Change in the login mechanism
Now use passwords hashed & salted. Validate with PHP's password_verify() function Password hashes can be generated with : * mkpasswd --method=sha-512 * PHP's password_hash()
This commit is contained in:
parent
143af65357
commit
d746aa445e
|
@ -15,29 +15,28 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
// Email pour les notifications
|
|
||||||
$oriconf['admin']['mail'] = 'admin@example.com';
|
$oriconf['admin']['mail'] = 'admin@example.com';
|
||||||
$oriconf['techmail'] = 'jdoe@example.com';
|
$oriconf['techmail'] = 'jdoe@example.com';
|
||||||
$oriconf['debug'] = FALSE;
|
$oriconf['debug'] = false;
|
||||||
$oriconf['superadmin'] = array('superadmin');
|
$oriconf['superadmin'] = array('superadmin');
|
||||||
$oriconf['script_path'] = '/usr/share/scripts/evoadmin';
|
$oriconf['script_path'] = '/usr/share/scripts/evoadmin';
|
||||||
$oriconf['cluster'] = FALSE;
|
$oriconf['cluster'] = false;
|
||||||
$oriconf['servers'] = array('servers');
|
$oriconf['servers'] = array('servers');
|
||||||
$oriconf['cache'] = '/home/evoadmin/www/cache.sqlite';
|
$oriconf['cache'] = '/home/evoadmin/www/cache.sqlite';
|
||||||
$oriconf['known_host'] = '/home/evoadmin/www/known_host';
|
$oriconf['known_host'] = '/home/evoadmin/www/known_host';
|
||||||
$oriconf['ftpadmin'] = FALSE;
|
$oriconf['ftpadmin'] = false;
|
||||||
$oriconf['bindadmin'] = FALSE;
|
$oriconf['bindadmin'] = false;
|
||||||
// Penser à rajouter également les versions de PHP disponibles dans /etc/evolinux/web-add.conf
|
// Warning: Don't forget to add available PHP versions into : /etc/evolinux/web-add.conf
|
||||||
// $oriconf['php_versions'] = array();
|
// $oriconf['php_versions'] = array();
|
||||||
$oriconf['quota'] = FALSE;
|
$oriconf['quota'] = false;
|
||||||
$oriconf['dbadmin'] = FALSE;
|
$oriconf['dbadmin'] = false;
|
||||||
|
|
||||||
$oriconf['noreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
|
$oriconf['noreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
|
||||||
$oriconf['postponedreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
|
$oriconf['postponedreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
|
||||||
$oriconf['immediatereplication'] = array('srv00.example.com', 'srv01.example.com');
|
$oriconf['immediatereplication'] = array('srv00.example.com', 'srv01.example.com');
|
||||||
$oriconf['postponedreplication_mode'] = array('1 fois/jour', '3 fois/jour', '1 fois/jour');
|
$oriconf['postponedreplication_mode'] = array('1 fois/jour', '3 fois/jour', '1 fois/jour');
|
||||||
|
|
||||||
// auth (sha256 hashs)
|
// Generate password hashes : mkpasswd --method=sha-512 (cli) or with PHP's password_hash()
|
||||||
$oriconf['logins'] = array();
|
$oriconf['logins'] = array();
|
||||||
//$oriconf['logins']['foo'] = 'd5d3c723fb82cb0078f399888af78204234535ec2ef3da56710fdd51f90d2477';
|
//$oriconf['logins']['foo'] = '$6$X0jqa/ausLSBkj4m$dLMMcPGVxak.aDPo4V/GJLm2d8vU8/QA5LbGTuqXCdxSNYU0kRKBgDl16GAyp0GqXXZ5wwDEJKQ1npgFwiuV81';
|
||||||
//$oriconf['logins']['bar'] = '7938c84d6e43d1659612a7ea7c1101ed02e52751bb64597a8c20ebaba8ba4303';
|
//$oriconf['logins']['bar'] = '$6$Q6233S6mlWAF6p.j$LtzwG02YucozwqjAgSpeldh24Mnz7lBuVSbOQYbKKh9FiUx3tMVl6kJZkmrNdPqeadFXKAYXrqn.gy8KposF5.';
|
||||||
|
|
34
inc/auth.php
34
inc/auth.php
|
@ -1,38 +1,40 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authentification page
|
* Authentification controler
|
||||||
*
|
*
|
||||||
* Copyright (c) 2009 Evolix - Tous droits reserves
|
* Copyright (c) 2009-2022 Evolix - Tous droits reserves
|
||||||
*
|
|
||||||
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
|
|
||||||
*
|
*
|
||||||
|
* @author Evolix <info@evolix.fr>
|
||||||
* @author Gregory Colpart <reg@evolix.fr>
|
* @author Gregory Colpart <reg@evolix.fr>
|
||||||
* @author Thomas Martin <tmartin@evolix.fr>
|
* @author Thomas Martin <tmartin@evolix.fr>
|
||||||
* @author Sebastien Palma <spalma@evolix.fr>
|
* @author Sebastien Palma <spalma@evolix.fr>
|
||||||
|
* @author and others.
