Skip to content
Permalink
Browse files

new functions added for encrypting passwords (#390)

* new functions added for encrypting passwords with better algo while keeping support for older passwords and older versions of php not containing the recommended password functions

* Update owa_lib.php
  • Loading branch information...
8633brown authored and padams committed Sep 6, 2019
1 parent 3b619d3 commit d6f4a5865e062696c4236e04f2f004c151c520e7
Showing with 34 additions and 4 deletions.
  1. +23 −2 owa_auth.php
  2. +11 −2 owa_lib.php
@@ -197,7 +197,9 @@ function authByInput($user_id, $password) {
// set credentials
$this->credentials['user_id'] = owa_sanitize::cleanUserId( $user_id );
// must encrypt password to see if it matches whats in the db
$this->credentials['password'] = $this->generateAuthCredential( $this->credentials['user_id'], $this->encryptPassword( $password ) );
$this->credentials['password'] = $this->generateAuthCredential( $this->credentials['user_id'], $this->encryptOldPassword( $password ) );
// pass plain text password to test with password_verify
$this->credentials['new_password'] = $password;
//owa_coreAPI::debug(print_r($this->credentials, true));
$ret = $this->isUser();
@@ -354,6 +356,11 @@ function encryptPassword($password) {
return owa_lib::encryptPassword($password);
}
function encryptOldPassword($password) {
return owa_lib::encryptOldPassword($password);
}
function getUser() {
@@ -377,6 +384,20 @@ function isUser() {
$this->getUser();
if ( $this->credentials['user_id'] === $this->u->get('user_id') ) {
// new_password will only be set when using authByInput
if ( isset($this->credentials['new_password']) ) {
// plain text password matches DB password we can authorize
if ( password_verify( $this->credentials['new_password'], $this->u->get('password') ) ) {
$this->_is_user = true;
// set as new current user in service layer
$cu->loadNewUserByObject( $this->u );
$cu->setAuthStatus(true);
return true;
}
}
//if ($this->credentials['password'] === $this->u->get('password')):
if ( $this->isValidAuthCredential( $this->credentials['user_id'], $this->credentials['password'] ) ) {
@@ -450,4 +471,4 @@ function generateAuthCredential($user_id, $password, $expiration = '', $scheme =
}
?>
?>
@@ -998,11 +998,20 @@ public static function truncate ($str, $length=10, $trailing='...') {
* @param string $password
* @return string
*/
public static function encryptPassword($password) {
public static function encryptOldPassword($password) {
return md5(strtolower($password).strlen($password));
//return owa_coreAPI::saltedHash( $password, 'auth');
}
public static function encryptPassword($password) {
// check function exists to support older PHP
if ( function_exists(password_hash) ) {
return password_hash( $password, PASSWORD_DEFAULT );
} else {
return $this->encryptOldPassword($password);
}
}
public static function hash( $hash_type = 'md5', $data, $salt = '' ) {
@@ -1367,4 +1376,4 @@ public static function isPrivateIp( $ip_address ) {
}
}
?>
?>

0 comments on commit d6f4a58

Please sign in to comment.
You can’t perform that action at this time.