From b54238e1a33d77913b74258b8678ab42fd49a02f Mon Sep 17 00:00:00 2001 From: Jean-Marc Pigeon Date: Thu, 4 Sep 2025 18:45:41 -0400 Subject: [PATCH] php is able to compare password --- www/gessql.php | 18 ++++++++++++------ www/mailleur.php | 1 - 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/www/gessql.php b/www/gessql.php index aed6b8c..bec3ae4 100644 --- a/www/gessql.php +++ b/www/gessql.php @@ -38,12 +38,18 @@ while ($proceed==true) { $phase=999; //user unknown, trouble trouble } break; - case 2 : //extracting user crypted password - rou_alert(0,"$OPEP, JMPDBG dbpass=$dbpass"); - break; - case 3 : //compare crypted password adn given password + case 2 : //'computing' crypted password + $idpass=$dbpass; + $ptr=strrchr($idpass,'$'); + if ($ptr!=NULL) + $idpass=substr($idpass,0,strlen($idpass)-strlen($ptr)+1); + $coded=crypt($password,$idpass); + if (strcmp($dbpass,$coded)!=0) { + rou_alert(0,"$OPEP, user=<$logname> wrong password=<$password>"); + $phase=999; //bad password + } break; - case 4 : //everything fine + case 3 : //everything fine $random=(string)rand(0,9999999); $uniqid=uniqid("",true); $delay=time()+(24*3600); @@ -83,7 +89,7 @@ $cookie=htmlspecialchars($cookie); $phase=0; $proceed=true; while ($proceed==true) { - rou_alert(0,"$OPEP, JMPDBG phase=$phase"); + //rou_alert(0,"$OPEP, JMPDBG phase=$phase"); switch ($phase) { case 0 : //do we have a cookie if ($cookie==NULL) diff --git a/www/mailleur.php b/www/mailleur.php index 237da88..7177caf 100644 --- a/www/mailleur.php +++ b/www/mailleur.php @@ -16,7 +16,6 @@ function body($logname) { global $isadmin; -rou_alert(0,"JMPDBG admin=$admin"); $footer=footer(getenv("APPNAME")); $cook=$_COOKIE[getenv("APPNAME")]; -- 2.47.3