# HG changeset patch # User Waqas Hussain # Date 1309488922 -18000 # Node ID 145fa870321cd8e3f8c69611571ab782e4b26b54 # Parent 8f5726adc61e8badeb09658b7c596052052eab2c mod_auth_phpbb3: Implement password change. diff -r 8f5726adc61e -r 145fa870321c mod_auth_phpbb3/mod_auth_phpbb3.lua --- a/mod_auth_phpbb3/mod_auth_phpbb3.lua Fri Jul 01 07:53:13 2011 +0500 +++ b/mod_auth_phpbb3/mod_auth_phpbb3.lua Fri Jul 01 07:55:22 2011 +0500 @@ -8,6 +8,7 @@ local nodeprep = require "util.encodings".stringprep.nodeprep; local DBI = require "DBI" local md5 = require "util.hashes".md5; +local uuid_gen = require "util.uuid".generate; local connection; local params = module:get_option("sql"); @@ -71,6 +72,11 @@ return stmt; end +local function setsql(sql, ...) + local stmt, err = getsql(sql, ...); + if not stmt then return stmt, err; end + return stmt:affected(); +end local function get_password(username) local stmt, err = getsql("SELECT `user_password` FROM `phpbb_users` WHERE `username`=?", username); @@ -83,8 +89,7 @@ local itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; -local function hashEncode64(input) - local count = 16; +local function hashEncode64(input, count) local output = ""; local i, value = 0, 0; @@ -122,7 +127,7 @@ end return output; end -local function hashCryptPrivate(password, genSalt, itoa64) +local function hashCryptPrivate(password, genSalt) local output = "*"; if not genSalt:match("^%$H%$") then return output; end @@ -143,13 +148,29 @@ end output = genSalt:sub(1, 12); - output = output .. hashEncode64(hash); + output = output .. hashEncode64(hash, 16); return output; end +local function hashGensaltPrivate(input) + local iteration_count_log2 = 6; + local output = "$H$"; + local idx = math.min(iteration_count_log2 + 5, 30) + 1; + output = output .. itoa64:sub(idx, idx); + output = output .. hashEncode64(input, 6); + return output; +end local function phpbbCheckHash(password, hash) - return #hash == 34 and hashCryptPrivate(password, hash, itoa64) == hash; + return #hash == 34 and hashCryptPrivate(password, hash) == hash; end +local function phpbbHash(password) + local random = uuid_gen():sub(-6); + local salt = hashGensaltPrivate(random); + local hash = hashCryptPrivate(password, salt); + if #hash == 34 then return hash; end + return md5(password, true); +end + provider = { name = "phpbb3" }; @@ -167,7 +188,9 @@ return nil, "Getting password is not supported."; end function provider.set_password(username, password) - return nil, "Setting password is not supported."; + local hash = phpbbHash(password); + local stmt, err = setsql("UPDATE `phpbb_users` SET `user_password`=? WHERE `username`=?", hash, username); + return stmt and true, err; end function provider.create_user(username, password) return nil, "Account creation/modification not supported.";