diff options
author | 3dB <3db@3decibels.net> | 2009-07-28 17:38:26 -0400 |
---|---|---|
committer | 3dB <3db@3decibels.net> | 2009-07-28 17:38:26 -0400 |
commit | be8f1cee4965d7e7c21e1252c5bc0fded56bc3e9 (patch) | |
tree | 34e066fbf771408495093b72c617f2c93672f9b8 | |
parent | 3d066164e1e0440469cef65946f18605bd50a3c8 (diff) |
Modified DB libraries and user handlers dealing with passwords to work with new auth system.
-- Modified all database insertion and edit subroutines to be able to work with the new 'salt' column.
-- Modified all subroutines dealing with password manipulation to use authPreparePass
to encrypt passwords and generate salts.
-rw-r--r-- | lib/VNDB/DB/Users.pm | 8 | ||||
-rw-r--r-- | lib/VNDB/Handler/Users.pm | 10 |
2 files changed, 10 insertions, 8 deletions
diff --git a/lib/VNDB/DB/Users.pm b/lib/VNDB/DB/Users.pm index 1ea8daf5..a28a88cc 100644 --- a/lib/VNDB/DB/Users.pm +++ b/lib/VNDB/DB/Users.pm @@ -75,7 +75,7 @@ sub dbUserEdit { my %h; defined $o{$_} && ($h{$_.' = ?'} = $o{$_}) - for (qw| username mail rank show_nsfw show_list skin customcss |); + for (qw| username mail rank show_nsfw show_list skin customcss salt |); $h{'passwd = decode(?, \'hex\')'} = $o{passwd} if defined $o{passwd}; @@ -88,11 +88,11 @@ sub dbUserEdit { } -# username, md5(pass), mail, [ip] +# username, pass(ecrypted), salt, mail, [ip] sub dbUserAdd { my($s, @o) = @_; - $s->dbExec(q|INSERT INTO users (username, passwd, mail, ip, registered) VALUES(?, decode(?, 'hex'), ?, ?, ?)|, - @o[0..2], $o[3]||$s->reqIP, time); + $s->dbExec(q|INSERT INTO users (username, passwd, salt, mail, ip, registered) VALUES(?, decode(?, 'hex'), ?, ?, ?, ?)|, + @o[0..3], $o[4]||$s->reqIP, time); } diff --git a/lib/VNDB/Handler/Users.pm b/lib/VNDB/Handler/Users.pm index d4755ae1..fa420d2e 100644 --- a/lib/VNDB/Handler/Users.pm +++ b/lib/VNDB/Handler/Users.pm @@ -4,7 +4,6 @@ package VNDB::Handler::Users; use strict; use warnings; use YAWF ':html'; -use Digest::MD5 'md5_hex'; use VNDB::Func; @@ -183,7 +182,9 @@ sub newpass { if(!$frm->{_err}) { my @chars = ( 'A'..'Z', 'a'..'z', 0..9 ); my $pass = join '', map $chars[int rand $#chars+1], 0..8; - $self->dbUserEdit($u->{id}, passwd => md5_hex($pass)); + my %o; + ($o{passwd}, $o{salt}) = $self->authPreparePass($pass); + $self->dbUserEdit($u->{id}, %o); my $body = <<'__'; Hello %s, @@ -258,7 +259,8 @@ sub register { push @{$frm->{_err}}, 'oneaday' if !$frm->{_err} && $self->dbUserGet(ip => $self->reqIP, registered => time-24*3600)->[0]{id}; if(!$frm->{_err}) { - $self->dbUserAdd($frm->{usrname}, md5_hex($frm->{usrpass}), $frm->{mail}); + my ($pass, $salt) = $self->authPreparePass($frm->{usrpass}); + $self->dbUserAdd($frm->{usrname}, $pass, $salt, $frm->{mail}); return $self->authLogin($frm->{usrname}, $frm->{usrpass}, '/'); } } @@ -330,7 +332,7 @@ sub edit { $o{mail} = $frm->{mail}; $o{skin} = $frm->{skin}; $o{customcss} = $frm->{customcss}; - $o{passwd} = md5_hex($frm->{usrpass}) if $frm->{usrpass}; + ($o{passwd}, $o{salt}) = $self->authPreparePass($frm->usrpass) if $frm->{usrpass}; $o{show_list} = $frm->{flags_list} ? 1 : 0; $o{show_nsfw} = $frm->{flags_nsfw} ? 1 : 0; $self->dbUserEdit($uid, %o); |