Changeset 7726

Show
Ignore:
Timestamp:
05/14/09 18:43:18 (1 year ago)
Author:
xrobau
Message:

I unilaterally decided to add sha256 passwords, from #1380 - it's definately a good idea. My fault. Blame me if you can't log in after updating. Make sure do an ./install-amp --from-version 2.5.0 or something to update the database tables.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • freepbx/trunk/amp_conf/htdocs/admin/functions.inc.php

    r7598 r7726  
    411411                $this->username = $username; 
    412412                if ($user = getAmpUser($username)) { 
    413                         $this->_password = $user["password"]; 
     413                        $this->_password = $user["password_sha256"]; 
    414414                        $this->_extension_high = $user["extension_high"]; 
    415415                        $this->_extension_low = $user["extension_low"]; 
     
    12941294        global $db; 
    12951295         
    1296         $sql = "SELECT username, password, extension_low, extension_high, deptname, sections FROM ampusers WHERE username = '".$db->escapeSimple($username)."'"; 
     1296        $sql = "SELECT username, password_sha256, extension_low, extension_high, deptname, sections FROM ampusers WHERE username = '".$db->escapeSimple($username)."'"; 
    12971297        $results = $db->getAll($sql); 
    12981298        if(DB::IsError($results)) { 
     
    13031303                $user = array(); 
    13041304                $user["username"] = $results[0][0]; 
    1305                 $user["password"] = $results[0][1]; 
     1305                $user["password_sha256"] = $results[0][1]; 
    13061306                $user["extension_low"] = $results[0][2]; 
    13071307                $user["extension_high"] = $results[0][3]; 

  • freepbx/trunk/amp_conf/htdocs/admin/header_auth.php

    r5351 r7726  
    2323                                $_SESSION['AMP_user'] = new ampuser($_SERVER['PHP_AUTH_USER']); 
    2424                                 
    25                                 if (!$_SESSION['AMP_user']->checkPassword($_SERVER['PHP_AUTH_PW'])) { 
     25                                if (!$_SESSION['AMP_user']->checkPassword(hash("sha256", $_SERVER['PHP_AUTH_PW']))) { 
    2626                                        // failed, one last chance -- fallback to amportal.conf db admin user 
    2727                                        if (($_SERVER['PHP_AUTH_USER'] == $amp_conf['AMPDBUSER']) && ($_SERVER['PHP_AUTH_PW'] == $amp_conf['AMPDBPASS'])) {