4 files changed, 26 insertions, 15 deletions

diff --git a/lib/VNDB/Handler/Users.pm b/lib/VNDB/Handler/Users.pm
index fa420d2e..c8390b56 100644
--- a/lib/VNDB/Handler/Users.pm
+++ b/lib/VNDB/Handler/Users.pm
@@ -332,7 +332,7 @@ sub edit {
       $o{mail} = $frm->{mail};
       $o{skin} = $frm->{skin};
       $o{customcss} = $frm->{customcss};
-      ($o{passwd}, $o{salt}) = $self->authPreparePass($frm->usrpass) if $frm->{usrpass};
+      ($o{passwd}, $o{salt}) = $self->authPreparePass($frm->{usrpass}) if $frm->{usrpass};
       $o{show_list} = $frm->{flags_list} ? 1 : 0;
       $o{show_nsfw} = $frm->{flags_nsfw} ? 1 : 0;
       $self->dbUserEdit($uid, %o);
diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm
index 81c6c573..faa698e5 100644
--- a/lib/VNDB/Util/Auth.pm
+++ b/lib/VNDB/Util/Auth.pm
@@ -5,8 +5,8 @@ package VNDB::Util::Auth;
 use strict;
 use warnings;
 use Exporter 'import';
-use Digest::MD5 'md5_hex';
-use Digest::SHA qw|sha1_hex sha256|;
+use Digest::MD5 'md5';
+use Digest::SHA qw|sha1_hex sha256 sha256_hex|;
 use Time::HiRes;
 use Crypt::Lite;
 
@@ -106,13 +106,14 @@ sub _authCheck {
   my $d = $self->dbUserGet(username => $user, what => 'mymessages')->[0];
   return 0 if !defined $d->{id} || !$d->{rank};
   
-  if (_authEncryptPass($pass, $d->{salt}) == $d->{passwd}) {
+  if (_authEncryptPass($self, $pass, $d->{salt}, 1) eq $d->{passwd}) {
     $self->{_auth} = $d;
     return 1;
   }
-  if ($d->{salt} eq '0' && md5_hex($pass) == $d->{passwd}) {
+  if (md5($pass) eq $d->{passwd}) {
     $self->{_auth} = $d;
-    my %o = authPreparePass($d->{id}, $pass);
+    my %o;
+    ($o{passwd}, $o{salt}) = authPreparePass($self, $pass);
     $self->dbUserEdit($d->{id}, %o);
     return 1;
   }
@@ -122,11 +123,12 @@ sub _authCheck {
 
 
 # Encryption algorithm for user passwords
-# Arguments: pass, salt
-# Returns: encrypted password as a binary string
+# Arguments: self, pass, salt, binary mode
+# Returns: encrypted password
 sub _authEncryptPass{
-  my ($self, $pass, $salt) = @_;
-  return sha256($self->{global_salt} . $pass . $salt);
+  my ($self, $pass, $salt, $bin) = @_;
+  return sha256($self->{global_salt} . $pass . $salt) if $bin;
+  return sha256_hex($self->{global_salt} . $pass . $salt);
 }
 
 
@@ -135,9 +137,8 @@ sub _authEncryptPass{
 # Returns: list (pass, salt)
 sub authPreparePass{
   my($self, $pass) = @_;
-
   my $salt = join '', map chr(rand(93)+33), 1..9;
-  my $hash = authEncryptPass($pass, $salt);
+  my $hash = _authEncryptPass($self, $pass, $salt);
   return ($hash, $salt);
 }
 
diff --git a/util/dump.sql b/util/dump.sql
index 22e80099..e69947f6 100644
--- a/util/dump.sql
+++ b/util/dump.sql
@@ -161,6 +161,14 @@ CREATE TABLE screenshots (
   height smallint NOT NULL DEFAULT 0
 );
 
+-- sessions
+CREATE TABLE sessions (
+    uid integer NOT NULL,
+    token character(40) NOT NULL,
+    expiration bigint DEFAULT 0 NOT NULL,
+    PRIMARY KEY (uid, token)
+);
+
 -- stats_cache
 CREATE TABLE stats_cache (
   section varchar(25) NOT NULL PRIMARY KEY,
@@ -256,7 +264,8 @@ CREATE TABLE users (
   skin varchar(128) NOT NULL DEFAULT '',
   customcss text NOT NULL DEFAULT '',
   ip inet NOT NULL DEFAULT '0.0.0.0',
-  c_tags integer NOT NULL DEFAULT 0
+  c_tags integer NOT NULL DEFAULT 0,
+  salt character(9) NOT NULL DEFAULT ''
 );
 
 -- vn
@@ -376,6 +385,7 @@ ALTER TABLE releases_vn        ADD FOREIGN KEY (rid)       REFERENCES releases_r
 ALTER TABLE releases_vn        ADD FOREIGN KEY (vid)       REFERENCES vn            (id) DEFERRABLE INITIALLY DEFERRED;
 ALTER TABLE rlists             ADD FOREIGN KEY (uid)       REFERENCES users         (id) DEFERRABLE INITIALLY DEFERRED;
 ALTER TABLE rlists             ADD FOREIGN KEY (rid)       REFERENCES releases      (id) DEFERRABLE INITIALLY DEFERRED;
+ALTER TABLE sessions           ADD FOREIGN KEY (uid)       REFERENCES users         (id) DEFERRABLE INITIALLY DEFERRED;
 ALTER TABLE tags               ADD FOREIGN KEY (addedby)   REFERENCES users         (id) DEFERRABLE INITIALLY DEFERRED;
 ALTER TABLE tags_aliases       ADD FOREIGN KEY (tag)       REFERENCES tags          (id) DEFERRABLE INITIALLY DEFERRED;
 ALTER TABLE tags_parents       ADD FOREIGN KEY (tag)       REFERENCES tags          (id) DEFERRABLE INITIALLY DEFERRED;
diff --git a/util/updates/update_2.6.sql b/util/updates/update_2.6.sql
index 444d81c9..e631039e 100644
--- a/util/updates/update_2.6.sql
+++ b/util/updates/update_2.6.sql
@@ -2,7 +2,7 @@
 -- Create table for session data storage
 
 CREATE TABLE sessions (
-    uid integer NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    uid integer NOT NULL REFERENCES users(id) DEFERRABLE INITIALLY DEFERRED;
     token character(40) NOT NULL,
     expiration bigint DEFAULT 0 NOT NULL,
     PRIMARY KEY (uid, token)
@@ -10,5 +10,5 @@ CREATE TABLE sessions (
 
 -- Add column to users for salt storage
 
-ALTER TABLE users ADD COLUMN salt character(9) NOT NULL DEFAULT 0;
+ALTER TABLE users ADD COLUMN salt character(9) NOT NULL DEFAULT '';