You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

password.php 24KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674
  1. <?php
  2. /**
  3. * Password Plugin for Roundcube
  4. *
  5. * @version @package_version@
  6. * @author Aleksander Machniak <alec@alec.pl>
  7. *
  8. * Copyright (C) 2005-2015, The Roundcube Dev Team
  9. *
  10. * This program is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU General Public License as published by
  12. * the Free Software Foundation, either version 3 of the License, or
  13. * (at your option) any later version.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU General Public License
  21. * along with this program. If not, see http://www.gnu.org/licenses/.
  22. */
  23. define('PASSWORD_CRYPT_ERROR', 1);
  24. define('PASSWORD_ERROR', 2);
  25. define('PASSWORD_CONNECT_ERROR', 3);
  26. define('PASSWORD_SUCCESS', 0);
  27. /**
  28. * Change password plugin
  29. *
  30. * Plugin that adds functionality to change a users password.
  31. * It provides common functionality and user interface and supports
  32. * several backends to finally update the password.
  33. *
  34. * For installation and configuration instructions please read the README file.
  35. *
  36. * @author Aleksander Machniak
  37. */
  38. class password extends rcube_plugin
  39. {
  40. public $task = 'settings|login';
  41. public $noframe = true;
  42. public $noajax = true;
  43. private $newuser = false;
  44. function init()
  45. {
  46. $rcmail = rcmail::get_instance();
  47. $this->load_config();
  48. if ($rcmail->task == 'settings') {
  49. if (!$this->check_host_login_exceptions()) {
  50. return;
  51. }
  52. $this->add_texts('localization/');
  53. $this->add_hook('settings_actions', array($this, 'settings_actions'));
  54. $this->register_action('plugin.password', array($this, 'password_init'));
  55. $this->register_action('plugin.password-save', array($this, 'password_save'));
  56. }
  57. else if ($rcmail->config->get('password_force_new_user')) {
  58. $this->add_hook('user_create', array($this, 'user_create'));
  59. $this->add_hook('login_after', array($this, 'login_after'));
  60. }
  61. }
  62. function settings_actions($args)
  63. {
  64. // register as settings action
  65. $args['actions'][] = array(
  66. 'action' => 'plugin.password',
  67. 'class' => 'password',
  68. 'label' => 'password',
  69. 'title' => 'changepasswd',
  70. 'domain' => 'password',
  71. );
  72. return $args;
  73. }
  74. function password_init()
  75. {
  76. $this->register_handler('plugin.body', array($this, 'password_form'));
  77. $rcmail = rcmail::get_instance();
  78. $rcmail->output->set_pagetitle($this->gettext('changepasswd'));
  79. if (rcube_utils::get_input_value('_first', rcube_utils::INPUT_GET)) {
  80. $rcmail->output->command('display_message', $this->gettext('firstloginchange'), 'notice');
  81. }
  82. $rcmail->output->send('plugin');
  83. }
  84. function password_save()
  85. {
  86. $this->register_handler('plugin.body', array($this, 'password_form'));
  87. $rcmail = rcmail::get_instance();
  88. $rcmail->output->set_pagetitle($this->gettext('changepasswd'));
  89. $form_disabled = $rcmail->config->get('password_disabled');
  90. $confirm = $rcmail->config->get('password_confirm_current');
  91. $required_length = intval($rcmail->config->get('password_minimum_length'));
  92. $check_strength = $rcmail->config->get('password_require_nonalpha');
  93. if (($confirm && !isset($_POST['_curpasswd'])) || !isset($_POST['_newpasswd'])) {
  94. $rcmail->output->command('display_message', $this->gettext('nopassword'), 'error');
  95. }
  96. else {
  97. $charset = strtoupper($rcmail->config->get('password_charset', 'ISO-8859-1'));
  98. $rc_charset = strtoupper($rcmail->output->get_charset());
  99. $sespwd = $rcmail->decrypt($_SESSION['password']);
  100. $curpwd = $confirm ? rcube_utils::get_input_value('_curpasswd', rcube_utils::INPUT_POST, true, $charset) : $sespwd;
  101. $newpwd = rcube_utils::get_input_value('_newpasswd', rcube_utils::INPUT_POST, true);
  102. $conpwd = rcube_utils::get_input_value('_confpasswd', rcube_utils::INPUT_POST, true);
  103. // check allowed characters according to the configured 'password_charset' option
  104. // by converting the password entered by the user to this charset and back to UTF-8
  105. $orig_pwd = $newpwd;
  106. $chk_pwd = rcube_charset::convert($orig_pwd, $rc_charset, $charset);
  107. $chk_pwd = rcube_charset::convert($chk_pwd, $charset, $rc_charset);
  108. // WARNING: Default password_charset is ISO-8859-1, so conversion will
  109. // change national characters. This may disable possibility of using
  110. // the same password in other MUA's.
