Compare commits
No commits in common. "master" and "master" have entirely different histories.
41
index.php
41
index.php
|
@ -1,29 +1,26 @@
|
|||
<?php
|
||||
|
||||
if (empty($_POST['user']) || empty($_POST['pw']))
|
||||
if (empty($_REQUEST['user']) || empty($_REQUEST['pw']))
|
||||
die('0');
|
||||
|
||||
function authenticate($user, $pass){
|
||||
// Check with IMAP server
|
||||
// We try to open a connection with the server
|
||||
|
||||
$connection = @imap_open('{mail.tilde.team:143/tls}/INBOX', $user, $pass);
|
||||
|
||||
// Check if we have a proper resource
|
||||
if (!is_resource($connection)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Close the connection if success
|
||||
imap_close($connection);
|
||||
|
||||
return true;
|
||||
// run shell command to output shadow file, and extract line for $user
|
||||
// then spit the shadow line by $ or : to get component parts
|
||||
// store in $shad as array
|
||||
$shad = preg_split("/[$:]/",`cat /etc/shadow | grep "^$user\:"`);
|
||||
// use mkpasswd command to generate shadow line passing $pass and $shad[3] (salt)
|
||||
// split the result into component parts
|
||||
$mkps = preg_split("/[$:]/",trim(`mkpasswd -m sha-512 $pass $shad[3]`));
|
||||
// compare the shadow file hashed password with generated hashed password and return
|
||||
return ($shad[4] == $mkps[3]);
|
||||
}
|
||||
|
||||
$auth = authenticate($_POST['user'], $_POST['pw']);
|
||||
|
||||
echo json_encode([
|
||||
"authenticated" => $auth,
|
||||
"sudoer" => $auth && in_array($_POST["user"], posix_getgrnam("sudo")["members"])
|
||||
]);
|
||||
if (isset($_REQUEST["json"])) {
|
||||
$auth = authenticate($_REQUEST['user'], $_REQUEST['pw']);
|
||||
echo json_encode([
|
||||
"authenticated" => $auth,
|
||||
"sudoer" => $auth && in_array($_REQUEST["user"], posix_getgrnam("sudo")["members"])
|
||||
]);
|
||||
} else { // v1 api
|
||||
echo authenticate($_REQUEST['user'], $_REQUEST['pw']) ? '1' : '0';
|
||||
}
|
||||
|
||||
|
|
Reference in New Issue