improve documentation around the various crypt functions

pull/248/head
David Goodwin 6 years ago
parent 17a420152c
commit 8632cbd1a9

@ -888,37 +888,57 @@ function validate_password($password) {
return $result;
}
function _pacrypt_md5crypt($pw, $pw_db) {
/**
* @param string $pw
* @param string $pw_db - encrypted hash
* @return string crypt'ed password, should equal $pw_db if $pw matches the original
*/
function _pacrypt_md5crypt($pw, $pw_db = '') {
if ($pw_db) {
$split_salt = preg_split('/\$/', $pw_db);
if (isset($split_salt[2])) {
$salt = $split_salt[2];
return md5crypt($pw, $salt);
}
}
return md5crypt($pw);
}
function _pacrypt_crypt($pw, $pw_db) {
function _pacrypt_crypt($pw, $pw_db = '') {
if ($pw_db) {
return crypt($pw, $pw_db);
}
return crypt($pw);
}
function _pacrypt_mysql_encrypt($pw, $pw_db) {
/**
* Crypt with MySQL's ENCRYPT function
*
* @param string $pw
* @param string $pw_db (hashed password)
* @return string if $pw_db and the return value match then $pw matches the original password.
*/
function _pacrypt_mysql_encrypt($pw, $pw_db = '') {
// See https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1793352&group_id=191583
// this is apparently useful for pam_mysql etc.
$pw = escape_string($pw);
if ($pw_db!="") {
$values = array('pw' => $pw_db, 'salt' => substr($pw_db, 0, 2));
$res = db_query_one("SELECT ENCRYPT(:pw,:salt) as result", $values);
if ( $pw_db ) {
$res = db_query_one("SELECT ENCRYPT(:pw,:pw_db) as result", ['pw' => $pw, 'pw_db' => $pw_db]);
} else {
$res= db_query_one("SELECT ENCRYPT(:pw) as result", array('pw' => $pw));
$res= db_query_one("SELECT ENCRYPT(:pw) as result", ['pw' => $pw]);
}
return $res['result'];
}
/**
* Create/Validate courier authlib style crypt'ed passwords. (md5, md5raw, crypt, sha1)
*
* @param string $pw
* @param string $pw_db (optional)
* @return string crypted password - contains {xxx} prefix to identify mechanism.
*/
function _pacrypt_authlib($pw, $pw_db) {
global $CONF;
$flavor = $CONF['authlib_default_flavor'];
@ -945,11 +965,13 @@ function _pacrypt_authlib($pw, $pw_db) {
}
/**
* Uses the doveadm pw command, crypted passwords have a {...} prefix to identify type.
*
* @param string $pw - plain text password
* @param string $pw_db - encrypted password, or '' for generation.
* @return string
* @return string crypted password
*/
function _pacrypt_dovecot($pw, $pw_db) {
function _pacrypt_dovecot($pw, $pw_db = '') {
global $CONF;
$split_method = preg_split('/:/', $CONF['encrypt']);
@ -1040,9 +1062,11 @@ function _pacrypt_dovecot($pw, $pw_db) {
}
/**
* Supports DES, MD5, BLOWFISH, SHA256, SHA512 methods.
*
* @param string $pw
* @param string $pw_db (can be empty if setting a new password)
* @return string
* @return string crypt'ed password; if it matches $pw_db then $pw is the original password.
*/
function _pacrypt_php_crypt($pw, $pw_db) {
global $CONF;
@ -1177,12 +1201,13 @@ function _php_crypt_random_string($characters, $length) {
/**
* Encrypt a password, using the apparopriate hashing mechanism as defined in
* config.inc.php ($CONF['encrypt']).
*
* When wanting to compare one pw to another, it's necessary to provide the salt used - hence
* the second parameter ($pw_db), which is the existing hash from the DB.
*
* @param string $pw
* @param string $pw_db optional encrypted password
* @return string encrypted password.
* @return string encrypted password - if this matches $pw_db then the original password is $pw.
*/
function pacrypt($pw, $pw_db="") {
global $CONF;
@ -1213,12 +1238,15 @@ function pacrypt($pw, $pw_db="") {
die('unknown/invalid $CONF["encrypt"] setting: ' . $CONF['encrypt']);
}
//
// md5crypt
// Action: Creates MD5 encrypted password
// Call: md5crypt (string cleartextpassword)
//
/**
* Creates MD5 based crypt formatted password.
* If salt is not provided we generate one.
*
* @param string $pw plain text password
* @param string $salt (optional)
* @param string $magic (optional)
* @return string hashed password in crypt format.
*/
function md5crypt($pw, $salt="", $magic="") {
$MAGIC = "$1$";
@ -1286,6 +1314,9 @@ function md5crypt($pw, $salt="", $magic="") {
return "$magic$salt\$$passwd";
}
/**
* @return string - should be random, 8 chars long
*/
function create_salt() {
srand((int) microtime()*1000000);
$salt = substr(md5("" . rand(0, 9999999)), 0, 8);
@ -1631,7 +1662,7 @@ function db_sqlite() {
* @param array $values
* @return array
*/
function db_query_all($sql, array $values = array()) {
function db_query_all($sql, array $values = []) {
$r = db_query($sql, $values);
return $r['result']->fetchAll(PDO::FETCH_ASSOC);
}
@ -1641,7 +1672,7 @@ function db_query_all($sql, array $values = array()) {
* @param array $values
* @return array
*/
function db_query_one($sql, array $values = array()) {
function db_query_one($sql, array $values = []) {
$r = db_query($sql, $values);
return $r['result']->fetch(PDO::FETCH_ASSOC);
}
@ -1653,7 +1684,7 @@ function db_query_one($sql, array $values = array()) {
* @param bool $throw_errors
* @return int number of rows affected by the query
*/
function db_execute($sql, array $values = array(), $throw_errors = false) {
function db_execute($sql, array $values = [], $throw_errors = false) {
$link = db_connect();
try {

Loading…
Cancel
Save