diff options
| -rw-r--r-- | lib/VNDB/DB/Users.pm | 5 | ||||
| -rw-r--r-- | lib/VNDB/Util/Auth.pm | 16 |
2 files changed, 9 insertions, 12 deletions
diff --git a/lib/VNDB/DB/Users.pm b/lib/VNDB/DB/Users.pm index eaed1234..ae46b896 100644 --- a/lib/VNDB/DB/Users.pm +++ b/lib/VNDB/DB/Users.pm @@ -24,8 +24,6 @@ sub dbUserGet { my %where = ( $o{username} ? ( 'username = ?' => $o{username} ) : (), - $o{passwd} ? ( - 'passwd = decode(?, \'hex\')' => $o{passwd} ) : (), $o{firstchar} ? ( 'SUBSTRING(username from 1 for 1) = ?' => $o{firstchar} ) : (), !$o{firstchar} && defined $o{firstchar} ? ( @@ -45,7 +43,8 @@ sub dbUserGet { ); my @select = ( - 'u.*', + qw|id username mail rank salt registered c_votes c_changes show_nsfw show_list skin customcss ip c_tags|, + q|encode(passwd, 'hex') AS passwd|, $o{what} =~ /stats/ ? ( '(SELECT COUNT(*) FROM rlists WHERE uid = u.id) AS releasecount', '(SELECT COUNT(DISTINCT rv.vid) FROM rlists rl JOIN releases r ON rl.rid = r.id JOIN releases_vn rv ON rv.rid = r.latest WHERE uid = u.id) AS vncount', diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm index ce548a98..b9724964 100644 --- a/lib/VNDB/Util/Auth.pm +++ b/lib/VNDB/Util/Auth.pm @@ -5,8 +5,8 @@ package VNDB::Util::Auth; use strict; use warnings; use Exporter 'import'; -use Digest::MD5 'md5'; -use Digest::SHA qw|sha1_hex sha256 sha256_hex|; +use Digest::MD5 'md5_hex'; +use Digest::SHA qw|sha1_hex sha256_hex|; use Time::HiRes; use Encode 'encode_utf8'; use POSIX 'strftime'; @@ -98,11 +98,11 @@ sub _authCheck { my $d = $self->dbUserGet(username => $user, what => 'mymessages')->[0]; return 0 if !defined $d->{id} || !$d->{rank}; - if(_authEncryptPass($self, $pass, $d->{salt}, 1) eq $d->{passwd}) { + if(_authEncryptPass($self, $pass, $d->{salt}) eq $d->{passwd}) { $self->{_auth} = $d; return 1; } - if(md5($pass) eq $d->{passwd}) { + if(md5_hex($pass) eq $d->{passwd}) { $self->{_auth} = $d; my %o; ($o{passwd}, $o{salt}) = authPreparePass($self, $pass); @@ -115,13 +115,11 @@ sub _authCheck { # Encryption algorithm for user passwords -# Arguments: self, pass, salt, binary mode -# Returns: encrypted password +# Arguments: self, pass, salt +# Returns: encrypted password (in hex) sub _authEncryptPass{ my($self, $pass, $salt, $bin) = @_; - my $str = $self->{global_salt} . encode_utf8($pass) . encode_utf8($salt); - return sha256($str) if $bin; - return sha256_hex($str); + return sha256_hex($self->{global_salt} . encode_utf8($pass) . encode_utf8($salt)); } |