summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2009-07-31 12:01:35 +0200
committerYorhel <git@yorhel.nl>2009-07-31 12:01:35 +0200
commit5e9e6a78d3b7ffd177d91dba6602946dbd9a4c09 (patch)
treea6556ed414f96383e7338ff121385958fa751c44
parentdb551911f429359a30ffd76017451164ba81af50 (diff)
Fetch hex hashes from dbUserGet() and do comparison in hex
For consistency, it's best to do everything related to hashes in hexadecimal notation in Perl.
-rw-r--r--lib/VNDB/DB/Users.pm5
-rw-r--r--lib/VNDB/Util/Auth.pm16
2 files changed, 9 insertions, 12 deletions
diff --git a/lib/VNDB/DB/Users.pm b/lib/VNDB/DB/Users.pm
index eaed1234..ae46b896 100644
--- a/lib/VNDB/DB/Users.pm
+++ b/lib/VNDB/DB/Users.pm
@@ -24,8 +24,6 @@ sub dbUserGet {
my %where = (
$o{username} ? (
'username = ?' => $o{username} ) : (),
- $o{passwd} ? (
- 'passwd = decode(?, \'hex\')' => $o{passwd} ) : (),
$o{firstchar} ? (
'SUBSTRING(username from 1 for 1) = ?' => $o{firstchar} ) : (),
!$o{firstchar} && defined $o{firstchar} ? (
@@ -45,7 +43,8 @@ sub dbUserGet {
);
my @select = (
- 'u.*',
+ qw|id username mail rank salt registered c_votes c_changes show_nsfw show_list skin customcss ip c_tags|,
+ q|encode(passwd, 'hex') AS passwd|,
$o{what} =~ /stats/ ? (
'(SELECT COUNT(*) FROM rlists WHERE uid = u.id) AS releasecount',
'(SELECT COUNT(DISTINCT rv.vid) FROM rlists rl JOIN releases r ON rl.rid = r.id JOIN releases_vn rv ON rv.rid = r.latest WHERE uid = u.id) AS vncount',
diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm
index ce548a98..b9724964 100644
--- a/lib/VNDB/Util/Auth.pm
+++ b/lib/VNDB/Util/Auth.pm
@@ -5,8 +5,8 @@ package VNDB::Util::Auth;
use strict;
use warnings;
use Exporter 'import';
-use Digest::MD5 'md5';
-use Digest::SHA qw|sha1_hex sha256 sha256_hex|;
+use Digest::MD5 'md5_hex';
+use Digest::SHA qw|sha1_hex sha256_hex|;
use Time::HiRes;
use Encode 'encode_utf8';
use POSIX 'strftime';
@@ -98,11 +98,11 @@ sub _authCheck {
my $d = $self->dbUserGet(username => $user, what => 'mymessages')->[0];
return 0 if !defined $d->{id} || !$d->{rank};
- if(_authEncryptPass($self, $pass, $d->{salt}, 1) eq $d->{passwd}) {
+ if(_authEncryptPass($self, $pass, $d->{salt}) eq $d->{passwd}) {
$self->{_auth} = $d;
return 1;
}
- if(md5($pass) eq $d->{passwd}) {
+ if(md5_hex($pass) eq $d->{passwd}) {
$self->{_auth} = $d;
my %o;
($o{passwd}, $o{salt}) = authPreparePass($self, $pass);
@@ -115,13 +115,11 @@ sub _authCheck {
# Encryption algorithm for user passwords
-# Arguments: self, pass, salt, binary mode
-# Returns: encrypted password
+# Arguments: self, pass, salt
+# Returns: encrypted password (in hex)
sub _authEncryptPass{
my($self, $pass, $salt, $bin) = @_;
- my $str = $self->{global_salt} . encode_utf8($pass) . encode_utf8($salt);
- return sha256($str) if $bin;
- return sha256_hex($str);
+ return sha256_hex($self->{global_salt} . encode_utf8($pass) . encode_utf8($salt));
}