  111. // We're doing this for consistence with Roundcube core
  112. $newpwd = rcube_charset::convert($newpwd, $rc_charset, $charset);
  113. $conpwd = rcube_charset::convert($conpwd, $rc_charset, $charset);
  114. if ($chk_pwd != $orig_pwd) {
  115. $rcmail->output->command('display_message', $this->gettext('passwordforbidden'), 'error');
  116. }
  117. // other passwords validity checks
  118. else if ($conpwd != $newpwd) {
  119. $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error');
  120. }
  121. else if ($confirm && $sespwd != $curpwd) {
  122. $rcmail->output->command('display_message', $this->gettext('passwordincorrect'), 'error');
  123. }
  124. else if ($required_length && strlen($newpwd) < $required_length) {
  125. $rcmail->output->command('display_message', $this->gettext(
  126. array('name' => 'passwordshort', 'vars' => array('length' => $required_length))), 'error');
  127. }
  128. else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) {
  129. $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error');
  130. }
  131. // password is the same as the old one, do nothing, return success
  132. else if ($sespwd == $newpwd && !$rcmail->config->get('password_force_save')) {
  133. $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
  134. }
  135. // try to save the password
  136. else if (!($res = $this->_save($curpwd, $newpwd))) {
  137. $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');
  138. // allow additional actions after password change (e.g. reset some backends)
  139. $plugin = $rcmail->plugins->exec_hook('password_change', array(
  140. 'old_pass' => $curpwd, 'new_pass' => $newpwd));
  141. // Reset session password
  142. $_SESSION['password'] = $rcmail->encrypt($plugin['new_pass']);
  143. // Log password change
  144. if ($rcmail->config->get('password_log')) {
  145. rcube::write_log('password', sprintf('Password changed for user %s (ID: %d) from %s',
  146. $rcmail->get_user_name(), $rcmail->user->ID, rcube_utils::remote_ip()));
  147. }
  148. }
  149. else {
  150. $rcmail->output->command('display_message', $res, 'error');
  151. }
  152. }
  153. $rcmail->overwrite_action('plugin.password');
  154. $rcmail->output->send('plugin');
  155. }
  156. function password_form()
  157. {
  158. $rcmail = rcmail::get_instance();
  159. // add some labels to client
  160. $rcmail->output->add_label(
  161. 'password.nopassword',
  162. 'password.nocurpassword',
  163. 'password.passwordinconsistency'
  164. );
  165. $form_disabled = $rcmail->config->get('password_disabled');
  166. $rcmail->output->set_env('product_name', $rcmail->config->get('product_name'));
  167. $rcmail->output->set_env('password_disabled', !empty($form_disabled));
  168. $table = new html_table(array('cols' => 2));
  169. if ($rcmail->config->get('password_confirm_current')) {
  170. // show current password selection
  171. $field_id = 'curpasswd';
  172. $input_curpasswd = new html_passwordfield(array(
  173. 'name' => '_curpasswd',
  174. 'id' => $field_id,
  175. 'size' => 20,
  176. 'autocomplete' => 'off',
  177. ));
  178. $table->add('title', html::label($field_id, rcube::Q($this->gettext('curpasswd'))));
  179. $table->add(null, $input_curpasswd->show());
  180. }
  181. // show new password selection
  182. $field_id = 'newpasswd';
  183. $input_newpasswd = new html_passwordfield(array(
