Jan 17 2009 07:22 pm
Posted by coen under PHP,Programming,School
php and ssha ldap passwords
Although the current semester is almost over, we’re still working very hard on our project (in Dutch), and today I finished a password reset function for users of the portal. The tricky thing for me is that the user passwords are stored in LDAP, so I had to figure out how to write to a LDAP database, and how to create a SSHA password hash in php.
I found that there is very little documentation about the ldap functionality in php, let alone how to create a SSHA hash. There was, however, one post on php.net where I found half of my answer: http://nl.php.net/manual/en/function.sha1.php#52365 . The only thing I had to change was:
// this
$salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand());
// into this
$salt = pack("CCCCCCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand());
So, the complete code now looks like this:
mt_srand((double)microtime()*1000000);
$salt = pack("CCCCCCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand());
$sshaPassword = "{SSHA}" . base64_encode( pack("H*", sha1($newpasswd . $salt)) . $salt);
// bind using the configged options
$ldap->bind();
$ldap->save($userDn , array("userPassword" => $sshaPassword));
So finally, the password reset functionality works and users won’t have to worry if they’ve lost their password.
malone on 27 Mar 2009 at 5:24 pm #
nice one, works great!
desdulianto on 25 May 2009 at 10:56 am #
thanks for your code, i’m using it now for our project ^^