[Phpgroupware-cvs] phpgwapi/inc class.common.inc.php

[Dave Hall]

CVSROOT:        /cvsroot/phpgwapi
Module name:    phpgwapi
Changes by:     Dave Hall <skwashd>     06/08/23 15:56:52

Modified files:
        inc            : class.common.inc.php 

Log message:
        make md5 passwords really md5 passwords

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/phpgwapi/inc/class.common.inc.php?cvsroot=phpgwapi&r1=1.237&r2=1.238

Patches:
Index: class.common.inc.php
===================================================================
RCS file: /cvsroot/phpgwapi/phpgwapi/inc/class.common.inc.php,v
retrieving revision 1.237
retrieving revision 1.238
diff -u -b -r1.237 -r1.238
--- class.common.inc.php        6 Aug 2006 12:56:48 -0000       1.237
+++ class.common.inc.php        23 Aug 2006 15:56:52 -0000      1.238
@@ -8,7 +8,7 @@
        * @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General 
Public License
        * @package phpgwapi
        * @subpackage utilities
-       * @version $Id: class.common.inc.php,v 1.237 2006/08/06 12:56:48 
skwashd Exp $
+       * @version $Id: class.common.inc.php,v 1.238 2006/08/23 15:56:52 
skwashd Exp $
        */
 
        /**
@@ -1287,20 +1287,15 @@
                /**
                * MD5 encrypt password
                *
+               * @author fechner at ponton dot de (source 
http://au3.php.net/manual/en/function.ldap-modify.php)
+               * @internal as there is really only 1 way to do this, it isn't 
copyrightable :)
                * @param string $userpass User password
                * @param string $random Random seed
                * @return string MD5 encrypted password
                */ 
                function md5_cryptpasswd($userpass, $random)
                {
-                       $bsalt = '$1$';
-                       $esalt = '$';
-                       $lcrypt = '{crypt}';
-                       $modsalt = sprintf('%s%s%s', $bsalt, $random, $esalt);
-                       $password = crypt($userpass, $modsalt);
-                       $ldappassword = sprintf('%s%s', $lcrypt, $password);
-
-                       return $ldappassword;
+                       return '{md5}' . base64_encode(pack('H*', 
md5($userpass)));
                }
 
                /**
@@ -1320,10 +1315,7 @@
                        }
                        elseif 
(strtolower($GLOBALS['phpgw_info']['server']['ldap_encryption_type']) == 'md5')
                        {
-                               $salt       = $this->randomstring(8);
-                               $e_password = $this->md5_cryptpasswd($password, 
$salt);
-                               
-                               return $e_password;
+                               return $this->md5_cryptpasswd($password);
                        }
                        
                        return false;