evolix
/
evoadmin-web
22
0
Fork 1
Code Issues 31 Pull Requests 4 Releases 1 Wiki Activity

Change in the login mechanism 

Now use passwords hashed & salted. Validate with PHP's password_verify() function

Password hashes can be generated with :
* mkpasswd --method=sha-512
* PHP's password_hash()
This commit is contained in:
Ludovic Poujol 2022-07-05 11:25:37 +02:00
parent 143af65357
commit d746aa445e
3 changed files with 77 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
conf/config.php
View File

@ -8,36 +8,35 @@
* $Id: config.php 273 2009-05-12 13:54:50Z tmartin $ * $Id: config.php 273 2009-05-12 13:54:50Z tmartin $
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2 * vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2
* *
* @author Gregory Colpart <reg@evolix.fr> * @author Gregory Colpart <reg@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr> * @author Thomas Martin <tmartin@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr> * @author Sebastien Palma <spalma@evolix.fr>
* @version 1.0 * @version 1.0
*/ */
// Email pour les notifications
$oriconf['admin']['mail'] = 'admin@example.com'; $oriconf['admin']['mail'] = 'admin@example.com';
$oriconf['techmail'] = 'jdoe@example.com'; $oriconf['techmail'] = 'jdoe@example.com';
$oriconf['debug'] = FALSE; $oriconf['debug'] = false;
$oriconf['superadmin'] = array('superadmin'); $oriconf['superadmin'] = array('superadmin');
$oriconf['script_path'] = '/usr/share/scripts/evoadmin'; $oriconf['script_path'] = '/usr/share/scripts/evoadmin';
$oriconf['cluster'] = FALSE; $oriconf['cluster'] = false;
$oriconf['servers'] = array('servers'); $oriconf['servers'] = array('servers');
$oriconf['cache'] = '/home/evoadmin/www/cache.sqlite'; $oriconf['cache'] = '/home/evoadmin/www/cache.sqlite';
$oriconf['known_host'] = '/home/evoadmin/www/known_host'; $oriconf['known_host'] = '/home/evoadmin/www/known_host';
$oriconf['ftpadmin'] = FALSE; $oriconf['ftpadmin'] = false;
$oriconf['bindadmin'] = FALSE; $oriconf['bindadmin'] = false;
// Penser à rajouter également les versions de PHP disponibles dans /etc/evolinux/web-add.conf // Warning: Don't forget to add available PHP versions into : /etc/evolinux/web-add.conf
// $oriconf['php_versions'] = array(); // $oriconf['php_versions'] = array();
$oriconf['quota'] = FALSE; $oriconf['quota'] = false;
$oriconf['dbadmin'] = FALSE; $oriconf['dbadmin'] = false;
$oriconf['noreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com'); $oriconf['noreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
$oriconf['postponedreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com'); $oriconf['postponedreplication'] = array('srv00.example.com', 'srv01.example.com', 'srv02.example.com');
$oriconf['immediatereplication'] = array('srv00.example.com', 'srv01.example.com'); $oriconf['immediatereplication'] = array('srv00.example.com', 'srv01.example.com');
$oriconf['postponedreplication_mode'] = array('1 fois/jour', '3 fois/jour', '1 fois/jour'); $oriconf['postponedreplication_mode'] = array('1 fois/jour', '3 fois/jour', '1 fois/jour');
// auth (sha256 hashs) // Generate password hashes : mkpasswd --method=sha-512 (cli) or with PHP's password_hash()
$oriconf['logins'] = array(); $oriconf['logins'] = array();
//$oriconf['logins']['foo'] = 'd5d3c723fb82cb0078f399888af78204234535ec2ef3da56710fdd51f90d2477'; //$oriconf['logins']['foo'] = '$6$X0jqa/ausLSBkj4m$dLMMcPGVxak.aDPo4V/GJLm2d8vU8/QA5LbGTuqXCdxSNYU0kRKBgDl16GAyp0GqXXZ5wwDEJKQ1npgFwiuV81';
//$oriconf['logins']['bar'] = '7938c84d6e43d1659612a7ea7c1101ed02e52751bb64597a8c20ebaba8ba4303'; //$oriconf['logins']['bar'] = '$6$Q6233S6mlWAF6p.j$LtzwG02YucozwqjAgSpeldh24Mnz7lBuVSbOQYbKKh9FiUx3tMVl6kJZkmrNdPqeadFXKAYXrqn.gy8KposF5.';

