Rev 592 | Rev 617 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 592 | Rev 609 | ||
---|---|---|---|
Line 192... | Line 192... | ||
192 | if (is_null($acs)) return; |
192 | if (is_null($acs)) return; |
193 | return $acs->adminLogout(); |
193 | return $acs->adminLogout(); |
194 | } |
194 | } |
195 | 195 | ||
196 | public function adminCheckPassword($password) { |
196 | public function adminCheckPassword($password) { |
197 | $passwordData = OIDplus::baseConfig()->getValue('ADMIN_PASSWORD', ''); |
197 | $cfgData = OIDplus::baseConfig()->getValue('ADMIN_PASSWORD', ''); |
198 | if (empty($passwordData)) { |
198 | if (empty($cfgData)) { |
199 | throw new OIDplusException(_L('No admin password set in %1','userdata/baseconfig/config.inc.php')); |
199 | throw new OIDplusException(_L('No admin password set in %1','userdata/baseconfig/config.inc.php')); |
200 | } |
200 | } |
201 | 201 | ||
- | 202 | if (!is_array($cfgData)) { |
|
- | 203 | $passwordDataArray = array($cfgData); |
|
- | 204 | } else { |
|
- | 205 | $passwordDataArray = $cfgData; |
|
- | 206 | } |
|
- | 207 | ||
- | 208 | foreach ($passwordDataArray as $passwordData) { |
|
202 | if (strpos($passwordData, '$') !== false) { |
209 | if (strpos($passwordData, '$') !== false) { |
203 | if ($passwordData[0] == '$') { |
210 | if ($passwordData[0] == '$') { |
204 | // Version 3: BCrypt |
211 | // Version 3: BCrypt |
205 | return password_verify($password, $passwordData); |
212 | return password_verify($password, $passwordData); |
206 | } else { |
213 | } else { |
Line 210... | Line 217... | ||
210 | } else { |
217 | } else { |
211 | // Version 1: SHA3-512 without salt |
218 | // Version 1: SHA3-512 without salt |
212 | $s_salt = ''; |
219 | $s_salt = ''; |
213 | $hash = $passwordData; |
220 | $hash = $passwordData; |
214 | } |
221 | } |
- | 222 | ||
215 | return strcmp(sha3_512($s_salt.$password, true), base64_decode($hash)) === 0; |
223 | if (strcmp(sha3_512($s_salt.$password, true), base64_decode($hash)) === 0) return true; |
- | 224 | } |
|
- | 225 | ||
- | 226 | return false; |
|
216 | } |
227 | } |
217 | 228 | ||
218 | public function isAdminLoggedIn() { |
229 | public function isAdminLoggedIn() { |
219 | if ($this->forceAllLoggedOut()) { |
230 | if ($this->forceAllLoggedOut()) { |
220 | return false; |
231 | return false; |