From: Jean-Marc Pigeon <jmp@safe.c>
Date: Thu, 4 Sep 2025 22:45:41 +0000 (-0400)
Subject: php is able to compare password
X-Git-Tag: end-0.15~29
X-Git-Url: https://jmp-git.ovh.safe.ca/?a=commitdiff_plain;h=b54238e1a33d77913b74258b8678ab42fd49a02f;p=jmp%2Fmailleur

php is able to compare password
---

diff --git a/www/gessql.php b/www/gessql.php
index aed6b8c..bec3ae4 100644
--- a/www/gessql.php
+++ b/www/gessql.php
@@ -38,12 +38,18 @@ while ($proceed==true) {
         $phase=999;     //user unknown, trouble trouble
         }
       break;
-    case 2      :       //extracting user crypted password
-      rou_alert(0,"$OPEP, JMPDBG dbpass=$dbpass");
-      break;
-    case 3      :       //compare crypted password adn given password
+    case 2      :       //'computing' crypted password
+      $idpass=$dbpass;
+      $ptr=strrchr($idpass,'$');
+      if ($ptr!=NULL) 
+        $idpass=substr($idpass,0,strlen($idpass)-strlen($ptr)+1);
+      $coded=crypt($password,$idpass);
+      if (strcmp($dbpass,$coded)!=0) {
+        rou_alert(0,"$OPEP, user=<$logname> wrong password=<$password>");
+        $phase=999;     //bad password 
+        }
       break;
-    case 4      :       //everything fine
+    case 3      :       //everything fine
       $random=(string)rand(0,9999999); 
       $uniqid=uniqid("",true);
       $delay=time()+(24*3600);
@@ -83,7 +89,7 @@ $cookie=htmlspecialchars($cookie);
 $phase=0;
 $proceed=true;
 while ($proceed==true) {
-  rou_alert(0,"$OPEP, JMPDBG phase=$phase");
+  //rou_alert(0,"$OPEP, JMPDBG phase=$phase");
   switch ($phase) {
     case 0      :       //do we have a cookie
       if ($cookie==NULL)
diff --git a/www/mailleur.php b/www/mailleur.php
index 237da88..7177caf 100644
--- a/www/mailleur.php
+++ b/www/mailleur.php
@@ -16,7 +16,6 @@ function body($logname)
 {
 global $isadmin;
 
-rou_alert(0,"JMPDBG admin=$admin");
 $footer=footer(getenv("APPNAME"));
 $cook=$_COOKIE[getenv("APPNAME")];