  184. 'name' => '_newpasswd',
  185. 'id' => $field_id,
  186. 'size' => 20,
  187. 'autocomplete' => 'off',
  188. ));
  189. $table->add('title', html::label($field_id, rcube::Q($this->gettext('newpasswd'))));
  190. $table->add(null, $input_newpasswd->show());
  191. // show confirm password selection
  192. $field_id = 'confpasswd';
  193. $input_confpasswd = new html_passwordfield(array(
  194. 'name' => '_confpasswd',
  195. 'id' => $field_id,
  196. 'size' => 20,
  197. 'autocomplete' => 'off',
  198. ));
  199. $table->add('title', html::label($field_id, rcube::Q($this->gettext('confpasswd'))));
  200. $table->add(null, $input_confpasswd->show());
  201. $rules = '';
  202. $required_length = intval($rcmail->config->get('password_minimum_length'));
  203. if ($required_length > 0) {
  204. $rules .= html::tag('li', array('id' => 'required-length'), $this->gettext(array(
  205. 'name' => 'passwordshort',
  206. 'vars' => array('length' => $required_length)
  207. )));
  208. }
  209. if ($rcmail->config->get('password_require_nonalpha')) {
  210. $rules .= html::tag('li', array('id' => 'require-nonalpha'), $this->gettext('passwordweak'));
  211. }
  212. if (!empty($rules)) {
  213. $rules = html::tag('ul', array('id' => 'ruleslist'), $rules);
  214. }
  215. $disabled_msg = '';
  216. if ($form_disabled) {
  217. $disabled_msg = is_string($form_disabled) ? $form_disabled : $this->gettext('disablednotice');
  218. $disabled_msg = html::div(array('class' => 'boxwarning', 'id' => 'password-notice'), $disabled_msg);
  219. }
  220. $submit_button = $rcmail->output->button(array(
  221. 'command' => 'plugin.password-save',
  222. 'type' => 'input',
  223. 'class' => 'button mainaction',
  224. 'label' => 'save',
  225. ));
  226. $out = html::div(array('class' => 'box'),
  227. html::div(array('id' => 'prefs-title', 'class' => 'boxtitle'), $this->gettext('changepasswd'))
  228. . html::div(array('class' => 'boxcontent'),
  229. $disabled_msg . $table->show() . $rules . html::p(null, $submit_button)));
  230. $rcmail->output->add_gui_object('passform', 'password-form');
  231. $this->include_script('password.js');
  232. return $rcmail->output->form_tag(array(
  233. 'id' => 'password-form',
  234. 'name' => 'password-form',
  235. 'method' => 'post',
  236. 'action' => './?_task=settings&_action=plugin.password-save',
  237. ), $out);
  238. }
  239. private function _save($curpass, $passwd)
  240. {
  241. $config = rcmail::get_instance()->config;
  242. $driver = $config->get('password_driver', 'sql');
  243. $class = "rcube_{$driver}_password";
  244. $file = $this->home . "/drivers/$driver.php";
  245. if (!file_exists($file)) {
  246. rcube::raise_error(array(
  247. 'code' => 600,
  248. 'type' => 'php',
  249. 'file' => __FILE__, 'line' => __LINE__,
  250. 'message' => "Password plugin: Unable to open driver file ($file)"
  251. ), true, false);
  252. return $this->gettext('internalerror');
  253. }
  254. include_once $file;
  255. if (!class_exists($class, false) || !method_exists($class, 'save')) {
  256. rcube::raise_error(array(
  257. 'code' => 600,
  258. 'type' => 'php',
  259. 'file' => __FILE__, 'line' => __LINE__,
  260. 'message' => "Password plugin: Broken driver $driver"
  261. ), true, false);
  262. return $this->gettext('internalerror');
  263. }
  264. $object = new $class;
  265. $result = $object->save($curpass, $passwd);
