Modified DB libraries and user handlers dealing with passwords to work with new auth system.

 -- Modified all database insertion and edit subroutines to be able to work with the new 'salt' column.
 -- Modified all subroutines dealing with password manipulation to use authPreparePass
    to encrypt passwords and generate salts.

1 files changed, 6 insertions, 4 deletions

diff --git a/lib/VNDB/Handler/Users.pm b/lib/VNDB/Handler/Users.pm
index d4755ae1..fa420d2e 100644
--- a/lib/VNDB/Handler/Users.pm
+++ b/lib/VNDB/Handler/Users.pm
@@ -4,7 +4,6 @@ package VNDB::Handler::Users;
 use strict;
 use warnings;
 use YAWF ':html';
-use Digest::MD5 'md5_hex';
 use VNDB::Func;
 
 
@@ -183,7 +182,9 @@ sub newpass {
     if(!$frm->{_err}) {
       my @chars = ( 'A'..'Z', 'a'..'z', 0..9 );
       my $pass = join '', map $chars[int rand $#chars+1], 0..8;
-      $self->dbUserEdit($u->{id}, passwd => md5_hex($pass));
+      my %o;
+      ($o{passwd}, $o{salt}) = $self->authPreparePass($pass);
+      $self->dbUserEdit($u->{id}, %o);
       my $body = <<'__';
 Hello %s,
 
@@ -258,7 +259,8 @@ sub register {
     push @{$frm->{_err}}, 'oneaday'    if !$frm->{_err} && $self->dbUserGet(ip => $self->reqIP, registered => time-24*3600)->[0]{id};
 
     if(!$frm->{_err}) {
-      $self->dbUserAdd($frm->{usrname}, md5_hex($frm->{usrpass}), $frm->{mail});
+      my ($pass, $salt) = $self->authPreparePass($frm->{usrpass});
+      $self->dbUserAdd($frm->{usrname}, $pass, $salt, $frm->{mail});
       return $self->authLogin($frm->{usrname}, $frm->{usrpass}, '/');
     }
   }
@@ -330,7 +332,7 @@ sub edit {
       $o{mail} = $frm->{mail};
       $o{skin} = $frm->{skin};
       $o{customcss} = $frm->{customcss};
-      $o{passwd} = md5_hex($frm->{usrpass}) if $frm->{usrpass};
+      ($o{passwd}, $o{salt}) = $self->authPreparePass($frm->usrpass) if $frm->{usrpass};
       $o{show_list} = $frm->{flags_list} ? 1 : 0;
       $o{show_nsfw} = $frm->{flags_nsfw} ? 1 : 0;
       $self->dbUserEdit($uid, %o);