summaryrefslogtreecommitdiff
path: root/lib/VNDB/Util/Auth.pm
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2011-08-23 14:55:14 +0200
committerYorhel <git@yorhel.nl>2011-08-23 14:55:14 +0200
commit18c681f059389646d0b48b305ccf5e7622cb47e4 (patch)
tree61b631703f3c3c68913502decf56c752683c8a2d /lib/VNDB/Util/Auth.pm
parent341928b722fa6c276ae8c091aebd3f33cc2cbd60 (diff)
Re-structured password recovery feature
Rather than setting an automatically password, reset the password and send an email with a secure token instead. The password can then be set again using this token. This doesn't really have an advantage at this point, just makes the interface and code more consistent when I update the registration code to do something similar.
Diffstat (limited to 'lib/VNDB/Util/Auth.pm')
-rw-r--r--lib/VNDB/Util/Auth.pm30
1 files changed, 27 insertions, 3 deletions
diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm
index 06ed1984..c7e8b973 100644
--- a/lib/VNDB/Util/Auth.pm
+++ b/lib/VNDB/Util/Auth.pm
@@ -13,7 +13,10 @@ use TUWF ':html';
use VNDB::Func;
-our @EXPORT = qw| authInit authLogin authLogout authInfo authCan authPreparePass authGetCode authCheckCode authPref |;
+our @EXPORT = qw|
+ authInit authLogin authLogout authInfo authCan authPreparePass
+ authPrepareReset authValidateReset authGetCode authCheckCode authPref
+|;
# initializes authentication information and checks the vndb_auth cookie
@@ -114,7 +117,7 @@ sub _authCheck {
# Encryption algorithm for user passwords
# Arguments: self, pass, salt
# Returns: encrypted password (in hex)
-sub _authEncryptPass{
+sub _authEncryptPass {
my($self, $pass, $salt, $bin) = @_;
return sha256_hex($self->{global_salt} . encode_utf8($pass) . encode_utf8($salt));
}
@@ -123,7 +126,7 @@ sub _authEncryptPass{
# Prepares a plaintext password for database storage
# Arguments: pass
# Returns: list (pass, salt)
-sub authPreparePass{
+sub authPreparePass {
my($self, $pass) = @_;
my $salt = join '', map chr(rand(93)+33), 1..9;
my $hash = _authEncryptPass($self, $pass, $salt);
@@ -131,6 +134,27 @@ sub authPreparePass{
}
+# Generates a random token that can be used to reset the password.
+# Returns: token, token-encrypted, salt
+sub authPrepareReset {
+ my $self = shift;
+ my $token = sha1_hex(join('', Time::HiRes::gettimeofday()) . join('', map chr(rand(93)+33), 1..9));
+ my $salt = join '', map chr(rand(93)+33), 1..9;
+ my $token_e = sha1_hex(lc($token).$salt);
+ return ($token, $token_e, $salt);
+}
+
+
+# Checks whether the password reset token is valid.
+# Arguments: $u obj, token
+sub authValidateReset {
+ my($self, $u, $t) = @_;
+ return 0 if !$u->{salt} || !$u->{passwd} || length $u->{passwd} != 40
+ || lc sha1_hex(lc($t).$u->{salt}) ne lc $u->{passwd};
+ return 1;
+}
+
+
# Generate a code to be used later on to validate that the form was indeed
# submitted from our site and by the same user/visitor. Not limited to
# logged-in users.