www: login update to dotconfig

Login now uses the user and password from dotconfig instead of phpusers in filesystem. Now it is suposed to use same username and password for the shell and the web interface. Changes are also applicable for both of them. Nowadays there is only one user: "root"

www: login update to dotconfig
Login now uses the user and password from dotconfig instead of phpusers in filesystem. Now it is suposed to use same username and password for the shell and the web interface. Changes are also applicable for both of them. Nowadays there is only one user: "root"
39e07c06 · José Luis Gutiérrez · Alessandro Rubini · 2f80caec · 39e07c06
Commit 39e07c06 authored Jul 14, 2015 by José Luis Gutiérrez Committed by Alessandro Rubini Jul 17, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 29 deletions

login.php userspace/rootfs_override/var/www/login.php +13 -29

No files found.
--- a/userspace/rootfs_override/var/www/login.php
+++ b/userspace/rootfs_override/var/www/login.php
@@ -24,43 +24,27 @@
 		$message="";
 		if(count($_POST)>0) {

-			//If /etc/phpusers does not exist we create the file and "admin" "" user&pass
-			if (!file_exists($GLOBALS['phpusersfile'])) {
-				$username = "admin";
-				$password = "";
-				$salt="wrs4.0salt";
-				$pass = $password;
-				$hash = md5($pass); // md5 hash #1
-				$hash_md5 = md5($salt.$pass); // md5 hash with salt #2
-				$hash_md5_double = md5(sha1($salt.$pass)); // md5 hash with salt & sha1 #3
-				$output= $username." ".$hash_md5_double."\n";
-				$file = fopen($GLOBALS['phpusersfile'],"w+");
-				fwrite($file,$output);
-				fclose($file);
-			}
-
+			/* User shall always be "root" (by the moment...) */
+			load_kconfig();
 			$username = $_POST["login"];
 			$password = $_POST["password"];
-			$saved_hash = shell_exec("cat ".$GLOBALS['phpusersfile']." | grep '".$username."' | awk '{print $2}'");
-			$saved_user = shell_exec("cat ".$GLOBALS['phpusersfile']." | grep '".$username."' | awk '{print $1}'");
-			$saved_user = preg_replace('/\s+/', '', $saved_user);
-			$saved_hash = str_replace("\n","",$saved_hash);
-			$user_exists = shell_exec("cat ".$GLOBALS['phpusersfile']." | grep -c ".$username);
-
-			$salt="wrs4.0salt";
-			$pass = $password;
-			$hash = md5($pass); // md5 hash #1
-			$hash_md5 = md5($salt.$pass); // md5 hash with salt #2
-			$hash_md5_double = md5(sha1($salt.$pass)); // md5 hash with salt & sha1 #3
-
-			if (!strcmp($hash_md5_double,$saved_hash) && $user_exists>0 && (strcmp($saved_user, $username) == 0)){
+			
+			if(!empty($_SESSION['KCONFIG']['CONFIG_ROOT_PWD_IS_ENCRYPTED'])){
+				/* password is here: ROOT_PWD_CYPHER */
+				$dotconfig_passwd = $_SESSION['KCONFIG']['CONFIG_ROOT_PWD_CYPHER'];
+				$password = shell_exec('/usr/bin/mkpasswd --method=md5 "'.$password.'"');
+			}else{ /* password is here: ROOT_PWD_CLEAR */
+				$dotconfig_passwd = $_SESSION['KCONFIG']['CONFIG_ROOT_PWD_CLEAR'];
+			}
+			
+			if ((strcmp($username,"root")==0) && (strcmp($dotconfig_passwd, $password) == 0)){
 				session_start();
 				$_SESSION["myusername"] = $username;

 				echo 'Logged in as '.$_SESSION["myusername"];
 				header('Location: index.php');
 			}else{
-				echo 'Invalid Username or Password';
+				echo '<div id="alert"><center>Invalid Username or Password</center></div>';
 			}

 		}