Comparison

mod_auth_phpbb3/mod_auth_phpbb3.lua @ 377:145fa870321c

mod_auth_phpbb3: Implement password change.
author Waqas Hussain <waqas20@gmail.com>
date Fri, 01 Jul 2011 07:55:22 +0500
parent 376:8f5726adc61e
child 419:2a2b70e1a998
comparison
equal deleted inserted replaced
376:8f5726adc61e 377:145fa870321c
6 local log = require "util.logger".init("auth_sql"); 6 local log = require "util.logger".init("auth_sql");
7 local new_sasl = require "util.sasl".new; 7 local new_sasl = require "util.sasl".new;
8 local nodeprep = require "util.encodings".stringprep.nodeprep; 8 local nodeprep = require "util.encodings".stringprep.nodeprep;
9 local DBI = require "DBI" 9 local DBI = require "DBI"
10 local md5 = require "util.hashes".md5; 10 local md5 = require "util.hashes".md5;
11 local uuid_gen = require "util.uuid".generate;
11 12
12 local connection; 13 local connection;
13 local params = module:get_option("sql"); 14 local params = module:get_option("sql");
14 15
15 local resolve_relative_path = require "core.configmanager".resolve_relative_path; 16 local resolve_relative_path = require "core.configmanager".resolve_relative_path;
69 if not ok and not test_connection() then error("connection failed"); end 70 if not ok and not test_connection() then error("connection failed"); end
70 if not ok then return nil, err; end 71 if not ok then return nil, err; end
71 72
72 return stmt; 73 return stmt;
73 end 74 end
75 local function setsql(sql, ...)
76 local stmt, err = getsql(sql, ...);
77 if not stmt then return stmt, err; end
78 return stmt:affected();
79 end
74 80
75 local function get_password(username) 81 local function get_password(username)
76 local stmt, err = getsql("SELECT `user_password` FROM `phpbb_users` WHERE `username`=?", username); 82 local stmt, err = getsql("SELECT `user_password` FROM `phpbb_users` WHERE `username`=?", username);
77 if stmt then 83 if stmt then
78 for row in stmt:rows(true) do 84 for row in stmt:rows(true) do
81 end 87 end
82 end 88 end
83 89
84 local itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; 90 local itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
85 91
86 local function hashEncode64(input) 92 local function hashEncode64(input, count)
87 local count = 16;
88 local output = ""; 93 local output = "";
89 local i, value = 0, 0; 94 local i, value = 0, 0;
90 95
91 while true do 96 while true do
92 value = input:byte(i+1) 97 value = input:byte(i+1)
120 125
121 if not(i < count) then break; end 126 if not(i < count) then break; end
122 end 127 end
123 return output; 128 return output;
124 end 129 end
125 local function hashCryptPrivate(password, genSalt, itoa64) 130 local function hashCryptPrivate(password, genSalt)
126 local output = "*"; 131 local output = "*";
127 if not genSalt:match("^%$H%$") then return output; end 132 if not genSalt:match("^%$H%$") then return output; end
128 133
129 local count_log2 = itoa64:find(genSalt:sub(4,4)) - 1; 134 local count_log2 = itoa64:find(genSalt:sub(4,4)) - 1;
130 if count_log2 < 7 or count_log2 > 30 then return output; end 135 if count_log2 < 7 or count_log2 > 30 then return output; end
141 if not(count > 1) then break; end 146 if not(count > 1) then break; end
142 count = count-1; 147 count = count-1;
143 end 148 end
144 149
145 output = genSalt:sub(1, 12); 150 output = genSalt:sub(1, 12);
146 output = output .. hashEncode64(hash); 151 output = output .. hashEncode64(hash, 16);
147 152
148 return output; 153 return output;
149 end 154 end
155 local function hashGensaltPrivate(input)
156 local iteration_count_log2 = 6;
157 local output = "$H$";
158 local idx = math.min(iteration_count_log2 + 5, 30) + 1;
159 output = output .. itoa64:sub(idx, idx);
160 output = output .. hashEncode64(input, 6);
161 return output;
162 end
150 local function phpbbCheckHash(password, hash) 163 local function phpbbCheckHash(password, hash)
151 return #hash == 34 and hashCryptPrivate(password, hash, itoa64) == hash; 164 return #hash == 34 and hashCryptPrivate(password, hash) == hash;
152 end 165 end
166 local function phpbbHash(password)
167 local random = uuid_gen():sub(-6);
168 local salt = hashGensaltPrivate(random);
169 local hash = hashCryptPrivate(password, salt);
170 if #hash == 34 then return hash; end
171 return md5(password, true);
172 end
173
153 174
154 provider = { name = "phpbb3" }; 175 provider = { name = "phpbb3" };
155 176
156 function provider.test_password(username, password) 177 function provider.test_password(username, password)
157 --module:log("debug", "test_password '%s' for user %s", tostring(password), tostring(username)); 178 --module:log("debug", "test_password '%s' for user %s", tostring(password), tostring(username));
165 186
166 function provider.get_password(username) 187 function provider.get_password(username)
167 return nil, "Getting password is not supported."; 188 return nil, "Getting password is not supported.";
168 end 189 end
169 function provider.set_password(username, password) 190 function provider.set_password(username, password)
170 return nil, "Setting password is not supported."; 191 local hash = phpbbHash(password);
192 local stmt, err = setsql("UPDATE `phpbb_users` SET `user_password`=? WHERE `username`=?", hash, username);
193 return stmt and true, err;
171 end 194 end
172 function provider.create_user(username, password) 195 function provider.create_user(username, password)
173 return nil, "Account creation/modification not supported."; 196 return nil, "Account creation/modification not supported.";
174 end 197 end
175 198