From 05786aae1be5f4d25484008e2c31e3497395bd74 Mon Sep 17 00:00:00 2001 From: chriskl Date: Tue, 20 Dec 2005 01:33:12 +0000 Subject: [PATCH] Use ENCRYPTED PASSWORD on 7.2 and above for slight increase in security. Really should use this for db connect as well, however how do we know what version we're connecting to?? --- HISTORY | 1 + classes/database/Postgres72.php | 79 ++++++++++++++++++++++++++++++++- 2 files changed, 79 insertions(+), 1 deletion(-) diff --git a/HISTORY b/HISTORY index c9c61d54..fe9d63d2 100644 --- a/HISTORY +++ b/HISTORY @@ -7,6 +7,7 @@ Version 4.1 Features * New icons by Niko , from the graphics repository on pgFoundry. * Added icons to bread crumb trail and tabs. +* Send encrypted passwords over the wire wherever possible. Version 4.0 ----------- diff --git a/classes/database/Postgres72.php b/classes/database/Postgres72.php index de45b900..1db157f5 100644 --- a/classes/database/Postgres72.php +++ b/classes/database/Postgres72.php @@ -4,7 +4,7 @@ * A class that implements the DB interface for Postgres * Note: This class uses ADODB and returns RecordSets. * - * $Id: Postgres72.php,v 1.84 2005/09/07 08:09:21 chriskl Exp $ + * $Id: Postgres72.php,v 1.85 2005/12/20 01:33:15 chriskl Exp $ */ @@ -47,6 +47,83 @@ class Postgres72 extends Postgres71 { return $this->help_page; } + // User functions + + /** + * Helper function that computes encypted PostgreSQL passwords + * @param $username The username + * @param $password The password + */ + function _encryptPassword($username, $password) { + return 'md5' . md5($password . $username); + } + + /** + * Changes a user's password + * @param $username The username + * @param $password The new password + * @return 0 success + */ + function changePassword($username, $password) { + $this->fieldClean($username); + $this->clean($password); + + $sql = "ALTER USER \"{$username}\" WITH ENCRYPTED PASSWORD '" . $this->_encryptPassword($username, $password) . "'"; + + return $this->execute($sql); + } + + /** + * Creates a new user + * @param $username The username of the user to create + * @param $password A password for the user + * @param $createdb boolean Whether or not the user can create databases + * @param $createuser boolean Whether or not the user can create other users + * @param $expiry string Format 'YYYY-MM-DD HH:MM:SS'. '' means never expire + * @param $group (array) The groups to create the user in + * @return 0 success + */ + function createUser($username, $password, $createdb, $createuser, $expiry, $groups) { + $this->fieldClean($username); + $this->clean($password); + $this->clean($expiry); + $this->fieldArrayClean($groups); + + $sql = "CREATE USER \"{$username}\""; + if ($password != '') $sql .= " WITH ENCRYPTED PASSWORD '" . $this->_encryptPassword($username, $password) . "'"; + $sql .= ($createdb) ? ' CREATEDB' : ' NOCREATEDB'; + $sql .= ($createuser) ? ' CREATEUSER' : ' NOCREATEUSER'; + if (is_array($groups) && sizeof($groups) > 0) $sql .= " IN GROUP \"" . join('", "', $groups) . "\""; + if ($expiry != '') $sql .= " VALID UNTIL '{$expiry}'"; + else $sql .= " VALID UNTIL 'infinity'"; + + return $this->execute($sql); + } + + /** + * Adjusts a user's info + * @param $username The username of the user to modify + * @param $password A new password for the user + * @param $createdb boolean Whether or not the user can create databases + * @param $createuser boolean Whether or not the user can create other users + * @param $expiry string Format 'YYYY-MM-DD HH:MM:SS'. '' means never expire. + * @return 0 success + */ + function setUser($username, $password, $createdb, $createuser, $expiry) { + $this->fieldClean($username); + $this->clean($password); + $this->clean($expiry); + + $sql = "ALTER USER \"{$username}\""; + if ($password != '') $sql .= " WITH ENCRYPTED PASSWORD '" . $this->_encryptPassword($username, $password) . "'"; + $sql .= ($createdb) ? ' CREATEDB' : ' NOCREATEDB'; + $sql .= ($createuser) ? ' CREATEUSER' : ' NOCREATEUSER'; + if ($expiry != '') $sql .= " VALID UNTIL '{$expiry}'"; + else $sql .= " VALID UNTIL 'infinity'"; + + return $this->execute($sql); + } + /** * Returns all available process information. * @param $database (optional) Find only connections to specified database -- 2.39.5