123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118 |
- <?php
- function salt($alg) {
- $salt=NULL;
- $n_char_to_remove=1;
- $max_blowfish_salt_length=22;
- $DEFAULT_SHA_ROUNDS =5000;
- $chararr=array('Q','W','E','R','T','Y','U','I','O','P','A','S','D','F','G','H','J','K','L','Z','X','C','V','B','N','M','q','w','e','r','t','y','u','i','o','p','a','s','d','f','g','h','j','k','l','z','x','c','v','b','n','m','0','1','2','3','4','5','6','7','8','9','/','.');
- if($alg="blowfish")
- $n_char_to_remove+=2; //tolgo dall'array "." e "/"
- else
- $n_char_to_remove+=0;
- for ($i=0;$i<$max_blowfish_salt_length;$i++){
- $salt .=$chararr[rand(0,count($chararr)-$n_char_to_remove)];
- }
- if ($alg="sha256")
- $init='$5$rounds='.$DEFAULT_SHA_ROUNDS;
- elseif ($alg="sha512")
- $init='$6$rounds='.$DEFAULT_SHA_ROUNDS;
- elseif ($alg="blowfish")
- $init='$2a$07';
- return $init.'$'.$salt;
- }
- //info mysql
- require_once('config/ftp.php');
- global $sock;
- $sock=mysql_connect($host,$user,$passwd);
- mysql_select_db($db);
- //fine sql
- $cosa="ftp";
- require_once('include/template.php');
- require_once('include/log.php');
- require_once('include/strenght_box.php');
- printHead($title_page);
- printLangSelector($lang);
- if ($_POST["ph"]==""){
- printPasswordStrenght();
- }
- printTitle($title);
- //printMessage($msgServiceOffline);
- //exit;
- if ($_POST["ph"]==""){
- printForm($form_user, $cosa, $lang);
- } else if ($_POST["ph"]=="1" AND $_POST["npwd"]==$_POST["npwd2"]) {
- $f=getLogFd();
- $p_sha256=$p_crypt=NULL;
- $host = gethostname();
-
- $user = $_POST["user"];
- $opwd = $_POST["opwd"];
- $npwd = $_POST["npwd"];
- $user_e = mysql_real_escape_string($user,$sock);
- writeLog($f,"[Info] === user: $user_e, chpw START ".$cosa.".php ===");
- $pw_query = "SELECT password_crypt
- FROM ftp_accounts
- JOIN hosts_urls USING (url_id)
- JOIN hosts USING (host_id)
- WHERE username = '$user_e'
- AND hostname = '$host'
- AND ftp = 'Y'";
-
- $r = mysql_query($pw_query);
- if (mysql_num_rows($r) != 0) {
- $pw_arr = mysql_fetch_row($r);
- if ($pw_arr[0]!=NULL) {
- $p_crypt=crypt($opwd,$pw_arr[0]);
- }
-
- if (strlen($_POST["npwd"])<6) {
- writeLog($f,"[INFO] user: $user_e, password troppo corta");
- closeLogFd($f);
- printMessage($msgShortPassword);
- } else {
- $n_sha=hash('sha256', $npwd);
- $n_crypt=crypt($npwd,salt('sha256'));
-
- $uq="UPDATE ftp_accounts
- SET password_sha256 = '$n_sha',
- password_crypt = '$n_crypt'
- WHERE username = '$user_e'";
- mysql_query($uq);
- if (mysql_affected_rows()==1) {
- writeLog($f,"[Ok] user: $user_e, update succesful");
- closeLogFd($f);
- printMessage($msgPasswordChanged);
- } else {
- //echo "problemi nell update\n";
- writeLog($f,"[Error] user: $user_e, db update error");
- closeLogFd($f);
- printMessage($msgPasswordNotChanged);
- }
- }
- } else {
- writeLog($f,"[Info] user: $user_e, credenziali errate");
- closeLogFd($f);
- printMessage($msgPasswordNotChanged);
- }
- } else {
- //echo "le 2 pw nuove non combaciano\n";
- printMessage($msgFailedConfirm);
- }
- printFooter();
- ?>
|