diff options
author | 3dB <3db@3decibels.net> | 2009-07-28 20:42:12 -0400 |
---|---|---|
committer | 3dB <3db@3decibels.net> | 2009-07-28 20:42:12 -0400 |
commit | 5e73fc02c767b818f4dde18774406f5ddf217093 (patch) | |
tree | 91a067d70aa6c4f97bb86857183a7ab39deda036 /lib/VNDB | |
parent | be8f1cee4965d7e7c21e1252c5bc0fded56bc3e9 (diff) |
Multiple bugfixes to authorization system & sql tweaks
This commit is tested to work.
Diffstat (limited to 'lib/VNDB')
-rw-r--r-- | lib/VNDB/Handler/Users.pm | 2 | ||||
-rw-r--r-- | lib/VNDB/Util/Auth.pm | 23 |
2 files changed, 13 insertions, 12 deletions
diff --git a/lib/VNDB/Handler/Users.pm b/lib/VNDB/Handler/Users.pm index fa420d2e..c8390b56 100644 --- a/lib/VNDB/Handler/Users.pm +++ b/lib/VNDB/Handler/Users.pm @@ -332,7 +332,7 @@ sub edit { $o{mail} = $frm->{mail}; $o{skin} = $frm->{skin}; $o{customcss} = $frm->{customcss}; - ($o{passwd}, $o{salt}) = $self->authPreparePass($frm->usrpass) if $frm->{usrpass}; + ($o{passwd}, $o{salt}) = $self->authPreparePass($frm->{usrpass}) if $frm->{usrpass}; $o{show_list} = $frm->{flags_list} ? 1 : 0; $o{show_nsfw} = $frm->{flags_nsfw} ? 1 : 0; $self->dbUserEdit($uid, %o); diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm index 81c6c573..faa698e5 100644 --- a/lib/VNDB/Util/Auth.pm +++ b/lib/VNDB/Util/Auth.pm @@ -5,8 +5,8 @@ package VNDB::Util::Auth; use strict; use warnings; use Exporter 'import'; -use Digest::MD5 'md5_hex'; -use Digest::SHA qw|sha1_hex sha256|; +use Digest::MD5 'md5'; +use Digest::SHA qw|sha1_hex sha256 sha256_hex|; use Time::HiRes; use Crypt::Lite; @@ -106,13 +106,14 @@ sub _authCheck { my $d = $self->dbUserGet(username => $user, what => 'mymessages')->[0]; return 0 if !defined $d->{id} || !$d->{rank}; - if (_authEncryptPass($pass, $d->{salt}) == $d->{passwd}) { + if (_authEncryptPass($self, $pass, $d->{salt}, 1) eq $d->{passwd}) { $self->{_auth} = $d; return 1; } - if ($d->{salt} eq '0' && md5_hex($pass) == $d->{passwd}) { + if (md5($pass) eq $d->{passwd}) { $self->{_auth} = $d; - my %o = authPreparePass($d->{id}, $pass); + my %o; + ($o{passwd}, $o{salt}) = authPreparePass($self, $pass); $self->dbUserEdit($d->{id}, %o); return 1; } @@ -122,11 +123,12 @@ sub _authCheck { # Encryption algorithm for user passwords -# Arguments: pass, salt -# Returns: encrypted password as a binary string +# Arguments: self, pass, salt, binary mode +# Returns: encrypted password sub _authEncryptPass{ - my ($self, $pass, $salt) = @_; - return sha256($self->{global_salt} . $pass . $salt); + my ($self, $pass, $salt, $bin) = @_; + return sha256($self->{global_salt} . $pass . $salt) if $bin; + return sha256_hex($self->{global_salt} . $pass . $salt); } @@ -135,9 +137,8 @@ sub _authEncryptPass{ # Returns: list (pass, salt) sub authPreparePass{ my($self, $pass) = @_; - my $salt = join '', map chr(rand(93)+33), 1..9; - my $hash = authEncryptPass($pass, $salt); + my $hash = _authEncryptPass($self, $pass, $salt); return ($hash, $salt); } |