diff options
-rw-r--r-- | lib/VNDB/Handler/Users.pm | 2 | ||||
-rw-r--r-- | lib/VNDB/Util/Auth.pm | 23 | ||||
-rw-r--r-- | util/dump.sql | 12 | ||||
-rw-r--r-- | util/updates/update_2.6.sql | 4 |
4 files changed, 26 insertions, 15 deletions
diff --git a/lib/VNDB/Handler/Users.pm b/lib/VNDB/Handler/Users.pm index fa420d2e..c8390b56 100644 --- a/lib/VNDB/Handler/Users.pm +++ b/lib/VNDB/Handler/Users.pm @@ -332,7 +332,7 @@ sub edit { $o{mail} = $frm->{mail}; $o{skin} = $frm->{skin}; $o{customcss} = $frm->{customcss}; - ($o{passwd}, $o{salt}) = $self->authPreparePass($frm->usrpass) if $frm->{usrpass}; + ($o{passwd}, $o{salt}) = $self->authPreparePass($frm->{usrpass}) if $frm->{usrpass}; $o{show_list} = $frm->{flags_list} ? 1 : 0; $o{show_nsfw} = $frm->{flags_nsfw} ? 1 : 0; $self->dbUserEdit($uid, %o); diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm index 81c6c573..faa698e5 100644 --- a/lib/VNDB/Util/Auth.pm +++ b/lib/VNDB/Util/Auth.pm @@ -5,8 +5,8 @@ package VNDB::Util::Auth; use strict; use warnings; use Exporter 'import'; -use Digest::MD5 'md5_hex'; -use Digest::SHA qw|sha1_hex sha256|; +use Digest::MD5 'md5'; +use Digest::SHA qw|sha1_hex sha256 sha256_hex|; use Time::HiRes; use Crypt::Lite; @@ -106,13 +106,14 @@ sub _authCheck { my $d = $self->dbUserGet(username => $user, what => 'mymessages')->[0]; return 0 if !defined $d->{id} || !$d->{rank}; - if (_authEncryptPass($pass, $d->{salt}) == $d->{passwd}) { + if (_authEncryptPass($self, $pass, $d->{salt}, 1) eq $d->{passwd}) { $self->{_auth} = $d; return 1; } - if ($d->{salt} eq '0' && md5_hex($pass) == $d->{passwd}) { + if (md5($pass) eq $d->{passwd}) { $self->{_auth} = $d; - my %o = authPreparePass($d->{id}, $pass); + my %o; + ($o{passwd}, $o{salt}) = authPreparePass($self, $pass); $self->dbUserEdit($d->{id}, %o); return 1; } @@ -122,11 +123,12 @@ sub _authCheck { # Encryption algorithm for user passwords -# Arguments: pass, salt -# Returns: encrypted password as a binary string +# Arguments: self, pass, salt, binary mode +# Returns: encrypted password sub _authEncryptPass{ - my ($self, $pass, $salt) = @_; - return sha256($self->{global_salt} . $pass . $salt); + my ($self, $pass, $salt, $bin) = @_; + return sha256($self->{global_salt} . $pass . $salt) if $bin; + return sha256_hex($self->{global_salt} . $pass . $salt); } @@ -135,9 +137,8 @@ sub _authEncryptPass{ # Returns: list (pass, salt) sub authPreparePass{ my($self, $pass) = @_; - my $salt = join '', map chr(rand(93)+33), 1..9; - my $hash = authEncryptPass($pass, $salt); + my $hash = _authEncryptPass($self, $pass, $salt); return ($hash, $salt); } diff --git a/util/dump.sql b/util/dump.sql index 22e80099..e69947f6 100644 --- a/util/dump.sql +++ b/util/dump.sql @@ -161,6 +161,14 @@ CREATE TABLE screenshots ( height smallint NOT NULL DEFAULT 0 ); +-- sessions +CREATE TABLE sessions ( + uid integer NOT NULL, + token character(40) NOT NULL, + expiration bigint DEFAULT 0 NOT NULL, + PRIMARY KEY (uid, token) +); + -- stats_cache CREATE TABLE stats_cache ( section varchar(25) NOT NULL PRIMARY KEY, @@ -256,7 +264,8 @@ CREATE TABLE users ( skin varchar(128) NOT NULL DEFAULT '', customcss text NOT NULL DEFAULT '', ip inet NOT NULL DEFAULT '0.0.0.0', - c_tags integer NOT NULL DEFAULT 0 + c_tags integer NOT NULL DEFAULT 0, + salt character(9) NOT NULL DEFAULT '' ); -- vn @@ -376,6 +385,7 @@ ALTER TABLE releases_vn ADD FOREIGN KEY (rid) REFERENCES releases_r ALTER TABLE releases_vn ADD FOREIGN KEY (vid) REFERENCES vn (id) DEFERRABLE INITIALLY DEFERRED; ALTER TABLE rlists ADD FOREIGN KEY (uid) REFERENCES users (id) DEFERRABLE INITIALLY DEFERRED; ALTER TABLE rlists ADD FOREIGN KEY (rid) REFERENCES releases (id) DEFERRABLE INITIALLY DEFERRED; +ALTER TABLE sessions ADD FOREIGN KEY (uid) REFERENCES users (id) DEFERRABLE INITIALLY DEFERRED; ALTER TABLE tags ADD FOREIGN KEY (addedby) REFERENCES users (id) DEFERRABLE INITIALLY DEFERRED; ALTER TABLE tags_aliases ADD FOREIGN KEY (tag) REFERENCES tags (id) DEFERRABLE INITIALLY DEFERRED; ALTER TABLE tags_parents ADD FOREIGN KEY (tag) REFERENCES tags (id) DEFERRABLE INITIALLY DEFERRED; diff --git a/util/updates/update_2.6.sql b/util/updates/update_2.6.sql index 444d81c9..e631039e 100644 --- a/util/updates/update_2.6.sql +++ b/util/updates/update_2.6.sql @@ -2,7 +2,7 @@ -- Create table for session data storage CREATE TABLE sessions ( - uid integer NOT NULL REFERENCES users(id) ON DELETE CASCADE, + uid integer NOT NULL REFERENCES users(id) DEFERRABLE INITIALLY DEFERRED; token character(40) NOT NULL, expiration bigint DEFAULT 0 NOT NULL, PRIMARY KEY (uid, token) @@ -10,5 +10,5 @@ CREATE TABLE sessions ( -- Add column to users for salt storage -ALTER TABLE users ADD COLUMN salt character(9) NOT NULL DEFAULT 0; +ALTER TABLE users ADD COLUMN salt character(9) NOT NULL DEFAULT ''; |