Rev 392 | Rev 424 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 392 | Rev 421 | ||
|---|---|---|---|
| Line 107... | Line 107... | ||
| 107 | $ses->destroySession(); |
107 | $ses->destroySession(); |
| 108 | } |
108 | } |
| 109 | } |
109 | } |
| 110 | 110 | ||
| 111 | public static function adminCheckPassword($password) { |
111 | public static function adminCheckPassword($password) { |
| 112 | $hashed = OIDplus::baseConfig()->getValue('ADMIN_PASSWORD', ''); |
112 | $passwordData = OIDplus::baseConfig()->getValue('ADMIN_PASSWORD', ''); |
| 113 | if (empty($hashed)) { |
113 | if (empty($passwordData)) { |
| 114 | throw new OIDplusException(_L('No admin password set in %1','userdata/baseconfig/config.inc.php')); |
114 | throw new OIDplusException(_L('No admin password set in %1','userdata/baseconfig/config.inc.php')); |
| 115 | } |
115 | } |
| - | 116 | if (strpos($passwordData, '$') !== false) { |
|
| - | 117 | list($s_salt, $hash) = explode('$', $passwordData, 2); |
|
| - | 118 | } else { |
|
| - | 119 | $s_salt = ''; |
|
| 116 | $calc_authkey = sha3_512($password); |
120 | $hash = $passwordData; |
| - | 121 | } |
|
| 117 | return $calc_authkey == bin2hex(base64_decode($hashed)); |
122 | return strcmp(sha3_512($s_salt.$password, true), base64_decode($hash)) === 0; |
| 118 | } |
123 | } |
| 119 | 124 | ||
| 120 | public static function isAdminLoggedIn() { |
125 | public static function isAdminLoggedIn() { |
| 121 | if (self::forceAllLoggedOut()) { |
126 | if (self::forceAllLoggedOut()) { |
| 122 | return false; |
127 | return false; |
| Line 127... | Line 132... | ||
| 127 | 132 | ||
| 128 | // Authentication keys for validating arguments (e.g. sent by mail) |
133 | // Authentication keys for validating arguments (e.g. sent by mail) |
| 129 | 134 | ||
| 130 | public static function makeAuthKey($data) { |
135 | public static function makeAuthKey($data) { |
| 131 | $data = OIDplus::baseConfig()->getValue('SERVER_SECRET') . $data; |
136 | $data = OIDplus::baseConfig()->getValue('SERVER_SECRET') . $data; |
| 132 | $calc_authkey = sha3_512($data); |
137 | $calc_authkey = sha3_512($data, false); |
| 133 | return $calc_authkey; |
138 | return $calc_authkey; |
| 134 | } |
139 | } |
| 135 | 140 | ||
| 136 | public static function validateAuthKey($data, $auth_key) { |
141 | public static function validateAuthKey($data, $auth_key) { |
| 137 | return self::makeAuthKey($data) == $auth_key; |
142 | return strcmp(self::makeAuthKey($data), $auth_key) === 0; |
| 138 | } |
143 | } |
| 139 | 144 | ||
| 140 | // "Veto" functions to force logout state |
145 | // "Veto" functions to force logout state |
| 141 | 146 | ||
| 142 | public static function forceAllLoggedOut() { |
147 | public static function forceAllLoggedOut() { |
| Line 149... | Line 154... | ||
| 149 | } else { |
154 | } else { |
| 150 | return false; |
155 | return false; |
| 151 | } |
156 | } |
| 152 | } |
157 | } |
| 153 | 158 | ||
| - | 159 | // Generate RA passwords |
|
| - | 160 | ||
| - | 161 | public static function raGeneratePassword($password) { |
|
| - | 162 | $s_salt = uniqid(mt_rand(), true); |
|
| - | 163 | $calc_authkey = 'A2#'.base64_encode(sha3_512($s_salt.$password, true)); |
|
| - | 164 | return array($s_salt, $calc_authkey); |
|
| - | 165 | } |
|
| - | 166 | ||
| - | 167 | // Generate admin password |
|
| - | 168 | ||
| - | 169 | /* Nothing here; the admin password will be generated in setup_base.js */ |
|
| - | 170 | ||
| 154 | } |
171 | } |
| 155 | 172 | ||