summaryrefslogtreecommitdiff
path: root/lib/VNDB/Util/Auth.pm
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2009-07-31 12:01:35 +0200
committerYorhel <git@yorhel.nl>2009-07-31 12:01:35 +0200
commit5e9e6a78d3b7ffd177d91dba6602946dbd9a4c09 (patch)
treea6556ed414f96383e7338ff121385958fa751c44 /lib/VNDB/Util/Auth.pm
parentdb551911f429359a30ffd76017451164ba81af50 (diff)
Fetch hex hashes from dbUserGet() and do comparison in hex
For consistency, it's best to do everything related to hashes in hexadecimal notation in Perl.
Diffstat (limited to 'lib/VNDB/Util/Auth.pm')
-rw-r--r--lib/VNDB/Util/Auth.pm16
1 files changed, 7 insertions, 9 deletions
diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm
index ce548a98..b9724964 100644
--- a/lib/VNDB/Util/Auth.pm
+++ b/lib/VNDB/Util/Auth.pm
@@ -5,8 +5,8 @@ package VNDB::Util::Auth;
use strict;
use warnings;
use Exporter 'import';
-use Digest::MD5 'md5';
-use Digest::SHA qw|sha1_hex sha256 sha256_hex|;
+use Digest::MD5 'md5_hex';
+use Digest::SHA qw|sha1_hex sha256_hex|;
use Time::HiRes;
use Encode 'encode_utf8';
use POSIX 'strftime';
@@ -98,11 +98,11 @@ sub _authCheck {
my $d = $self->dbUserGet(username => $user, what => 'mymessages')->[0];
return 0 if !defined $d->{id} || !$d->{rank};
- if(_authEncryptPass($self, $pass, $d->{salt}, 1) eq $d->{passwd}) {
+ if(_authEncryptPass($self, $pass, $d->{salt}) eq $d->{passwd}) {
$self->{_auth} = $d;
return 1;
}
- if(md5($pass) eq $d->{passwd}) {
+ if(md5_hex($pass) eq $d->{passwd}) {
$self->{_auth} = $d;
my %o;
($o{passwd}, $o{salt}) = authPreparePass($self, $pass);
@@ -115,13 +115,11 @@ sub _authCheck {
# Encryption algorithm for user passwords
-# Arguments: self, pass, salt, binary mode
-# Returns: encrypted password
+# Arguments: self, pass, salt
+# Returns: encrypted password (in hex)
sub _authEncryptPass{
my($self, $pass, $salt, $bin) = @_;
- my $str = $self->{global_salt} . encode_utf8($pass) . encode_utf8($salt);
- return sha256($str) if $bin;
- return sha256_hex($str);
+ return sha256_hex($self->{global_salt} . encode_utf8($pass) . encode_utf8($salt));
}