Mercurial > prosody-modules
comparison mod_auth_phpbb3/mod_auth_phpbb3.lua @ 377:145fa870321c
mod_auth_phpbb3: Implement password change.
| author | Waqas Hussain <waqas20@gmail.com> |
|---|---|
| date | Fri, 01 Jul 2011 07:55:22 +0500 |
| parents | 8f5726adc61e |
| children | 2a2b70e1a998 |
comparison
equal
deleted
inserted
replaced
| 376:8f5726adc61e | 377:145fa870321c |
|---|---|
| 6 local log = require "util.logger".init("auth_sql"); | 6 local log = require "util.logger".init("auth_sql"); |
| 7 local new_sasl = require "util.sasl".new; | 7 local new_sasl = require "util.sasl".new; |
| 8 local nodeprep = require "util.encodings".stringprep.nodeprep; | 8 local nodeprep = require "util.encodings".stringprep.nodeprep; |
| 9 local DBI = require "DBI" | 9 local DBI = require "DBI" |
| 10 local md5 = require "util.hashes".md5; | 10 local md5 = require "util.hashes".md5; |
| 11 local uuid_gen = require "util.uuid".generate; | |
| 11 | 12 |
| 12 local connection; | 13 local connection; |
| 13 local params = module:get_option("sql"); | 14 local params = module:get_option("sql"); |
| 14 | 15 |
| 15 local resolve_relative_path = require "core.configmanager".resolve_relative_path; | 16 local resolve_relative_path = require "core.configmanager".resolve_relative_path; |
| 69 if not ok and not test_connection() then error("connection failed"); end | 70 if not ok and not test_connection() then error("connection failed"); end |
| 70 if not ok then return nil, err; end | 71 if not ok then return nil, err; end |
| 71 | 72 |
| 72 return stmt; | 73 return stmt; |
| 73 end | 74 end |
| 75 local function setsql(sql, ...) | |
| 76 local stmt, err = getsql(sql, ...); | |
| 77 if not stmt then return stmt, err; end | |
| 78 return stmt:affected(); | |
| 79 end | |
| 74 | 80 |
| 75 local function get_password(username) | 81 local function get_password(username) |
| 76 local stmt, err = getsql("SELECT `user_password` FROM `phpbb_users` WHERE `username`=?", username); | 82 local stmt, err = getsql("SELECT `user_password` FROM `phpbb_users` WHERE `username`=?", username); |
| 77 if stmt then | 83 if stmt then |
| 78 for row in stmt:rows(true) do | 84 for row in stmt:rows(true) do |
| 81 end | 87 end |
| 82 end | 88 end |
| 83 | 89 |
| 84 local itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; | 90 local itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; |
| 85 | 91 |
| 86 local function hashEncode64(input) | 92 local function hashEncode64(input, count) |
| 87 local count = 16; | |
| 88 local output = ""; | 93 local output = ""; |
| 89 local i, value = 0, 0; | 94 local i, value = 0, 0; |
| 90 | 95 |
| 91 while true do | 96 while true do |
| 92 value = input:byte(i+1) | 97 value = input:byte(i+1) |
| 120 | 125 |
| 121 if not(i < count) then break; end | 126 if not(i < count) then break; end |
| 122 end | 127 end |
| 123 return output; | 128 return output; |
| 124 end | 129 end |
| 125 local function hashCryptPrivate(password, genSalt, itoa64) | 130 local function hashCryptPrivate(password, genSalt) |
| 126 local output = "*"; | 131 local output = "*"; |
| 127 if not genSalt:match("^%$H%$") then return output; end | 132 if not genSalt:match("^%$H%$") then return output; end |
| 128 | 133 |
| 129 local count_log2 = itoa64:find(genSalt:sub(4,4)) - 1; | 134 local count_log2 = itoa64:find(genSalt:sub(4,4)) - 1; |
| 130 if count_log2 < 7 or count_log2 > 30 then return output; end | 135 if count_log2 < 7 or count_log2 > 30 then return output; end |
| 141 if not(count > 1) then break; end | 146 if not(count > 1) then break; end |
| 142 count = count-1; | 147 count = count-1; |
| 143 end | 148 end |
| 144 | 149 |
| 145 output = genSalt:sub(1, 12); | 150 output = genSalt:sub(1, 12); |
| 146 output = output .. hashEncode64(hash); | 151 output = output .. hashEncode64(hash, 16); |
| 147 | 152 |
| 148 return output; | 153 return output; |
| 149 end | 154 end |
| 155 local function hashGensaltPrivate(input) | |
| 156 local iteration_count_log2 = 6; | |
| 157 local output = "$H$"; | |
| 158 local idx = math.min(iteration_count_log2 + 5, 30) + 1; | |
| 159 output = output .. itoa64:sub(idx, idx); | |
| 160 output = output .. hashEncode64(input, 6); | |
| 161 return output; | |
| 162 end | |
| 150 local function phpbbCheckHash(password, hash) | 163 local function phpbbCheckHash(password, hash) |
| 151 return #hash == 34 and hashCryptPrivate(password, hash, itoa64) == hash; | 164 return #hash == 34 and hashCryptPrivate(password, hash) == hash; |
| 152 end | 165 end |
| 166 local function phpbbHash(password) | |
| 167 local random = uuid_gen():sub(-6); | |
| 168 local salt = hashGensaltPrivate(random); | |
| 169 local hash = hashCryptPrivate(password, salt); | |
| 170 if #hash == 34 then return hash; end | |
| 171 return md5(password, true); | |
| 172 end | |
| 173 | |
| 153 | 174 |
| 154 provider = { name = "phpbb3" }; | 175 provider = { name = "phpbb3" }; |
| 155 | 176 |
| 156 function provider.test_password(username, password) | 177 function provider.test_password(username, password) |
| 157 --module:log("debug", "test_password '%s' for user %s", tostring(password), tostring(username)); | 178 --module:log("debug", "test_password '%s' for user %s", tostring(password), tostring(username)); |
| 165 | 186 |
| 166 function provider.get_password(username) | 187 function provider.get_password(username) |
| 167 return nil, "Getting password is not supported."; | 188 return nil, "Getting password is not supported."; |
| 168 end | 189 end |
| 169 function provider.set_password(username, password) | 190 function provider.set_password(username, password) |
| 170 return nil, "Setting password is not supported."; | 191 local hash = phpbbHash(password); |
| 192 local stmt, err = setsql("UPDATE `phpbb_users` SET `user_password`=? WHERE `username`=?", hash, username); | |
| 193 return stmt and true, err; | |
| 171 end | 194 end |
| 172 function provider.create_user(username, password) | 195 function provider.create_user(username, password) |
| 173 return nil, "Account creation/modification not supported."; | 196 return nil, "Account creation/modification not supported."; |
| 174 end | 197 end |
| 175 | 198 |
