diff --git a/userspace/rootfs_override/var/www/change_passwd.php b/userspace/rootfs_override/var/www/change_passwd.php
index 941a7041fd7d589ed566e0c264eac109970143f2..cf1479b476130948f2acd593c6e82c8994b582ac 100644
--- a/userspace/rootfs_override/var/www/change_passwd.php
+++ b/userspace/rootfs_override/var/www/change_passwd.php
@@ -16,81 +16,88 @@
</div>
<div class="rightpanel">
<div class="rightbody">
-<h1 class="title">User Administration <a href='help.php?help_id=network' onClick='showPopup(this.href);return(false);'><img align=right src="./img/question.png"></a></h1>
+<h1 class="title">User Administration</h1>
<?php session_is_started() ?>
<?php $_SESSION['advance']=""; ?>
-
- <table border="0" align="left">
-
+
+ <table class="altrowstable" id="alternatecolor" border="0" align="center">
+
<form method="post">
- <tr><th>Username: </th><th><INPUT type="text" name="user" value="admin" readonly></th></tr>
- <tr><th>Old Password: </th><th><INPUT type="password" name="oldpasswd" > </th></tr>
- <tr><th>New Password: </th><th> <INPUT type="password" name="newpasswd" > </th></tr>
- <tr><th>Confirm Password: </th><th><INPUT type="password" name="confirmpasswd" > </th></tr>
- <tr><th></th><th align="center"><input type="submit" value="Change Password" class="btn"></th></tr>
+ <tr><td>Username: </td><td><INPUT type="text" name="user" value="root" readonly></td></tr>
+ <tr><td>Old Password: </td><td><INPUT type="password" name="oldpasswd" > </td></tr>
+ <tr><td>New Password: </td><td> <INPUT type="password" name="newpasswd" > </td></tr>
+ <tr><td>Confirm Password: </td><td><INPUT type="password" name="confirmpasswd" > </td></tr>
+ <tr><td></td><td align="center"><input type="submit" value="Change Password" class="btn"></td></tr>
</form>
-
+
</table>
-
-
- <?php
+
+ <?php
//Change user password
-
- $success=false;
- if( empty($_POST['user'])){
- echo '<br><br><br><p align=center>Please fill fields.<br></p>';
-
+
+ if(!(!empty($_POST["oldpasswd"]) || !empty($_POST["newpasswd"]) || !empty($_POST["confirmpasswd"]))){
+ echo '<br><br><p align="center">*Please fill all fields.</p>';
}else{
- $saved_hash = shell_exec("cat ".$GLOBALS['phpusersfile']." | grep ".$_POST["user"]." | awk '{print $2}'");
- $saved_hash = str_replace("\n","",$saved_hash);
-
+
$username = $_POST["user"];
$oldpassword = $_POST["oldpasswd"];
$newpasswd = $_POST["newpasswd"];
$confirmpasswd = $_POST["confirmpasswd"];
-
- //First confirm old password
- $salt="wrs4.0salt";
- $pass = $oldpassword;
- $hash = md5($pass); // md5 hash #1
- $hash_md5 = md5($salt.$pass); // md5 hash with salt #2
- $hash_md5_double = md5(sha1($salt.$pass)); // md5 hash with salt & sha1 #3
-
-
- if (!strcmp($hash_md5_double, $saved_hash) && !strcmp($newpasswd, $confirmpasswd) && !strcmp($_POST["user"],$_SESSION['myusername'])){ //old password is correct && new and confirm are the same
- //set the new one
-
- $pass = $confirmpasswd;
- $hash = md5($pass); // md5 hash #1
- $hash_md5 = md5($salt.$pass); // md5 hash with salt #2
- $hash_md5_double = md5(sha1($salt.$pass)); // md5 hash with salt & sha1 #3
-
- //Save in file
- //We save the changes in a temporarely file in /tmp
- $old_value=$username." ".$saved_hash;
- $new_value=$username." ".$hash_md5_double;
- $output = shell_exec('cat '.$GLOBALS['phpusersfile'].' | sed -i "s/'.$old_value.'/'.$new_value.'/g" '.$GLOBALS['phpusersfile']); //replace password for the user
-
- //$file = fopen("/etc/phpusers","w+");
- //fwrite($file,$output);
- //fclose($file);
-
-
-
- $success=true;
- echo '<br><br><br><p align=center>Password changed.<br></p>';
+ /* Changing the password from the web interface will always save
+ * the password encrypted for security reasons...
