118 lines
2.9 KiB
PHP
118 lines
2.9 KiB
PHP
<?php
|
|
|
|
function salt($alg) {
|
|
$salt=NULL;
|
|
$n_char_to_remove=1;
|
|
$max_blowfish_salt_length=22;
|
|
$DEFAULT_SHA_ROUNDS =5000;
|
|
|
|
$chararr=array('Q','W','E','R','T','Y','U','I','O','P','A','S','D','F','G','H','J','K','L','Z','X','C','V','B','N','M','q','w','e','r','t','y','u','i','o','p','a','s','d','f','g','h','j','k','l','z','x','c','v','b','n','m','0','1','2','3','4','5','6','7','8','9','/','.');
|
|
|
|
if($alg="blowfish")
|
|
$n_char_to_remove+=2; //tolgo dall'array "." e "/"
|
|
else
|
|
$n_char_to_remove+=0;
|
|
|
|
for ($i=0;$i<$max_blowfish_salt_length;$i++){
|
|
$salt .=$chararr[rand(0,count($chararr)-$n_char_to_remove)];
|
|
}
|
|
|
|
if ($alg="sha256")
|
|
$init='$5$rounds='.$DEFAULT_SHA_ROUNDS;
|
|
elseif ($alg="sha512")
|
|
$init='$6$rounds='.$DEFAULT_SHA_ROUNDS;
|
|
elseif ($alg="blowfish")
|
|
$init='$2a$07';
|
|
|
|
return $init.'$'.$salt;
|
|
}
|
|
|
|
//info mysql
|
|
require_once('config/ftp.php');
|
|
|
|
global $sock;
|
|
$sock=mysql_connect($host,$user,$passwd);
|
|
mysql_select_db($db);
|
|
//fine sql
|
|
$cosa="ftp";
|
|
require_once('include/template.php');
|
|
require_once('include/log.php');
|
|
require_once('include/strenght_box.php');
|
|
|
|
printHead($title_page);
|
|
printLangSelector($lang);
|
|
if ($_POST["ph"]==""){
|
|
printPasswordStrenght();
|
|
}
|
|
printTitle($title);
|
|
|
|
//printMessage($msgServiceOffline);
|
|
//exit;
|
|
|
|
if ($_POST["ph"]==""){
|
|
printForm($form_user, $cosa, $lang);
|
|
} else if ($_POST["ph"]=="1" AND $_POST["npwd"]==$_POST["npwd2"]) {
|
|
$f=getLogFd();
|
|
|
|
$p_sha256=$p_crypt=NULL;
|
|
$host = gethostname();
|
|
|
|
$user = $_POST["user"];
|
|
$opwd = $_POST["opwd"];
|
|
$npwd = $_POST["npwd"];
|
|
$user_e = mysql_real_escape_string($user,$sock);
|
|
|
|
writeLog($f,"[Info] === user: $user_e, chpw START ".$cosa.".php ===");
|
|
$pw_query = "SELECT password_crypt
|
|
FROM ftp_accounts
|
|
JOIN hosts_urls USING (url_id)
|
|
JOIN hosts USING (host_id)
|
|
WHERE username = '$user_e'
|
|
AND hostname = '$host'
|
|
AND ftp = 'Y'";
|
|
|
|
|
|
$r = mysql_query($pw_query);
|
|
if (mysql_num_rows($r) != 0) {
|
|
$pw_arr = mysql_fetch_row($r);
|
|
if ($pw_arr[0]!=NULL) {
|
|
$p_crypt=crypt($opwd,$pw_arr[0]);
|
|
}
|
|
|
|
if (strlen($_POST["npwd"])<6) {
|
|
writeLog($f,"[INFO] user: $user_e, password troppo corta");
|
|
closeLogFd($f);
|
|
printMessage($msgShortPassword);
|
|
} else {
|
|
$n_sha=hash('sha256', $npwd);
|
|
$n_crypt=crypt($npwd,salt('sha256'));
|
|
|
|
$uq="UPDATE ftp_accounts
|
|
SET password_sha256 = '$n_sha',
|
|
password_crypt = '$n_crypt'
|
|
WHERE username = '$user_e'";
|
|
|
|
mysql_query($uq);
|
|
if (mysql_affected_rows()==1) {
|
|
writeLog($f,"[Ok] user: $user_e, update succesful");
|
|
closeLogFd($f);
|
|
printMessage($msgPasswordChanged);
|
|
} else {
|
|
//echo "problemi nell update\n";
|
|
writeLog($f,"[Error] user: $user_e, db update error");
|
|
closeLogFd($f);
|
|
printMessage($msgPasswordNotChanged);
|
|
}
|
|
}
|
|
} else {
|
|
writeLog($f,"[Info] user: $user_e, credenziali errate");
|
|
closeLogFd($f);
|
|
printMessage($msgPasswordNotChanged);
|
|
}
|
|
} else {
|
|
//echo "le 2 pw nuove non combaciano\n";
|
|
printMessage($msgFailedConfirm);
|
|
}
|
|
printFooter();
|
|
|
|
?>
|