[User Management] added SHA256 and SHA512/256 support

(cherry picked from commit fd07f88)
OpenSIPS · Sep 15, 2022 · de1e458 · de1e458
1 parent f38db3f
commit de1e458
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 11 deletions.
diff --git a/web/tools/users/user_management/lib/user_management.test.inc.php b/web/tools/users/user_management/lib/user_management.test.inc.php
@@ -46,11 +46,6 @@
 		$form_valid=false;
 		$form_error="- <b>Passwords do not match!<b> -";
   } else {
-  		if (get_settings_value("passwd_mode")==0) {
-			$ha1  = "";
-		} else if (get_settings_value("passwd_mode")==1) {
-			$ha1 = md5($uname.":".$domain.":".$passwd);
-		}	
   		// check for SIP account duplicate
 		$sql="select count(*) from ".$table." where username=? and domain=?";
 		$stm = $link->prepare($sql);

diff --git a/web/tools/users/user_management/user_management.php b/web/tools/users/user_management/user_management.php
@@ -105,14 +105,18 @@
 			if ($_POST['passwd']!="") {
 				if (get_settings_value("passwd_mode")==0) {
 					$ha1  = "";
+		                        $sha256 = "";
+		                        $sha512t256 = "";
 					$passwd = $_POST['passwd'];
 				} else if (get_settings_value("passwd_mode")==1) {
 					$ha1 = md5($uname.":".$domain.":".$_POST['passwd']);
+		                        $sha256 = hash("sha256", $uname.":".$domain.":".$_POST['passwd']);
+		                        $sha512t256 = hash("sha512/256", $uname.":".$domain.":".$_POST['passwd']);
 					$passwd = "";
 				}
 				$sql = "UPDATE ".$table." SET username=?, domain=?,
-					 password=?, ha1=?";
-				$sql_vals = array($uname,$domain,$passwd,$ha1);
+					 password=?, ha1=?, ha1_sha256=?, ha1_sha512t256=?";
+				$sql_vals = array($uname,$domain,$passwd,$ha1,$sha256,$sha512t256);
 				foreach ( get_settings_value("subs_extra") as $key => $value ) {
 					$sql .= ", ".$key."=?";
 					array_push( $sql_vals, $_POST["extra_".$key]);
@@ -270,13 +274,23 @@
   if(!$_SESSION['read_only']){
           require("lib/".$page_id.".test.inc.php");
           if ($form_valid) {
-                if (get_settings_value("passwd_mode")==1) $passwd="";
-                $sql = 'INSERT INTO '.$table.' (username,domain,password,ha1';
+                if (get_settings_value("passwd_mode")==1) {
+                    $passwd="";
+		    $ha1 = md5($uname.":".$domain.":".$passwd);
+		    $sha256 = hash("sha256", $uname.":".$domain.":".$passwd);
+		    $sha512t256 = hash("sha512/256", $uname.":".$domain.":".$passwd);
+                } else {
+		    $ha1 = "";
+		    $sha256 = "";
+		    $sha512t256 = "";
+                }
+		print_r(hash_algos());
+                $sql = 'INSERT INTO '.$table.' (username,domain,password,ha1,ha1_sha256,ha1_sha512t256';
 		foreach ( get_settings_value("subs_extra") as $key => $value )
 			if (isset($_POST['extra_'.$key]) && $_POST['extra_'.$key]!='')
 				$sql .= ','.$key;
-		$sql .= ') VALUES (?, ?, ?, ? ';
-		$sql_vals = array($uname,$domain,$passwd,$ha1);
+		$sql .= ') VALUES (?, ?, ?, ?, ?, ? ';
+		$sql_vals = array($uname,$domain,$passwd,$ha1,$sha256,$sha512t256);
 		foreach ( get_settings_value("subs_extra") as $key => $value )
 			if (isset($_POST['extra_'.$key]) && $_POST['extra_'.$key]!='') {
 				$sql .= ', ?';