+ * */
+ if(!empty($_SESSION['KCONFIG']['CONFIG_ROOT_PWD_IS_ENCRYPTED'])){
+ /* Previous password was encrypted */
+ /* password shall be here: ROOT_PWD_CYPHER */
+ $dotconfig_passwd = $_SESSION['KCONFIG']['CONFIG_ROOT_PWD_CYPHER'];
+ $salt = get_encrypt_salt($dotconfig_passwd);
+ $method = get_encrypt_method($dotconfig_passwd);
+ $rounds = get_encrypt_rounds($dotconfig_passwd);
+ $oldpassword = encrypt_password($oldpassword, $salt, $rounds, $method);
+ }else{
+ /* previous password was not encrypted */
+ /* password shall be here: ROOT_PWD_CLEAR */
+ $dotconfig_old_passwd = $_SESSION['KCONFIG']['CONFIG_ROOT_PWD_CLEAR'];
+ }
+
+ if(!strcmp($newpasswd,$confirmpasswd)==0){
+ echo '<br><br><div id="alert" align="center">New and confirm password are different.</div>';
+ exit;
}else{
- $success=false;
- echo '<br><br><br><p align=center>Error changing password.<br></p>';
+ $method = "CRYPT_MD5";
+ $rounds = "";
+ $salt = substr(substr( "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" ,
+ mt_rand( 0 ,50 ) ,1 ) .substr( md5( time() ), 1), 4, 8);
+ $newpasswd = encrypt_password($newpasswd, $salt, $rounds, $method);
+ }
+
+ if(strcmp($newpasswd,"")==0){ /* using mkpasswd it can never be NULL */
+ echo '<br><br><div id="alert" align="center">Something went wrong.</div>';
+ exit;
+ }
+
+ if(!strcmp($dotconfig_passwd,$oldpassword)==0){
+ echo '<br><br><div id="alert" align="center">Old password was not correct.</div>';
+ exit;
+ }else{ /* Save to dotconfig... */
+ if(!empty($_SESSION['KCONFIG']['CONFIG_ROOT_PWD_IS_ENCRYPTED'])){
+ $_SESSION['KCONFIG']['CONFIG_ROOT_PWD_CYPHER'] = $newpasswd;
+ }else{ /* previous was not encrypted */
+ $_SESSION['KCONFIG']['CONFIG_ROOT_PWD_IS_ENCRYPTED']="y";
+ $_SESSION['KCONFIG']['CONFIG_ROOT_PWD_CYPHER']=$newpasswd;
+ check_add_existing_kconfig("CONFIG_ROOT_PWD_IS_ENCRYPTED=");
+ check_add_existing_kconfig("CONFIG_ROOT_PWD_CYPHER=");
+ delete_from_kconfig("CONFIG_ROOT_PWD_CLEAR=");
+ }
+ save_kconfig();
+ apply_kconfig();
+ load_kconfig();
+ header('Location: logout.php');
}
-
-
}
-
- if($success) header('Location: logout.php');
-
+
?>
</div>
diff --git a/userspace/rootfs_override/var/www/css/style.css b/userspace/rootfs_override/var/www/css/style.css
index d3a57f8cbbf8770266be99355748c4c8727851bf..d854d5ed13d2eb7c50d79efe83ff54500ff1b5b2 100644
--- a/userspace/rootfs_override/var/www/css/style.css
+++ b/userspace/rootfs_override/var/www/css/style.css
@@ -300,7 +300,7 @@ table.altrowstablesmall td {
padding: 1px;
border-style: solid;
border-color: #a9c6c9;
- font-size: 10px;
+ font-size: 9px;
width: 100%;
}
table.altrowstablesmall input {
diff --git a/userspace/rootfs_override/var/www/functions.php b/userspace/rootfs_override/var/www/functions.php
index b640b7d1cbcf6d9eba48c57dad17ef23d931d64e..6e395cd5a43b3428e48a3b56fe724efffcc312a2 100644
--- a/userspace/rootfs_override/var/www/functions.php
+++ b/userspace/rootfs_override/var/www/functions.php
@@ -1382,4 +1382,85 @@ function apply_kconfig(){
shell_exec($dotconfigapp. " local_config > /dev/null 2>&1 &");
}
+function encrypt_password($password, $salt, $rounds, $method){
+
+ $encrypted_passwd = "";
+
+ switch ($method) {
+ case "CRYPT_STD_DES":
+ $encrypted_passwd = shell_exec('/wr/bin/mkpasswd --method=des "'.$password.'" --salt="'.$salt.'"');
+ $encrypted_passwd = str_replace("\n", "", $encrypted_passwd);
+ break;
+ case "CRYPT_MD5":
+ $encrypted_passwd = shell_exec('/wr/bin/mkpasswd --method=md5 "'.$password.'" --salt="'.$salt.'"');
+ $encrypted_passwd = str_replace("\n", "", $encrypted_passwd);
+ break;
+ case "CRYPT_BLOWFISH":
+ $encrypted_passwd = shell_exec('/wr/bin/mkpasswd --method=bf "'.$password.'" --salt="'.$salt.'"');
+ $encrypted_passwd = str_replace("\n", "", $encrypted_passwd);
+ break;
+ case "CRYPT_SHA256":
+ $encrypted_passwd = shell_exec('/wr/bin/mkpasswd --method=sha-256 "'.$password.'" --salt="'.$salt.'" --rounds="'.$rounds.'"');
+ $encrypted_passwd = str_replace("\n", "", $encrypted_passwd);
