From 0c5779915fadd009f4ad75fb31b0f9f72fc9dee5 Mon Sep 17 00:00:00 2001
From: Christian Matzat <cmanie@matzat.net>
Date: Thu, 8 Aug 2013 21:49:25 +0200
Subject: [PATCH] =?UTF-8?q?St=C3=A4rkere=20Passwortverschl=C3=BCsselung=20?=
 =?UTF-8?q?;=20update=20#223?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bin/dbsv-update.php                           |  5 ++
 htdocs/config2/settings-dist.inc.php          |  5 ++
 htdocs/lib2/logic/crypt.class.php             | 34 +++++++++++++
 htdocs/lib2/logic/user.class.php              | 16 +++----
 htdocs/lib2/login.class.php                   | 15 ++----
 local/maintenance/update_passwords.php        | 48 +++++++++++++++++++
 .../lib2/logic/PasswordEncryptionTest.php     | 31 ++++++++++++
 7 files changed, 134 insertions(+), 20 deletions(-)
 create mode 100644 htdocs/lib2/logic/crypt.class.php
 create mode 100644 local/maintenance/update_passwords.php
 create mode 100644 local/test/lib2/logic/PasswordEncryptionTest.php

diff --git a/bin/dbsv-update.php b/bin/dbsv-update.php
index cc95b8c7..b9a14b5f 100644
--- a/bin/dbsv-update.php
+++ b/bin/dbsv-update.php
@@ -341,6 +341,11 @@
 		}
 	}
 
+	function dbv_118()	// resize field password to fit to the new hashed passwords
+	{
+		sql("ALTER TABLE `user` MODIFY COLUMN `password` VARCHAR(128)");
+	}
+
 
 	// When adding new mutations, take care that they behave well if run multiple
 	// times. This improves robustness of database versioning.
diff --git a/htdocs/config2/settings-dist.inc.php b/htdocs/config2/settings-dist.inc.php
index 6f580f51..3257a944 100644
--- a/htdocs/config2/settings-dist.inc.php
+++ b/htdocs/config2/settings-dist.inc.php
@@ -395,6 +395,11 @@
 	 */
 	$opt['logic']['password_hash'] = false;
 
+	/* password salt
+	 * is a random generated String that is appended to the password
+	 */
+	$opt['logic']['password_salt'] = '';
+
 	/* new lows style
 	 */
 	$opt['logic']['new_logs_per_country'] = true;
diff --git a/htdocs/lib2/logic/crypt.class.php b/htdocs/lib2/logic/crypt.class.php
new file mode 100644
index 00000000..15c73a93
--- /dev/null
+++ b/htdocs/lib2/logic/crypt.class.php
@@ -0,0 +1,34 @@
+<?php
+/***************************************************************************
+ *  For license information see doc/license.txt
+ *
+ *  Cryptographic library for encryption of passwords.
+ *
+ *  Unicode Reminder メモ
+ ***************************************************************************/
+
+class crypt
+{
+	static function encryptPassword($password)
+	{
+		// Calls the password encryption chained
+		$pwmd5 = crypt::firstStagePasswordEncryption($password);
+		return crypt::secondStagePasswordEncryption($pwmd5);
+	}
+
+	static function firstStagePasswordEncryption($password)
+	{
+		return md5($password);
+	}
+
+	static function secondStagePasswordEncryption($password)
+	{
+		global $opt;
+		if ($opt['logic']['password_hash'])
+		{
+			return hash_hmac('sha512', $password, $opt['logic']['password_salt']);
+		}
+		return $password;
+	}
+}
+?>
\ No newline at end of file
diff --git a/htdocs/lib2/logic/user.class.php b/htdocs/lib2/logic/user.class.php
index 662cce45..d7e2a71e 100644
--- a/htdocs/lib2/logic/user.class.php
+++ b/htdocs/lib2/logic/user.class.php
@@ -15,6 +15,7 @@ require_once($opt['rootpath'] . 'lib2/logic/countriesList.class.php');
 require_once($opt['rootpath'] . 'lib2/logic/picture.class.php');
 require_once($opt['rootpath'] . 'lib2/logic/cache.class.php');
 require_once($opt['rootpath'] . 'lib2/logic/cracklib.inc.php');
+require_once($opt['rootpath'] . 'lib2/logic/crypt.class.php');
 require_once($opt['rootpath'] . 'lib2/translate.class.php');
 
 class user
@@ -155,21 +156,17 @@ class user
 	{
 		return $this->reUser->getValue('password');
 	}
-	function setPassword($value)
+	function setPassword($password)
 	{
-		global $opt;
-	
-		if (!mb_ereg_match(REGEX_PASSWORD, $value))
+		if (!mb_ereg_match(REGEX_PASSWORD, $password))
 			return false;
 
-		if (cracklib_checkPW($value, array('open', 'caching', 'cache', $this->getUsername(), $this->getFirstName(), $this->getLastName())) == false)
+		if (cracklib_checkPW($password, array('open', 'caching', 'cache', $this->getUsername(), $this->getFirstName(), $this->getLastName())) == false)
 			return false;
 
-		$pwmd5 = md5($value);
-		if ($opt['logic']['password_hash'])
-			$pwmd5 = hash('sha512', $pwmd5);
+		$encryptedPassword = crypt::encryptPassword($password);
 
