diff options
| -rw-r--r-- | lib/Multi/API.pm | 2 | ||||
| -rw-r--r-- | lib/VNDB/Util/Auth.pm | 10 | ||||
| -rw-r--r-- | util/updates/update_2.21.sql | 4 |
3 files changed, 6 insertions, 10 deletions
diff --git a/lib/Multi/API.pm b/lib/Multi/API.pm index e7e7c092..f50a19be 100644 --- a/lib/Multi/API.pm +++ b/lib/Multi/API.pm @@ -405,7 +405,7 @@ sub login_res { # num, res, [ c, arg ] my($num, $res, $c, $arg) = (@_[ARG0, ARG1], $_[ARG2][0], $_[ARG2][1]); return cerr $c, auth => "No user with the name '$arg->{username}'" if $num == 0; - return cerr $c, auth => "Outdated password format, please relogin on $VNDB::S{url}/ and try again" if $res->[0]{salt} =~ /^ +$/; + return cerr $c, auth => "Account disabled" if $res->[0]{salt} =~ /^ +$/; my $encrypted = sha256_hex($VNDB::S{global_salt}.encode_utf8($arg->{password}).encode_utf8($res->[0]{salt})); return cerr $c, auth => "Wrong password for user '$arg->{username}'" if lc($encrypted) ne lc($res->[0]{passwd}); diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm index 89807bef..06ed1984 100644 --- a/lib/VNDB/Util/Auth.pm +++ b/lib/VNDB/Util/Auth.pm @@ -5,7 +5,6 @@ package VNDB::Util::Auth; use strict; use warnings; use Exporter 'import'; -use Digest::MD5 'md5_hex'; use Digest::SHA qw|sha1_hex sha256_hex|; use Time::HiRes; use Encode 'encode_utf8'; @@ -101,19 +100,12 @@ sub _authCheck { return 0 if !$user || length($user) > 15 || length($user) < 2 || !$pass; my $d = $self->dbUserGet(username => $user, what => 'extended notifycount')->[0]; - return 0 if !$d->{id}; + return 0 if !$d->{id} || $d->{salt} =~ /^ *$/; if(_authEncryptPass($self, $pass, $d->{salt}) eq $d->{passwd}) { $self->{_auth} = $d; return 1; } - if(md5_hex($pass) eq $d->{passwd}) { - $self->{_auth} = $d; - my %o; - ($o{passwd}, $o{salt}) = authPreparePass($self, $pass); - $self->dbUserEdit($d->{id}, %o); - return 1; - } return 0; } diff --git a/util/updates/update_2.21.sql b/util/updates/update_2.21.sql index b99a4ba6..d90a510d 100644 --- a/util/updates/update_2.21.sql +++ b/util/updates/update_2.21.sql @@ -2,3 +2,7 @@ -- New resolution added on index 5 UPDATE releases_rev SET resolution = resolution + 1 WHERE resolution >= 5; + +-- Old MD5 passwords can't be used anymore, so delete them +UPDATE users SET passwd = '' WHERE salt = ''; + |