[SUCS Devel] [Git][sucssite/sucs-site][sha512-passwords] 5 commits: Use node:current image
Imran Hussain (@imranh)
imranh at sucs.org
Thu Dec 23 11:53:16 GMT 2021
Imran Hussain pushed to branch sha512-passwords at sucssite / sucs-site
Commits:
c977f70e by Imran Hussain at 2021-12-23T11:46:24+00:00
Use node:current image
- - - - -
9e43fafb by Imran Hussain at 2021-12-23T11:50:55+00:00
Merge branch 'fix-ci' into 'master'
Use node:current image
See merge request sucssite/sucs-site!124
- - - - -
72f09f31 by Imran Hussain at 2021-12-23T11:53:13+00:00
[lib/member_functions.php] new cryptPassword() func and generateLdif() update
- - - - -
7fa450bc by Imran Hussain at 2021-12-23T11:53:13+00:00
[components/options.php] Update changePassword() to use new password hash
- - - - -
3dbedd6b by Imran Hussain at 2021-12-23T11:53:13+00:00
[components/options.php] add missing )
- - - - -
3 changed files:
- .gitlab-ci.yml
- components/options.php
- lib/member_functions.php
Changes:
=====================================
.gitlab-ci.yml
=====================================
@@ -22,15 +22,8 @@ php-syntax-check:
js-syntax-check:
stage: test
+ image: node:current
script:
- - apt-get clean
- - apt-get update
-# - apt-get install -y nodejs
-# - ln -s /usr/bin/nodejs /usr/bin/node
- - apt-get install -y curl gnupg
- - curl -sL https://deb.nodesource.com/setup_8.x | bash -
- - apt-get install -y nodejs
- - apt-get install -y npm
- npm install -g jshint
- find htdocs/js/ -name *.js ! -name jquery* | xargs -n 1 jshint --verbose
@@ -52,4 +45,4 @@ deploy-live:
- curl https://sucs.org/pull.php
only:
- sucs-site
- environment: live
\ No newline at end of file
+ environment: live
=====================================
components/options.php
=====================================
@@ -5,6 +5,8 @@ require_once("../lib/validation.php");
require_once("Net/MAC.php");
include_once("../lib/date.php");
+// password hash, renewal functions
+include_once("../lib/member_functions.php");
// Some Constants
// These could possibly be moved somewhere saner?
@@ -47,7 +49,7 @@ function changePassword($oldpass, $newpass1, $newpass2)
// if everything looks OK, attempt to make the change
$success = ldap_mod_replace($ldap, "uid=" . $session->username . ",ou=People,dc=sucs,dc=org",
- array('userpassword' => "{SHA}" . base64_encode(pack("H*", sha1($newpass1)))));
+ array('userpassword' => "{CRYPT}" . cryptPassword($newpass1)));
ldap_close($ldap);
return $success;
@@ -214,7 +216,6 @@ function updateRenew()
return FALSE;
}
- include_once("../lib/member_functions.php");
renew_membership($member['username']);
$sucsDB->Execute("update signup set activated=NOW(), username=? where id=?", array($member['username'], $signup['id']));
return TRUE;
=====================================
lib/member_functions.php
=====================================
@@ -29,6 +29,19 @@ function make_password($length = 8)
return $password;
}
+// https://stackoverflow.com/a/44428794
+function cryptPassword($password, $salt = "", $rounds = 5000)
+{
+ if ($salt == "") {
+ // Generate random salt
+ $salt = substr(bin2hex(openssl_random_pseudo_bytes(16)),0,16);
+ }
+ // $6$ specifies SHA512
+ $hash = crypt($password, sprintf('$6$rounds=%d$%s$', $rounds, $salt));
+
+ return $hash;
+}
+
function generateUid()
{
@@ -63,7 +76,7 @@ function generateLdif($uid, $password, $type, $realname, $username)
// explode the realname
$nameexplode = explode(' ', trim($realname));
// hash the password
- $ldappassword = "{SHA}" . base64_encode(pack("H*", sha1($password)));
+ $ldappassword = "{CRYPT}" . cryptPassword($password);
// compile ldif
$ldif = "dn: uid=" . $username . ",ou=People,dc=sucs,dc=org\n";
$ldif .= "uid: " . $username . "\n";
View it on GitLab: https://projects.sucs.org/sucssite/sucs-site/-/compare/c6b86c7ab7d439e6baeefbf33cfa47a3df67d056...3dbedd6b0681c758720603572802609f1ce75080
--
View it on GitLab: https://projects.sucs.org/sucssite/sucs-site/-/compare/c6b86c7ab7d439e6baeefbf33cfa47a3df67d056...3dbedd6b0681c758720603572802609f1ce75080
You're receiving this email because of your account on projects.sucs.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sucs.org/pipermail/devel/attachments/20211223/b31f6113/attachment-0001.html>
More information about the Devel
mailing list