diff --git a/admin/schema.php b/admin/schema.php index c87f0a6..7951c09 100644 --- a/admin/schema.php +++ b/admin/schema.php @@ -34,7 +34,7 @@ if ( !function_exists( 'db_null_date' ) ) { function installer_db_now() { global $g_db; - + return $g_db->BindTimeStamp( time() ); } @@ -318,7 +318,7 @@ $upgrade[] = Array('CreateTableSQL',Array(db_get_table('user')," username C(32) NOTNULL DEFAULT \" '' \", realname C(64) NOTNULL DEFAULT \" '' \", email C(64) NOTNULL DEFAULT \" '' \", - password C(32) NOTNULL DEFAULT \" '' \", + password C(64) NOTNULL DEFAULT \" '' \", date_created T NOTNULL DEFAULT '" . db_null_date() . "', last_visit T NOTNULL DEFAULT '" . db_null_date() . "', enabled L NOTNULL DEFAULT \" '1' \", @@ -475,7 +475,7 @@ $upgrade[] = Array( 'RenameColumnSQL', Array( db_get_table( 'bugnote' ), "last_m $upgrade[] = Array('CreateIndexSQL',Array('idx_last_mod',db_get_table('bugnote'),'last_modified')); $upgrade[] = Array( 'DropColumnSQL', Array( db_get_table( 'bugnote' ), "date_submitted" ) ); $upgrade[] = Array( 'RenameColumnSQL', Array( db_get_table( 'bugnote' ), "date_submitted_int", "date_submitted", "date_submitted_int I UNSIGNED NOTNULL DEFAULT '1' " ) ); - + $upgrade[] = Array( 'AddColumnSQL', Array( db_get_table( 'bug_file' ), " date_added_int I UNSIGNED NOTNULL DEFAULT '1' " ) ); diff --git a/core/authentication_api.php b/core/authentication_api.php index a90a720..4737828 100644 --- a/core/authentication_api.php +++ b/core/authentication_api.php @@ -345,10 +345,22 @@ function auth_does_password_match( $p_user_id, $p_test_password ) { $t_password = user_get_field( $p_user_id, 'password' ); $t_login_methods = Array( + SHA1, MD5, CRYPT, PLAIN, ); + if( substr($t_password, 0, 1) == '{' && strpos($t_password, '}') > 1 ) { + $t_method = substr( $t_password, 1, strpos($t_password, '}')-1 ); + $t_methods_arr = Array('SHA'=>SHA1, 'MD5'=>MD5, 'CRYPT'=>CRYPT, + 'PLAIN'=>PLAIN); + if( in_array($t_method, $t_methods_arr) + && in_array($t_methods_arr[$t_method], $t_login_methods) ) { + $t_login_methods = Array($t_methods_arr[$t_method]); + $t_password = substr( $t_password, strlen($t_method)+2 ); + } + } + foreach( $t_login_methods as $t_login_method ) { # pass the stored password in as the salt @@ -405,6 +417,9 @@ function auth_does_password_match( $p_user_id, $p_test_password ) { case MD5: $t_processed_password = md5( $p_password ); break; + case SHA1: + $t_processed_password = sha1( $p_password ); + break; case BASIC_AUTH: case PLAIN: default: diff --git a/core/constant_inc.php b/core/constant_inc.php index 7e3e274..3bc1a28 100644 --- a/core/constant_inc.php +++ b/core/constant_inc.php @@ -134,6 +134,7 @@ define( 'MD5', 3 ); define( 'LDAP', 4 ); define( 'BASIC_AUTH', 5 ); define( 'HTTP_AUTH', 6 ); +define( 'SHA1', 7 ); # file upload methods define( 'DISK', 1 ); @@ -552,6 +553,6 @@ define( 'PHPMAILER_METHOD_SMTP', 2 ); # Lengths - NOTE: these may represent hard-coded values in db schema and should not be changed. define( 'USERLEN', 32); define( 'REALLEN', 64); -define( 'PASSLEN', 32); +define( 'PASSLEN', 64); define( 'SECONDS_PER_DAY', 86400 ); diff --git a/config_defaults_inc.php b/config_defaults_inc.php index 8d63519..d2313a5 100644 --- a/config_defaults_inc.php +++ b/config_defaults_inc.php @@ -2569,8 +2569,9 @@ $g_allow_no_category = OFF; /** * login method - * CRYPT or PLAIN or MD5 or LDAP or BASIC_AUTH. You can simply change this at - * will. MantisBT will try to figure out how the passwords were encrypted. + * CRYPT or PLAIN or MD5 or SHA1 or LDAP or BASIC_AUTH. + * You can simply change this at will. MantisBT will try to figure out how the + * passwords were encrypted. * @global int $g_login_method */ $g_login_method = MD5;