62
inc/auth.php
View File

@ -1,44 +1,44 @@
<?php <?php
/** /**
* Authentification page * Authentification controler
* *
* Copyright (c) 2009 Evolix - Tous droits reserves * Copyright (c) 2009-2022 Evolix - Tous droits reserves
* *
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2 * @author Evolix <info@evolix.fr>
* * @author Gregory Colpart <reg@evolix.fr>
* @author Gregory Colpart <reg@evolix.fr> * @author Thomas Martin <tmartin@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr> * @author Sebastien Palma <spalma@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr> * @author and others.
* @version 1.0 * @version 1.0
*/ */
if ((empty($_GET['form']) || $_GET['form']!=1) && !empty($_POST)) { if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST)) {
$username=$_POST['login']; $input_username = $_POST['login'];
$password=$_POST['passw']; $input_password = $_POST['passw'];
if (hash("sha256",$password) == $conf['logins'][$username]) { if (isset($conf['logins'][$input_username]) && password_verify($input_password, $conf['logins'][$input_username]) ) {
$_SESSION['auth']=1; $_SESSION['auth'] = true;
$_SESSION['user']=$username; $_SESSION['user'] = $input_username;
$_SESSION['user_id'] = posix_getpwnam($username) ? posix_getpwnam($username)['uid'] : 65534; $_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
$_SESSION['error']=''; unset($_SESSION['error']);
} else {
$_SESSION['auth']=0; } else {
$_SESSION['user']=''; $_SESSION['auth'] = false;
$_SESSION['error']=1; $_SESSION['user'] = '';
} $_SESSION['error'] = true;
http_redirect('/'); }
http_redirect('/');
} else { } else {
if(!empty($_SESSION['error'])) { if (!empty($_SESSION['error'])) {
$error=$_SESSION['error']; $error = $_SESSION['error'];
} unset($_SESSION['error']);
}
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/auth.tpl.php'; include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php'; include_once EVOADMIN_BASE . '../tpl/auth.tpl.php';
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
} }
?>

63
tpl/auth.tpl.php
View File

@ -1,43 +1,46 @@
<?php <?php
/** /**
* Authentification form * Authentification page
* *
* Copyright (c) 2009 Evolix - Tous droits reserves * Copyright (c) 2009-2022 Evolix - Tous droits reserves
* *
* vim: expandtab softtabstop=4 tabstop=4 shiftwidth=4 showtabline=2 * @author Evolix <info@evolix.fr>
* * @author Gregory Colpart <reg@evolix.fr>
* @author Gregory Colpart <reg@evolix.fr> * @author Thomas Martin <tmartin@evolix.fr>
* @author Thomas Martin <tmartin@evolix.fr> * @author Sebastien Palma <spalma@evolix.fr>
* @author Sebastien Palma <spalma@evolix.fr> * @author and others.
* @version 1.0 * @version 1.0
*/ */
?> ?>
<br/><br/> <h2>Evoadmin : Connexion</h2>
<form method="POST"> <form method="POST">
<table align="center"> <table align="center">
<tr> <tr>
<td align="right">Utilisateur : &nbsp;</td> <td align="right">Utilisateur : &nbsp;</td>
<td align="left"><input type="text" name="login" /></td> <td align="left"><input type="text" name="login" /></td>
</tr> </tr>
<tr> <tr>
<td align="right">Mot de passe : &nbsp;</td> <td align="right">Mot de passe : &nbsp;</td>
<td align="left"><input type="password" name="passw" /></td> <td align="left"><input type="password" name="passw" /></td>
</tr> </tr>
<tr> <tr>
<td>&nbsp;</td> <td>&nbsp;</td>
<td align="left"><br/><input type="submit" value="Connexion" /></td> <td align="left"><br/><input type="submit" value="Connexion" /></td>
</tr> </tr>
<?php <?php
if (!empty($error)) { if (!empty($error)) {
?> ?>
<tr> <tr>
<td colspan="2" class="auth-error">Identifiants invalides. Veuillez -essayer</td> <td colspan="2" class="auth-error">
</tr> Identifiants invalides.
<?php Veuillez -essayer
} </td>
?> </tr>
<?php
}
?>
</table> </table>
</form> </form>