summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author3dB <3db@3decibels.net>2009-07-28 17:38:26 -0400
committer3dB <3db@3decibels.net>2009-07-28 17:38:26 -0400
commitbe8f1cee4965d7e7c21e1252c5bc0fded56bc3e9 (patch)
tree34e066fbf771408495093b72c617f2c93672f9b8
parent3d066164e1e0440469cef65946f18605bd50a3c8 (diff)
Modified DB libraries and user handlers dealing with passwords to work with new auth system.
-- Modified all database insertion and edit subroutines to be able to work with the new 'salt' column. -- Modified all subroutines dealing with password manipulation to use authPreparePass to encrypt passwords and generate salts.
-rw-r--r--lib/VNDB/DB/Users.pm8
-rw-r--r--lib/VNDB/Handler/Users.pm10
2 files changed, 10 insertions, 8 deletions
diff --git a/lib/VNDB/DB/Users.pm b/lib/VNDB/DB/Users.pm
index 1ea8daf5..a28a88cc 100644
--- a/lib/VNDB/DB/Users.pm
+++ b/lib/VNDB/DB/Users.pm
@@ -75,7 +75,7 @@ sub dbUserEdit {
my %h;
defined $o{$_} && ($h{$_.' = ?'} = $o{$_})
- for (qw| username mail rank show_nsfw show_list skin customcss |);
+ for (qw| username mail rank show_nsfw show_list skin customcss salt |);
$h{'passwd = decode(?, \'hex\')'} = $o{passwd}
if defined $o{passwd};
@@ -88,11 +88,11 @@ sub dbUserEdit {
}
-# username, md5(pass), mail, [ip]
+# username, pass(ecrypted), salt, mail, [ip]
sub dbUserAdd {
my($s, @o) = @_;
- $s->dbExec(q|INSERT INTO users (username, passwd, mail, ip, registered) VALUES(?, decode(?, 'hex'), ?, ?, ?)|,
- @o[0..2], $o[3]||$s->reqIP, time);
+ $s->dbExec(q|INSERT INTO users (username, passwd, salt, mail, ip, registered) VALUES(?, decode(?, 'hex'), ?, ?, ?, ?)|,
+ @o[0..3], $o[4]||$s->reqIP, time);
}
diff --git a/lib/VNDB/Handler/Users.pm b/lib/VNDB/Handler/Users.pm
index d4755ae1..fa420d2e 100644
--- a/lib/VNDB/Handler/Users.pm
+++ b/lib/VNDB/Handler/Users.pm
@@ -4,7 +4,6 @@ package VNDB::Handler::Users;
use strict;
use warnings;
use YAWF ':html';
-use Digest::MD5 'md5_hex';
use VNDB::Func;
@@ -183,7 +182,9 @@ sub newpass {
if(!$frm->{_err}) {
my @chars = ( 'A'..'Z', 'a'..'z', 0..9 );
my $pass = join '', map $chars[int rand $#chars+1], 0..8;
- $self->dbUserEdit($u->{id}, passwd => md5_hex($pass));
+ my %o;
+ ($o{passwd}, $o{salt}) = $self->authPreparePass($pass);
+ $self->dbUserEdit($u->{id}, %o);
my $body = <<'__';
Hello %s,
@@ -258,7 +259,8 @@ sub register {
push @{$frm->{_err}}, 'oneaday' if !$frm->{_err} && $self->dbUserGet(ip => $self->reqIP, registered => time-24*3600)->[0]{id};
if(!$frm->{_err}) {
- $self->dbUserAdd($frm->{usrname}, md5_hex($frm->{usrpass}), $frm->{mail});
+ my ($pass, $salt) = $self->authPreparePass($frm->{usrpass});
+ $self->dbUserAdd($frm->{usrname}, $pass, $salt, $frm->{mail});
return $self->authLogin($frm->{usrname}, $frm->{usrpass}, '/');
}
}
@@ -330,7 +332,7 @@ sub edit {
$o{mail} = $frm->{mail};
$o{skin} = $frm->{skin};
$o{customcss} = $frm->{customcss};
- $o{passwd} = md5_hex($frm->{usrpass}) if $frm->{usrpass};
+ ($o{passwd}, $o{salt}) = $self->authPreparePass($frm->usrpass) if $frm->{usrpass};
$o{show_list} = $frm->{flags_list} ? 1 : 0;
$o{show_nsfw} = $frm->{flags_nsfw} ? 1 : 0;
$self->dbUserEdit($uid, %o);