die if missing user or pw
This commit is contained in:
parent
4e48acc133
commit
25ebfe2663
14
auth.php
14
auth.php
|
@ -1,14 +0,0 @@
|
|||
<?php
|
||||
|
||||
function authenticate($user, $pass){
|
||||
// run shell command to output shadow file, and extract line for $user
|
||||
// then spit the shadow line by $ or : to get component parts
|
||||
// store in $shad as array
|
||||
$shad = preg_split("/[$:]/",`cat /etc/shadow | grep "^$user\:"`);
|
||||
// use mkpasswd command to generate shadow line passing $pass and $shad[3] (salt)
|
||||
// split the result into component parts
|
||||
$mkps = preg_split("/[$:]/",trim(`mkpasswd -m sha-512 $pass $shad[3]`));
|
||||
// compare the shadow file hashed password with generated hashed password and return
|
||||
return ($shad[4] == $mkps[3]);
|
||||
}
|
||||
|
20
index.php
20
index.php
|
@ -1,9 +1,17 @@
|
|||
<?php
|
||||
if (empty($_REQUEST['user']) || empty($_REQUEST['pw']))
|
||||
die('0');
|
||||
|
||||
$usr = $_REQUEST['user'];
|
||||
$pw = $_REQUEST['pw'];
|
||||
|
||||
include_once 'auth.php';
|
||||
|
||||
echo authenticate($usr, $pw) ? '1' : '0';
|
||||
function authenticate($user, $pass){
|
||||
// run shell command to output shadow file, and extract line for $user
|
||||
// then spit the shadow line by $ or : to get component parts
|
||||
// store in $shad as array
|
||||
$shad = preg_split("/[$:]/",`cat /etc/shadow | grep "^$user\:"`);
|
||||
// use mkpasswd command to generate shadow line passing $pass and $shad[3] (salt)
|
||||
// split the result into component parts
|
||||
$mkps = preg_split("/[$:]/",trim(`mkpasswd -m sha-512 $pass $shad[3]`));
|
||||
// compare the shadow file hashed password with generated hashed password and return
|
||||
return ($shad[4] == $mkps[3]);
|
||||
}
|
||||
|
||||
echo authenticate($_REQUEST['user'], $_REQUEST['pw']) ? '1' : '0';
|
||||
|
|
Loading…
Reference in New Issue