  266. $message = '';
  267. if (is_array($result)) {
  268. $message = $result['message'];
  269. $result = $result['code'];
  270. }
  271. switch ($result) {
  272. case PASSWORD_SUCCESS:
  273. return;
  274. case PASSWORD_CRYPT_ERROR:
  275. $reason = $this->gettext('crypterror');
  276. break;
  277. case PASSWORD_CONNECT_ERROR:
  278. $reason = $this->gettext('connecterror');
  279. break;
  280. case PASSWORD_ERROR:
  281. default:
  282. $reason = $this->gettext('internalerror');
  283. }
  284. if ($message) {
  285. $reason .= ' ' . $message;
  286. }
  287. return $reason;
  288. }
  289. function user_create($args)
  290. {
  291. $this->newuser = true;
  292. return $args;
  293. }
  294. function login_after($args)
  295. {
  296. if ($this->newuser && $this->check_host_login_exceptions()) {
  297. $args['_task'] = 'settings';
  298. $args['_action'] = 'plugin.password';
  299. $args['_first'] = 'true';
  300. }
  301. return $args;
  302. }
  303. // Check if host and login is allowed to change the password, false = not allowed, true = not allowed
  304. private function check_host_login_exceptions()
  305. {
  306. $rcmail = rcmail::get_instance();
  307. // Host exceptions
  308. $hosts = $rcmail->config->get('password_hosts');
  309. if (!empty($hosts) && !in_array($_SESSION['storage_host'], (array) $hosts)) {
  310. return false;
  311. }
  312. // Login exceptions
  313. if ($exceptions = $rcmail->config->get('password_login_exceptions')) {
  314. $exceptions = array_map('trim', (array) $exceptions);
  315. $exceptions = array_filter($exceptions);
  316. $username = $_SESSION['username'];
  317. foreach ($exceptions as $ec) {
  318. if ($username === $ec) {
  319. return false;
  320. }
  321. }
  322. }
  323. return true;
  324. }
  325. /**
  326. * Hashes a password and returns the hash based on the specified method
  327. *
  328. * Parts of the code originally from the phpLDAPadmin development team
  329. * http://phpldapadmin.sourceforge.net/
  330. *
  331. * @param string Clear password
  332. * @param string Hashing method
  333. * @param bool|string Prefix string or TRUE to add a default prefix
  334. *
  335. * @return string Hashed password
  336. */
  337. static function hash_password($password, $method = '', $prefixed = true)
  338. {
  339. $method = strtolower($method);
  340. $rcmail = rcmail::get_instance();
  341. $prefix = '';
  342. $crypted = '';
  343. $default = false;
  344. if (empty($method) || $method == 'default') {
  345. $method = $rcmail->config->get('password_algorithm');
  346. $prefixed = $rcmail->config->get('password_algorithm_prefix');
  347. $default = true;
  348. }
  349. else if ($method == 'crypt') { // deprecated
  350. if (!($method = $rcmail->config->get('password_crypt_hash'))) {
  351. $method = 'md5';
  352. }
  353. if (!strpos($method, '-crypt')) {
  354. $method .= '-crypt';
  355. }
  356. }
  357. switch ($method) {
  358. case 'des':
  359. case 'des-crypt':
  360. $crypted = crypt($password, self::random_salt(2));
  361. $prefix = '{CRYPT}';
  362. break;
  363. case 'ext_des': // for BC
  364. case 'ext-des-crypt':
  365. $crypted = crypt($password, '_' . self::random_salt(8));
  366. $prefix = '{CRYPT}';
  367. break;
  368. case 'md5crypt': // for BC
  369. case 'md5-crypt':
  370. $crypted = crypt($password, '$1$' . self::random_salt(9));