+ break;
+ case "CRYPT_SHA512":
+ $encrypted_passwd = shell_exec('/wr/bin/mkpasswd --method=sha-512 "'.$password.'" --salt="'.$salt.'" --rounds="'.$rounds.'"');
+ $encrypted_passwd = str_replace("\n", "", $encrypted_passwd);
+ break;
+ }
+
+ return $encrypted_passwd;
+}
+
+function get_encrypt_method($enc_password){
+
+ $method = "";
+ if (strpos($enc_password,'$1$') !== false)
+ $method = "CRYPT_MD5";
+ else if (strpos($enc_password,'$2a$07$') !== false)
+ $method = "CRYPT_BLOWFISH";
+ else if (strpos($enc_password,'$5$') !== false)
+ $method = "CRYPT_SHA256";
+ else if (strpos($enc_password,'$6$') !== false)
+ $method = "CRYPT_SHA512";
+
+ return $method;
+}
+
+function get_encrypt_rounds($enc_password){
+
+ $elements = explode("$", $enc_password);
+ $rounds = "";
+
+ foreach ($elements as $element){
+ if (strpos($element,'rounds=') !== false){
+ $rounds = str_replace("rounds=","",$element);
+ }
+ }
+ return $rounds;
+}
+
+function get_encrypt_salt($enc_password){
+ $method = get_encrypt_method($enc_password);
+ $salt = "";
+
+ $elements = explode("$", $enc_password);
+
+ switch ($method) {
+ case "CRYPT_MD5":
+ $salt = $elements[2];
+ break;
+ case "CRYPT_BLOWFISH":
+ $salt = $elements[3];
+ break;
+ case "CRYPT_SHA256":
+ $salt = $elements[3];
+ break;
+ case "CRYPT_SHA512":
+ $salt = $elements[3];
+ break;
+ }
+ return $salt;
+}
+
?>
diff --git a/userspace/rootfs_override/var/www/login.php b/userspace/rootfs_override/var/www/login.php
index 9494d678e948855e0fbb37d009467459fbb5f710..9e23933a794935c71c6aad8990cb4a9ff1fcccd7 100644
--- a/userspace/rootfs_override/var/www/login.php
+++ b/userspace/rootfs_override/var/www/login.php
@@ -24,43 +24,30 @@
$message="";
if(count($_POST)>0) {
- //If /etc/phpusers does not exist we create the file and "admin" "" user&pass
- if (!file_exists($GLOBALS['phpusersfile'])) {
- $username = "admin";
- $password = "";
- $salt="wrs4.0salt";
- $pass = $password;
- $hash = md5($pass); // md5 hash #1
- $hash_md5 = md5($salt.$pass); // md5 hash with salt #2
- $hash_md5_double = md5(sha1($salt.$pass)); // md5 hash with salt & sha1 #3
- $output= $username." ".$hash_md5_double."\n";
- $file = fopen($GLOBALS['phpusersfile'],"w+");
- fwrite($file,$output);
- fclose($file);
- }
-
+ /* User shall always be "root" (by the moment...) */
+ load_kconfig();
$username = $_POST["login"];
$password = $_POST["password"];
- $saved_hash = shell_exec("cat ".$GLOBALS['phpusersfile']." | grep '".$username."' | awk '{print $2}'");
- $saved_user = shell_exec("cat ".$GLOBALS['phpusersfile']." | grep '".$username."' | awk '{print $1}'");
- $saved_user = preg_replace('/\s+/', '', $saved_user);
- $saved_hash = str_replace("\n","",$saved_hash);
- $user_exists = shell_exec("cat ".$GLOBALS['phpusersfile']." | grep -c ".$username);
-
- $salt="wrs4.0salt";
- $pass = $password;
- $hash = md5($pass); // md5 hash #1
- $hash_md5 = md5($salt.$pass); // md5 hash with salt #2
- $hash_md5_double = md5(sha1($salt.$pass)); // md5 hash with salt & sha1 #3
-
- if (!strcmp($hash_md5_double,$saved_hash) && $user_exists>0 && (strcmp($saved_user, $username) == 0)){
+
+ if(!empty($_SESSION['KCONFIG']['CONFIG_ROOT_PWD_IS_ENCRYPTED'])){
+ /* password is here: ROOT_PWD_CYPHER */
+ $dotconfig_passwd = $_SESSION['KCONFIG']['CONFIG_ROOT_PWD_CYPHER'];
+ $salt = get_encrypt_salt($dotconfig_passwd);
+ $method = get_encrypt_method($dotconfig_passwd);
+ $rounds = get_encrypt_rounds($dotconfig_passwd);
+ $password = encrypt_password($password, $salt, $rounds, $method);
+ }else{ /* password is here: ROOT_PWD_CLEAR */
+ $dotconfig_passwd = $_SESSION['KCONFIG']['CONFIG_ROOT_PWD_CLEAR'];
+ }
+
+ if ((strcmp($username,"root")==0) && (strcmp($dotconfig_passwd, $password) == 0)){
session_start();
$_SESSION["myusername"] = $username;
echo 'Logged in as '.$_SESSION["myusername"];
header('Location: index.php');
}else{
- echo 'Invalid Username or Password';
+ echo '<div id="alert"><center>Invalid Username or Password</center></div>';
}
}