Changeset 7726

Show
Ignore:
Timestamp:
05/14/09 20:43:18 (3 years ago)
Author:
xrobau
Message:

I unilaterally decided to add sha256 passwords, from #1380 - it's definately a good idea. My fault. Blame me if you can't log in after updating. Make sure do an ./install-amp --from-version 2.5.0 or something to update the database tables.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved
  • freepbx/trunk/amp_conf/htdocs/admin/functions.inc.php

    r7598 r7726  
    411411    $this->username = $username; 
    412412    if ($user = getAmpUser($username)) { 
    413       $this->_password = $user["password"]; 
     413      $this->_password = $user["password_sha256"]; 
    414414      $this->_extension_high = $user["extension_high"]; 
    415415      $this->_extension_low = $user["extension_low"]; 
     
    12941294  global $db; 
    12951295   
    1296   $sql = "SELECT username, password, extension_low, extension_high, deptname, sections FROM ampusers WHERE username = '".$db->escapeSimple($username)."'"; 
     1296  $sql = "SELECT username, password_sha256, extension_low, extension_high, deptname, sections FROM ampusers WHERE username = '".$db->escapeSimple($username)."'"; 
    12971297  $results = $db->getAll($sql); 
    12981298  if(DB::IsError($results)) { 
     
    13031303    $user = array(); 
    13041304    $user["username"] = $results[0][0]; 
    1305     $user["password"] = $results[0][1]; 
     1305    $user["password_sha256"] = $results[0][1]; 
    13061306    $user["extension_low"] = $results[0][2]; 
    13071307    $user["extension_high"] = $results[0][3]; 
  • freepbx/trunk/amp_conf/htdocs/admin/header_auth.php

    r5351 r7726  
    2323        $_SESSION['AMP_user'] = new ampuser($_SERVER['PHP_AUTH_USER']); 
    2424         
    25         if (!$_SESSION['AMP_user']->checkPassword($_SERVER['PHP_AUTH_PW'])) { 
     25        if (!$_SESSION['AMP_user']->checkPassword(hash("sha256", $_SERVER['PHP_AUTH_PW']))) { 
    2626          // failed, one last chance -- fallback to amportal.conf db admin user 
    2727          if (($_SERVER['PHP_AUTH_USER'] == $amp_conf['AMPDBUSER']) && ($_SERVER['PHP_AUTH_PW'] == $amp_conf['AMPDBPASS'])) {