  371. $prefix = '{CRYPT}';
  372. break;
  373. case 'sha256-crypt':
  374. $rounds = (int) $rcmail->config->get('password_crypt_rounds');
  375. $prefix = '$5$';
  376. if ($rounds > 1000) {
  377. $prefix .= 'rounds=' . $rounds . '$';
  378. }
  379. $crypted = crypt($password, $prefix . self::random_salt(16));
  380. $prefix = '{CRYPT}';
  381. break;
  382. case 'sha512-crypt':
  383. $rounds = (int) $rcmail->config->get('password_crypt_rounds');
  384. $prefix = '$6$';
  385. if ($rounds > 1000) {
  386. $prefix .= 'rounds=' . $rounds . '$';
  387. }
  388. $crypted = crypt($password, $prefix . self::random_salt(16));
  389. $prefix = '{CRYPT}';
  390. break;
  391. case 'blowfish': // for BC
  392. case 'blowfish-crypt':
  393. $cost = (int) $rcmail->config->get('password_blowfish_cost');
  394. $cost = $cost < 4 || $cost > 31 ? 12 : $cost;
  395. $prefix = sprintf('$2a$%02d$', $cost);
  396. $crypted = crypt($password, $prefix . self::random_salt(22));
  397. $prefix = '{CRYPT}';
  398. break;
  399. case 'md5':
  400. $crypted = base64_encode(pack('H*', md5($password)));
  401. $prefix = '{MD5}';
  402. break;
  403. case 'sha':
  404. if (function_exists('sha1')) {
  405. $crypted = pack('H*', sha1($password));
  406. }
  407. else if (function_exists('hash')) {
  408. $crypted = hash('sha1', $password, true);
  409. }
  410. else if (function_exists('mhash')) {
  411. $crypted = mhash(MHASH_SHA1, $password);
  412. }
  413. else {
  414. rcube::raise_error(array(
  415. 'code' => 600, 'file' => __FILE__, 'line' => __LINE__,
  416. 'message' => "Password plugin: Your PHP install does not have the mhash()/hash() nor sha1() function"
  417. ), true, true);
  418. }
  419. $crypted = base64_encode($crypted);
  420. $prefix = '{SHA}';
  421. break;
  422. case 'ssha':
  423. $salt = substr(pack('h*', md5(mt_rand())), 0, 8);
  424. if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
  425. $salt = mhash_keygen_s2k(MHASH_SHA1, $password, $salt, 4);
  426. $crypted = mhash(MHASH_SHA1, $password . $salt);
  427. }
  428. else if (function_exists('sha1')) {
  429. $salt = substr(pack("H*", sha1($salt . $password)), 0, 4);
  430. $crypted = sha1($password . $salt, true);
  431. }
  432. else if (function_exists('hash')) {
  433. $salt = substr(pack("H*", hash('sha1', $salt . $password)), 0, 4);
  434. $crypted = hash('sha1', $password . $salt, true);
  435. }
  436. else {
  437. rcube::raise_error(array(
  438. 'code' => 600, 'file' => __FILE__, 'line' => __LINE__,
  439. 'message' => "Password plugin: Your PHP install does not have the mhash()/hash() nor sha1() function"
  440. ), true, true);
  441. }
  442. $crypted = base64_encode($crypted . $salt);
  443. $prefix = '{SSHA}';
  444. break;
  445. case 'smd5':
  446. $salt = substr(pack('h*', md5(mt_rand())), 0, 8);
  447. if (function_exists('mhash') && function_exists('mhash_keygen_s2k')) {
  448. $salt = mhash_keygen_s2k(MHASH_MD5, $password, $salt, 4);
  449. $crypted = mhash(MHASH_MD5, $password . $salt);
  450. }
  451. else if (function_exists('hash')) {
  452. $salt = substr(pack("H*", hash('md5', $salt . $password)), 0, 4);
  453. $crypted = hash('md5', $password . $salt, true);
  454. }
  455. else {
  456. $salt = substr(pack("H*", md5($salt . $password)), 0, 4);
  457. $crypted = md5($password . $salt, true);
  458. }
  459. $crypted = base64_encode($crypted . $salt);