-		return $this->reUser->setValue('password', $pwmd5);
+		return $this->reUser->setValue('password', $encryptedPassword);
 	}
 	function getFirstName()
 	{
@@ -197,7 +194,6 @@ class user
 	}
 	function getCountry()
 	{
-		global $opt;
 		return countriesList::getCountryLocaleName($this->reUser->getValue('country'));
 	}
 	function getCountryCode()
diff --git a/htdocs/lib2/login.class.php b/htdocs/lib2/login.class.php
index 784fb47f..b6a905f8 100644
--- a/htdocs/lib2/login.class.php
+++ b/htdocs/lib2/login.class.php
@@ -178,16 +178,12 @@ class login
 
 	function try_login($user, $password, $permanent)
 	{
-		global $opt;
-
 		if ($password == '')
 			return LOGIN_EMPTY_USERPASSWORD;
 
-		$pwmd5 = md5($password);
-		if ($opt['logic']['password_hash'])
-			$pwmd5 = hash('sha512', $pwmd5);
+		$encryptedPassword = crypt::encryptPassword($password);
 
-		return $this->try_login_md5($user, $pwmd5, $permanent);
+		return $this->try_login_encrypted($user, $encryptedPassword, $permanent);
 	}
 
 	function checkLoginsCount()
@@ -207,12 +203,11 @@ class login
 			return true;
 	}
 
-	function try_login_md5($user, $pwmd5, $permanent)
+	function try_login_encrypted($user, $encryptedPassword, $permanent)
 	{
-		global $opt;
 		$this->pClear();
 
-		if ($user == '' || $pwmd5 == '')
+		if ($user == '' || $encryptedPassword == '')
 			return LOGIN_EMPTY_USERPASSWORD;
 
 		if ($this->checkLoginsCount() == false)
@@ -224,7 +219,7 @@ class login
 
 		// compare $user with email and username, if both matches use email
 		$rsUser = sqlf("SELECT `user_id`, `username`, 2 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `username`='&1' AND `password`='&2' UNION
-		                SELECT `user_id`, `username`, 1 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `email`='&1' AND `password`='&2' ORDER BY `prio` ASC LIMIT 1", $user, $pwmd5);
+		                SELECT `user_id`, `username`, 1 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `email`='&1' AND `password`='&2' ORDER BY `prio` ASC LIMIT 1", $user, $encryptedPassword);
 		$rUser = sql_fetch_assoc($rsUser);
 		sql_free_result($rsUser);
 
diff --git a/local/maintenance/update_passwords.php b/local/maintenance/update_passwords.php
new file mode 100644
index 00000000..ddb52e23
--- /dev/null
+++ b/local/maintenance/update_passwords.php
@@ -0,0 +1,48 @@
+<?php
+ /***************************************************************************
+ *  For license information see doc/license.txt
+ *
+ *	This script converts all md5-passwords to salted hash passwords.
+ *
+ *  Unicode Reminder メモ
+ ***************************************************************************/
+
+global $opt;
+$opt['rootpath'] = '../htdocs/';
+require($opt['rootpath'] . 'lib2/web.inc.php');
+require($opt['rootpath'] . 'lib2/logic/crypt.class.php');
+
+if (!isset($opt['logic']['password_salt']) || strlen($opt['logic']['password_salt']) < 32)
+{
+	echo "Warning!\nPassword Salt not set or too short!\n\n";
+	return;
+}
+if (!$opt['logic']['password_hash'])
+{
+	echo "Warning!\nHashed Passwords not enabled!\n\n";
+	return;
+}
+
+$rs = sql("SELECT * FROM user where password is not null");
+while ($r = sql_fetch_array($rs))
+{
+	$password = $r['password'];
+	if (strlen($password) == 128)
+	{
+		echo "Password seems to be already converted, ommit this password\n";
+		continue;
+	}
+	if (strlen($password) < 32)
+	{
+		$password = crypt::firstStagePasswordEncryption($password);
+	}
+	$pwhash = crypt::secondStagePasswordEncryption($password);
+
+	sql("UPDATE `user` SET `password`='&1' WHERE `user_id`='&2'", $pwhash, $r['user_id']);
+}
+
+mysql_free_result($rs);
+
+echo "Update of passwords finished.\n";
+
+?>
\ No newline at end of file
diff --git a/local/test/lib2/logic/PasswordEncryptionTest.php b/local/test/lib2/logic/PasswordEncryptionTest.php
new file mode 100644
index 00000000..671dfa7f
--- /dev/null
+++ b/local/test/lib2/logic/PasswordEncryptionTest.php
@@ -0,0 +1,31 @@
+<?php
+/****************************************************************************
+
+	Unicode Reminder メモ
+
+	Password Encryption Test
+
+****************************************************************************/
+
+require '../../../../htdocs/lib2/logic/crypt.class.php';
+
+class PasswordEncryptionTest extends PHPUnit_Framework_TestCase {
+
+	function testPasswordEncryption()
+	{
+		global $opt;
+		$opt['logic']['password_hash'] = false;
+
+		$plain_text = 'very important data';
+
+		$md5HashedPassword = crypt::encryptPassword($plain_text);
+		$this->assertEquals('c75ac45eabed45d667359462b6a8e93e', $md5HashedPassword);
+
+		$opt['logic']['password_hash'] = true;
+		$opt['logic']['password_salt'] = '?S<,XyB1Y[y_Gz>b';
+
+		$encryptedPassword = crypt::encryptPassword($plain_text);
+		$this->assertEquals('8b1d376a76e6430738d8322a6e3f4ebd5e8632f67052de7b74c8ca745bda6f11c7ea05db7de0c14bb097d3033557eb81d7fae21de988efc5353ed2f77dab504b', $encryptedPassword);
+	}
+
+}