Skip to content

Commit

Permalink
Merge pull request poweradmin#337 from j4Hu/master
Browse files Browse the repository at this point in the history
mcrypt_ to openssl_ encrypt&decrypt
  • Loading branch information
SebTM authored Dec 31, 2017
2 parents 772946a + ce3c8b5 commit a8f619b
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
6 changes: 3 additions & 3 deletions inc/plugins/auth_local/auth_local.plugin.php
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ function authenticate_local() {

// If a user had just entered his/her login && password, store them in our session.
if (isset($_POST["authenticate"])) {
$_SESSION["userpwd"] = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($session_key), $_POST['password'], MCRYPT_MODE_CBC, md5(md5($session_key))));
$_SESSION["userpwd"] = base64_encode(openssl_encrypt($_POST['password'], "aes-256-cbc", md5($session_key), OPENSSL_RAW_DATA, md5(md5($session_key))));

$_SESSION["userlogin"] = $_POST["username"];
$_SESSION["userlang"] = $_POST["userlang"];
Expand Down Expand Up @@ -137,7 +137,7 @@ function LDAPAuthenticate() {
}
$user_dn = $entries[0]["dn"];

$session_pass = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($session_key), base64_decode($_SESSION["userpwd"]), MCRYPT_MODE_CBC, md5(md5($session_key))), "\0");
$session_pass = rtrim(openssl_decrypt(base64_decode($_SESSION["userpwd"]), "aes-256-cbc", md5($session_key), OPENSSL_RAW_DATA, md5(md5($session_key))) , "\0");;
$ldapbind = ldap_bind($ldapconn, $user_dn, $session_pass);
if (!$ldapbind) {
if (isset($_POST["authenticate"]))
Expand Down Expand Up @@ -179,7 +179,7 @@ function SQLAuthenticate() {

if (isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) {
//Username and password are set, lets try to authenticate.
$session_pass = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($session_key), base64_decode($_SESSION["userpwd"]), MCRYPT_MODE_CBC, md5(md5($session_key))), "\0");
$session_pass = rtrim(openssl_decrypt(base64_decode($_SESSION["userpwd"]), "aes-256-cbc", md5($session_key), OPENSSL_RAW_DATA, md5(md5($session_key))) , "\0");

$rowObj = $db->queryRow("SELECT id, fullname, password FROM users WHERE username=" . $db->quote($_SESSION["userlogin"], 'text') . " AND active=1");

Expand Down
4 changes: 2 additions & 2 deletions inc/toolkit.inc.php
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@
die(error('You have to install PHP session extension!'));
if (!function_exists('_'))
die(error('You have to install PHP gettext extension!'));
if (!function_exists('mcrypt_encrypt'))
die(error('You have to install PHP mcrypt extension!'));
if (!function_exists('openssl_encrypt'))
die(error('You have to install PHP openssl extension!'));

session_start();

Expand Down

0 comments on commit a8f619b

Please sign in to comment.