Rev 392 | Rev 424 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 392 | Rev 421 | ||
---|---|---|---|
Line 107... | Line 107... | ||
107 | $ses->destroySession(); |
107 | $ses->destroySession(); |
108 | } |
108 | } |
109 | } |
109 | } |
110 | 110 | ||
111 | public static function adminCheckPassword($password) { |
111 | public static function adminCheckPassword($password) { |
112 | $hashed = OIDplus::baseConfig()->getValue('ADMIN_PASSWORD', ''); |
112 | $passwordData = OIDplus::baseConfig()->getValue('ADMIN_PASSWORD', ''); |
113 | if (empty($hashed)) { |
113 | if (empty($passwordData)) { |
114 | throw new OIDplusException(_L('No admin password set in %1','userdata/baseconfig/config.inc.php')); |
114 | throw new OIDplusException(_L('No admin password set in %1','userdata/baseconfig/config.inc.php')); |
115 | } |
115 | } |
- | 116 | if (strpos($passwordData, '$') !== false) { |
|
- | 117 | list($s_salt, $hash) = explode('$', $passwordData, 2); |
|
- | 118 | } else { |
|
- | 119 | $s_salt = ''; |
|
116 | $calc_authkey = sha3_512($password); |
120 | $hash = $passwordData; |
- | 121 | } |
|
117 | return $calc_authkey == bin2hex(base64_decode($hashed)); |
122 | return strcmp(sha3_512($s_salt.$password, true), base64_decode($hash)) === 0; |
118 | } |
123 | } |
119 | 124 | ||
120 | public static function isAdminLoggedIn() { |
125 | public static function isAdminLoggedIn() { |
121 | if (self::forceAllLoggedOut()) { |
126 | if (self::forceAllLoggedOut()) { |
122 | return false; |
127 | return false; |
Line 127... | Line 132... | ||
127 | 132 | ||
128 | // Authentication keys for validating arguments (e.g. sent by mail) |
133 | // Authentication keys for validating arguments (e.g. sent by mail) |
129 | 134 | ||
130 | public static function makeAuthKey($data) { |
135 | public static function makeAuthKey($data) { |
131 | $data = OIDplus::baseConfig()->getValue('SERVER_SECRET') . $data; |
136 | $data = OIDplus::baseConfig()->getValue('SERVER_SECRET') . $data; |
132 | $calc_authkey = sha3_512($data); |
137 | $calc_authkey = sha3_512($data, false); |
133 | return $calc_authkey; |
138 | return $calc_authkey; |
134 | } |
139 | } |
135 | 140 | ||
136 | public static function validateAuthKey($data, $auth_key) { |
141 | public static function validateAuthKey($data, $auth_key) { |
137 | return self::makeAuthKey($data) == $auth_key; |
142 | return strcmp(self::makeAuthKey($data), $auth_key) === 0; |
138 | } |
143 | } |
139 | 144 | ||
140 | // "Veto" functions to force logout state |
145 | // "Veto" functions to force logout state |
141 | 146 | ||
142 | public static function forceAllLoggedOut() { |
147 | public static function forceAllLoggedOut() { |
Line 149... | Line 154... | ||
149 | } else { |
154 | } else { |
150 | return false; |
155 | return false; |
151 | } |
156 | } |
152 | } |
157 | } |
153 | 158 | ||
- | 159 | // Generate RA passwords |
|
- | 160 | ||
- | 161 | public static function raGeneratePassword($password) { |
|
- | 162 | $s_salt = uniqid(mt_rand(), true); |
|
- | 163 | $calc_authkey = 'A2#'.base64_encode(sha3_512($s_salt.$password, true)); |
|
- | 164 | return array($s_salt, $calc_authkey); |
|
- | 165 | } |
|
- | 166 | ||
- | 167 | // Generate admin password |
|
- | 168 | ||
- | 169 | /* Nothing here; the admin password will be generated in setup_base.js */ |
|
- | 170 | ||
154 | } |
171 | } |
155 | 172 |