|
||||||
* @version 1.0
|
* @version 1.0
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if ((empty($_GET['form']) || $_GET['form']!=1) && !empty($_POST)) {
|
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) {
|
||||||
$username=$_POST['login'];
|
$input_username = $_POST['login'];
|
||||||
$password=$_POST['passw'];
|
$input_password = $_POST['passw'];
|
||||||
|
|
||||||
|
if (isset($conf['logins'][$input_username]) && password_verify($input_password, $conf['logins'][$input_username]) ) {
|
||||||
|
$_SESSION['auth'] = true;
|
||||||
|
$_SESSION['user'] = $input_username;
|
||||||
|
$_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
|
||||||
|
unset($_SESSION['error']);
|
||||||
|
|
||||||
if (hash("sha256",$password) == $conf['logins'][$username]) {
|
|
||||||
$_SESSION['auth']=1;
|
|
||||||
$_SESSION['user']=$username;
|
|
||||||
$_SESSION['user_id'] = posix_getpwnam($username) ? posix_getpwnam($username)['uid'] : 65534;
|
|
||||||
$_SESSION['error']='';
|
|
||||||
} else {
|
} else {
|
||||||
$_SESSION['auth']=0;
|
$_SESSION['auth'] = false;
|
||||||
$_SESSION['user'] = '';
|
$_SESSION['user'] = '';
|
||||||
$_SESSION['error']=1;
|
$_SESSION['error'] = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
http_redirect('/');
|
http_redirect('/');
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
if (!empty($_SESSION['error'])) {
|
if (!empty($_SESSION['error'])) {
|
||||||
$error = $_SESSION['error'];
|
$error = $_SESSION['error'];
|
||||||
|
unset($_SESSION['error']);
|
||||||
}
|
}
|
||||||
|
|
||||||
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
|
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
|
||||||
|
@ -40,5 +42,3 @@ if(!empty($_SESSION['error'])) {
|
||||||
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
|
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
|
||||||
|
|
|
@ -1,21 +1,21 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authentification form
|
* Authentification page
|
||||||
*
|
*
|
||||||
* Copyright (c) 2009 Evolix - Tous droits reserves
|
* Copyright (c) 2009-2022 Evolix - Tous droits reserves
|
||||||
*
|
|
||||||
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
|
|
||||||
*
|
*
|
||||||
|
* @author Evolix <info@evolix.fr>
|
||||||
* @author Gregory Colpart <reg@evolix.fr>
|
* @author Gregory Colpart <reg@evolix.fr>
|
||||||
* @author Thomas Martin <tmartin@evolix.fr>
|
* @author Thomas Martin <tmartin@evolix.fr>
|
||||||
* @author Sebastien Palma <spalma@evolix.fr>
|
* @author Sebastien Palma <spalma@evolix.fr>
|
||||||
|
* @author and others.
|
||||||
* @version 1.0
|
* @version 1.0
|
||||||
*/
|
*/
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<br/><br/>
|
<h2>Evoadmin : Connexion</h2>
|
||||||
|
|
||||||
<form method="POST">
|
<form method="POST">
|
||||||
<table align="center">
|
<table align="center">
|
||||||
<tr>
|
<tr>
|
||||||
|
@ -34,7 +34,10 @@
|
||||||
if (!empty($error)) {
|
if (!empty($error)) {
|
||||||
?>
|
?>
|
||||||
<tr>
|
<tr>
|
||||||
<td colspan="2" class="auth-error">Identifiants invalides. Veuillez ré-essayer</td>
|
<td colspan="2" class="auth-error">
|
||||||
|
Identifiants invalides.
|
||||||
|
Veuillez ré-essayer
|
||||||
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue