lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Keep usage of function dol_hash to encrypt a non encrypted data

Browse Source
This commit is contained in:
Laurent Destailleur 2017-10-06 13:13:51 +02:00
parent 2d549a6191
commit 777486d74c
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/adherents/class/adherent.class.php
View File

@ -2028,7 +2028,9 @@ class Adherent extends CommonObject
if (empty($conf->global->MAIN_SECURITY_HASH_ALGO))
{
if ($this->pass_indatabase_crypted && ! empty($conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED)) {
$info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = dol_hash($this->pass_indatabase_crypted, 5); // Create OpenLDAP MD5 password from Dolibarr MD5 password
// Create OpenLDAP MD5 password from Dolibarr MD5 password
// Note: This suppose that "pass_indatabase_crypted" is a md5 (guaranted by the previous test if "(empty($conf->global->MAIN_SECURITY_HASH_ALGO))"
$info[$conf->global->LDAP_MEMBER_FIELD_PASSWORD_CRYPTED] = '{md5}'.base64_encode(hex2bin($this->pass_indatabase_crypted));
}
}
}

1
htdocs/core/lib/security.lib.php
View File

@ -88,7 +88,6 @@ function dol_hash($chain,$type=0)
else if ($type == 2) return sha1(md5($chain));
else if ($type == 3) return md5($chain);
else if ($type == 4) return '{md5}'.base64_encode(mhash(MHASH_MD5,$chain)); // For OpenLdap with md5 (based on an unencrypted password in base)
else if ($type == 5) return '{md5}'.base64_encode(hex2bin($chain)); // For OpenLdap with md5 (based on a md5 encrypted password in base)
else if (! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1') return sha1($chain);
else if (! empty($conf->global->MAIN_SECURITY_HASH_ALGO) && $conf->global->MAIN_SECURITY_HASH_ALGO == 'sha1md5') return sha1(md5($chain));