summaryrefslogtreecommitdiff
path: root/lib/VNDB
diff options
context:
space:
mode:
author3dB <3db@3decibels.net>2009-07-28 20:42:12 -0400
committer3dB <3db@3decibels.net>2009-07-28 20:42:12 -0400
commit5e73fc02c767b818f4dde18774406f5ddf217093 (patch)
tree91a067d70aa6c4f97bb86857183a7ab39deda036 /lib/VNDB
parentbe8f1cee4965d7e7c21e1252c5bc0fded56bc3e9 (diff)
Multiple bugfixes to authorization system & sql tweaks
This commit is tested to work.
Diffstat (limited to 'lib/VNDB')
-rw-r--r--lib/VNDB/Handler/Users.pm2
-rw-r--r--lib/VNDB/Util/Auth.pm23
2 files changed, 13 insertions, 12 deletions
diff --git a/lib/VNDB/Handler/Users.pm b/lib/VNDB/Handler/Users.pm
index fa420d2e..c8390b56 100644
--- a/lib/VNDB/Handler/Users.pm
+++ b/lib/VNDB/Handler/Users.pm
@@ -332,7 +332,7 @@ sub edit {
$o{mail} = $frm->{mail};
$o{skin} = $frm->{skin};
$o{customcss} = $frm->{customcss};
- ($o{passwd}, $o{salt}) = $self->authPreparePass($frm->usrpass) if $frm->{usrpass};
+ ($o{passwd}, $o{salt}) = $self->authPreparePass($frm->{usrpass}) if $frm->{usrpass};
$o{show_list} = $frm->{flags_list} ? 1 : 0;
$o{show_nsfw} = $frm->{flags_nsfw} ? 1 : 0;
$self->dbUserEdit($uid, %o);
diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm
index 81c6c573..faa698e5 100644
--- a/lib/VNDB/Util/Auth.pm
+++ b/lib/VNDB/Util/Auth.pm
@@ -5,8 +5,8 @@ package VNDB::Util::Auth;
use strict;
use warnings;
use Exporter 'import';
-use Digest::MD5 'md5_hex';
-use Digest::SHA qw|sha1_hex sha256|;
+use Digest::MD5 'md5';
+use Digest::SHA qw|sha1_hex sha256 sha256_hex|;
use Time::HiRes;
use Crypt::Lite;
@@ -106,13 +106,14 @@ sub _authCheck {
my $d = $self->dbUserGet(username => $user, what => 'mymessages')->[0];
return 0 if !defined $d->{id} || !$d->{rank};
- if (_authEncryptPass($pass, $d->{salt}) == $d->{passwd}) {
+ if (_authEncryptPass($self, $pass, $d->{salt}, 1) eq $d->{passwd}) {
$self->{_auth} = $d;
return 1;
}
- if ($d->{salt} eq '0' && md5_hex($pass) == $d->{passwd}) {
+ if (md5($pass) eq $d->{passwd}) {
$self->{_auth} = $d;
- my %o = authPreparePass($d->{id}, $pass);
+ my %o;
+ ($o{passwd}, $o{salt}) = authPreparePass($self, $pass);
$self->dbUserEdit($d->{id}, %o);
return 1;
}
@@ -122,11 +123,12 @@ sub _authCheck {
# Encryption algorithm for user passwords
-# Arguments: pass, salt
-# Returns: encrypted password as a binary string
+# Arguments: self, pass, salt, binary mode
+# Returns: encrypted password
sub _authEncryptPass{
- my ($self, $pass, $salt) = @_;
- return sha256($self->{global_salt} . $pass . $salt);
+ my ($self, $pass, $salt, $bin) = @_;
+ return sha256($self->{global_salt} . $pass . $salt) if $bin;
+ return sha256_hex($self->{global_salt} . $pass . $salt);
}
@@ -135,9 +137,8 @@ sub _authEncryptPass{
# Returns: list (pass, salt)
sub authPreparePass{
my($self, $pass) = @_;
-
my $salt = join '', map chr(rand(93)+33), 1..9;
- my $hash = authEncryptPass($pass, $salt);
+ my $hash = _authEncryptPass($self, $pass, $salt);
return ($hash, $salt);
}