crypt_apr1_md5($plainpasswd) {
$salt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8);
$len = strlen($plainpasswd);
$text = $plainpasswd.'$apr1$'.$salt;
$bin = pack("H32", md5($plainpasswd.$salt.$plainpasswd));
for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); }
for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $plainpasswd{0}; }
$bin = pack("H32", md5($text));
for($i = 0; $i < 1000; $i++) {
$new = ($i & 1) ? $plainpasswd : $bin;
if ($i % 3) $new .= $salt;
if ($i % 7) $new .= $plainpasswd;
$new .= ($i & 1) ? $bin : $plainpasswd;
$bin = pack("H32", md5($new));
}
for ($i = 0; $i < 5; $i++) {
$k = $i + 6;
$j = $i + 12;
if ($j == 16) $j = 5;
$tmp = $bin[$i].$bin[$k].$bin[$j].$tmp;
}
$tmp = chr(0).chr(0).$bin[11].$tmp;
$tmp = strtr(strrev(substr(base64_encode($tmp), 2)),
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
return "$"."apr1"."$".$salt."$".$tmp;
}
} /* CLASSE m_aws */
?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment