pinetd2 /code/classes/Daemon/PMaild/MTA/Auth.class.php

Language PHP Lines 98
MD5 Hash 781402f7a0ceb1cf676e92454e0a430a
Repository https://github.com/blekkzor/pinetd2.git View Raw File View Project SPDX
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<?php

namespace Daemon\PMaild\MTA;

use pinetd\Logger;
use pinetd\SQL;

class Auth {
	private $login = null;
	private $info = null;
	private $SQL;

	public function __construct($localConfig) {
		$this->SQL = SQL::Factory($localConfig['Storage']);
	}

	public function getLogin() {
		return $this->login;
	}

	public function getInfo() {
		return $this->info;
	}

	public function login($login, $pass, $mode = null) {
		$pos = strrpos($login, '@');
		if ($pos === false) $pos = strrpos($login, '+'); // compatibility with old-style stuff
		if ($pos === false) return false;
		$domain = substr($login, $pos+1);
		$user = substr($login, 0, $pos);
		$info = array(
			'domain' => $domain,
			'user' => $user,
		);

		// load domain
		$DAO_domains = $this->SQL->DAO('domains', 'domainid');
		$domain = $DAO_domains->loadByField(array('domain' => $domain));

		if (!$domain) return false;
		$domain = $domain[0];

		$info['domainid'] = $domain->domainid;

		if(!is_null($mode)) {
			// check if domain has required protocol
			$proto = array_flip(explode(',', $domain->protocol));
			if (!isset($proto[$mode])) {
				Logger::log(Logger::LOG_INFO, strtoupper($mode).' login denied to user '.$login.': '.strtoupper($mode).' disabled');
				return false;
			}
		}
		
		$DAO_accounts = $this->SQL->DAO('z'.$domain->domainid.'_accounts', 'id');
		$account = $DAO_accounts->loadByField(array('user'=>$user));

		if (!$account) return false;
		$account = $account[0];

		if (is_null($account->password)) {
			if (strlen($pass) < 4) return false;
			$account->password = crypt($pass);
			$account->commit();
			Logger::log(Logger::LOG_INFO, 'Recording new password for user '.$login);
		}

		// check password
		if ($account->password[0] == '$') {
			$pass = crypt($pass, $account->password);
		} else {
			switch(strlen($account->password)) {
				case 13: // old-style unix passwords, limited to 8 chars, highly discouraged
					$pass = crypt($pass, $account->password);
					break;
				case 32:
					$pass = md5($pass);
					break;
				case 40:
					$pass = sha1($pass);
					break;
				default:
					return false; // password disabled?
			}
		}
		if ($account->password != $pass) return false; // auth failed
		Logger::log(Logger::LOG_DEBUG, get_class($this).': User '.$login.' logged in successfully'.(is_null($mode)?'':' on '.$mode));
		$account->last_login = $this->SQL->now();
		$account->commit(); // will also commit password if set

		$info['account'] = $account;

		$this->info = $info;
		$this->login = $account->user . '@' . $domain->domain;
		return true;
	}
}
Back to Top