Support for additional passwords for ejabberd

This commit is contained in:
Michael Vogel 2015-10-19 19:03:11 +02:00
parent 59559e7452
commit 891ad5b39d

View file

@ -108,7 +108,7 @@ class exAuth
// ovdje provjeri je li korisnik OK // ovdje provjeri je li korisnik OK
$sUser = str_replace(array("%20", "(a)"), array(" ", "@"), $aCommand[1]); $sUser = str_replace(array("%20", "(a)"), array(" ", "@"), $aCommand[1]);
$this->writeDebugLog("[debug] checking isuser for ". $sUser); $this->writeDebugLog("[debug] checking isuser for ". $sUser);
$sQuery = "select * from user where nickname='". $db->escape($sUser) ."'"; $sQuery = "SELECT `uid` FROM `user` WHERE `nickname`='". $db->escape($sUser) ."'";
$this->writeDebugLog("[debug] using query ". $sQuery); $this->writeDebugLog("[debug] using query ". $sQuery);
if ($oResult = q($sQuery)){ if ($oResult = q($sQuery)){
if ($oResult) { if ($oResult) {
@ -120,7 +120,7 @@ class exAuth
$this->writeLog("[exAuth] invalid user: ". $sUser); $this->writeLog("[exAuth] invalid user: ". $sUser);
fwrite(STDOUT, pack("nn", 2, 0)); fwrite(STDOUT, pack("nn", 2, 0));
} }
$oResult->close(); //$oResult->close();
} else { } else {
$this->writeLog("[MySQL] invalid query: ". $sQuery); $this->writeLog("[MySQL] invalid query: ". $sQuery);
fwrite(STDOUT, pack("nn", 2, 0)); fwrite(STDOUT, pack("nn", 2, 0));
@ -136,10 +136,13 @@ class exAuth
// ovdje provjeri prijavu // ovdje provjeri prijavu
$sUser = str_replace(array("%20", "(a)"), array(" ", "@"), $aCommand[1]); $sUser = str_replace(array("%20", "(a)"), array(" ", "@"), $aCommand[1]);
$this->writeDebugLog("[debug] doing auth for ". $sUser); $this->writeDebugLog("[debug] doing auth for ". $sUser);
$sQuery = "select * from user where password='".hash('whirlpool',$aCommand[3])."' and nickname='". $db->escape($sUser) ."'"; //$sQuery = "SELECT `uid`, `password` FROM `user` WHERE `password`='".hash('whirlpool',$aCommand[3])."' AND `nickname`='". $db->escape($sUser) ."'";
$sQuery = "SELECT `uid`, `password` FROM `user` WHERE `nickname`='". $db->escape($sUser) ."'";
$this->writeDebugLog("[debug] using query ". $sQuery); $this->writeDebugLog("[debug] using query ". $sQuery);
if ($oResult = q($sQuery)){ if ($oResult = q($sQuery)){
if ($oResult) { $Error = ($oResult[0]["password"] != hash('whirlpool',$aCommand[3]));
/*
if ($oResult[0]["password"] == hash('whirlpool',$aCommand[3])) {
// korisnik OK // korisnik OK
$this->writeLog("[exAuth] authentificated user ". $sUser ."@". $aCommand[2]); $this->writeLog("[exAuth] authentificated user ". $sUser ."@". $aCommand[2]);
fwrite(STDOUT, pack("nn", 2, 1)); fwrite(STDOUT, pack("nn", 2, 1));
@ -149,9 +152,23 @@ class exAuth
fwrite(STDOUT, pack("nn", 2, 0)); fwrite(STDOUT, pack("nn", 2, 0));
} }
$oResult->close(); $oResult->close();
*/
} else { } else {
$this->writeLog("[MySQL] invalid query: ". $sQuery); $this->writeLog("[MySQL] invalid query: ". $sQuery);
$Error = true;
}
if ($Error) {
$oConfig = q("SELECT `v` FROM `pconfig` WHERE `uid`=1 AND `cat` = 'xmpp' AND `k`='password' LIMIT 1;");
$this->writeLog("[exAuth] got password ".$oConfig[0]["v"]);
$Error = ($aCommand[3] != $oConfig[0]["v"]);
}
if ($Error) {
$this->writeLog("[exAuth] authentification failed for user ". $sUser ."@". $aCommand[2]);
fwrite(STDOUT, pack("nn", 2, 0)); fwrite(STDOUT, pack("nn", 2, 0));
} else {
$this->writeLog("[exAuth] authentificated user ". $sUser ."@". $aCommand[2]);
fwrite(STDOUT, pack("nn", 2, 1));
} }
} }
break; break;