  460. $prefix = '{SMD5}';
  461. break;
  462. case 'samba':
  463. if (function_exists('hash')) {
  464. $crypted = hash('md4', rcube_charset::convert($password, RCUBE_CHARSET, 'UTF-16LE'));
  465. $crypted = strtoupper($crypted);
  466. }
  467. else {
  468. rcube::raise_error(array(
  469. 'code' => 600, 'file' => __FILE__, 'line' => __LINE__,
  470. 'message' => "Password plugin: Your PHP install does not have hash() function"
  471. ), true, true);
  472. }
  473. break;
  474. case 'ad':
  475. $crypted = rcube_charset::convert('"' . $password . '"', RCUBE_CHARSET, 'UTF-16LE');
  476. break;
  477. case 'cram-md5': // deprecated
  478. require_once __DIR__ . '/../helpers/dovecot_hmacmd5.php';
  479. $crypted = dovecot_hmacmd5($password);
  480. $prefix = '{CRAM-MD5}';
  481. break;
  482. case 'dovecot':
  483. if (!($dovecotpw = $rcmail->config->get('password_dovecotpw'))) {
  484. $dovecotpw = 'dovecotpw';
  485. }
  486. if (!($method = $rcmail->config->get('password_dovecotpw_method'))) {
  487. $method = 'CRAM-MD5';
  488. }
  489. // use common temp dir
  490. $tmp_dir = $rcmail->config->get('temp_dir');
  491. $tmpfile = tempnam($tmp_dir, 'roundcube-');
  492. $pipe = popen("$dovecotpw -s '$method' > '$tmpfile'", "w");
  493. if (!$pipe) {
  494. unlink($tmpfile);
  495. return false;
  496. }
  497. else {
  498. fwrite($pipe, $password . "\n", 1+strlen($password)); usleep(1000);
  499. fwrite($pipe, $password . "\n", 1+strlen($password));
  500. pclose($pipe);
  501. $crypted = trim(file_get_contents($tmpfile), "\n");
  502. unlink($tmpfile);
  503. if (!preg_match('/^\{' . $method . '\}/', $crypted)) {
  504. return false;
  505. }
  506. if (!$default) {
  507. $prefixed = (bool) $rcmail->config->get('password_dovecotpw_with_method');
  508. }
  509. if (!$prefixed) {
  510. $crypted = trim(str_replace('{' . $method . '}', '', $crypted));
  511. }
  512. $prefixed = false;
  513. }
  514. break;
  515. case 'hash': // deprecated
  516. if (!extension_loaded('hash')) {
  517. rcube::raise_error(array(
  518. 'code' => 600, 'file' => __FILE__, 'line' => __LINE__,
  519. 'message' => "Password plugin: 'hash' extension not loaded!"
  520. ), true, true);
  521. }
  522. if (!($hash_algo = strtolower($rcmail->config->get('password_hash_algorithm')))) {
  523. $hash_algo = 'sha1';
  524. }
  525. $crypted = hash($hash_algo, $password);
  526. if ($rcmail->config->get('password_hash_base64')) {
  527. $crypted = base64_encode(pack('H*', $crypted));
  528. }
  529. break;
  530. case 'clear':
  531. $crypted = $password;
  532. }
  533. if ($crypted === null || $crypted === false) {
  534. return false;
  535. }
  536. if ($prefixed && $prefixed !== true) {
  537. $prefix = $prefixed;
  538. $prefixed = true;
  539. }
  540. if ($prefixed === true && $prefix) {
  541. $crypted = $prefix . $crypted;
  542. }
  543. return $crypted;
  544. }
  545. /**
  546. * Used to generate a random salt for crypt-style passwords
  547. *
  548. * Code originaly from the phpLDAPadmin development team
  549. * http://phpldapadmin.sourceforge.net/
  550. */
  551. static function random_salt($length)
  552. {
  553. $possible = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./';
  554. $str = '';
  555. while (strlen($str) < $length) {
  556. $str .= substr($possible, (rand() % strlen($possible)), 1);
  557. }
  558. return $str;
  559. }
  560. }