summaryrefslogtreecommitdiff
path: root/lib/VNDB
diff options
context:
space:
mode:
Diffstat (limited to 'lib/VNDB')
-rw-r--r--lib/VNDB/DB/Users.pm5
-rw-r--r--lib/VNDB/Util/Auth.pm16
2 files changed, 9 insertions, 12 deletions
diff --git a/lib/VNDB/DB/Users.pm b/lib/VNDB/DB/Users.pm
index eaed1234..ae46b896 100644
--- a/lib/VNDB/DB/Users.pm
+++ b/lib/VNDB/DB/Users.pm
@@ -24,8 +24,6 @@ sub dbUserGet {
my %where = (
$o{username} ? (
'username = ?' => $o{username} ) : (),
- $o{passwd} ? (
- 'passwd = decode(?, \'hex\')' => $o{passwd} ) : (),
$o{firstchar} ? (
'SUBSTRING(username from 1 for 1) = ?' => $o{firstchar} ) : (),
!$o{firstchar} && defined $o{firstchar} ? (
@@ -45,7 +43,8 @@ sub dbUserGet {
);
my @select = (
- 'u.*',
+ qw|id username mail rank salt registered c_votes c_changes show_nsfw show_list skin customcss ip c_tags|,
+ q|encode(passwd, 'hex') AS passwd|,
$o{what} =~ /stats/ ? (
'(SELECT COUNT(*) FROM rlists WHERE uid = u.id) AS releasecount',
'(SELECT COUNT(DISTINCT rv.vid) FROM rlists rl JOIN releases r ON rl.rid = r.id JOIN releases_vn rv ON rv.rid = r.latest WHERE uid = u.id) AS vncount',
diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm
index ce548a98..b9724964 100644
--- a/lib/VNDB/Util/Auth.pm
+++ b/lib/VNDB/Util/Auth.pm
@@ -5,8 +5,8 @@ package VNDB::Util::Auth;
use strict;
use warnings;
use Exporter 'import';
-use Digest::MD5 'md5';
-use Digest::SHA qw|sha1_hex sha256 sha256_hex|;
+use Digest::MD5 'md5_hex';
+use Digest::SHA qw|sha1_hex sha256_hex|;
use Time::HiRes;
use Encode 'encode_utf8';
use POSIX 'strftime';
@@ -98,11 +98,11 @@ sub _authCheck {
my $d = $self->dbUserGet(username => $user, what => 'mymessages')->[0];
return 0 if !defined $d->{id} || !$d->{rank};
- if(_authEncryptPass($self, $pass, $d->{salt}, 1) eq $d->{passwd}) {
+ if(_authEncryptPass($self, $pass, $d->{salt}) eq $d->{passwd}) {
$self->{_auth} = $d;
return 1;
}
- if(md5($pass) eq $d->{passwd}) {
+ if(md5_hex($pass) eq $d->{passwd}) {
$self->{_auth} = $d;
my %o;
($o{passwd}, $o{salt}) = authPreparePass($self, $pass);
@@ -115,13 +115,11 @@ sub _authCheck {
# Encryption algorithm for user passwords
-# Arguments: self, pass, salt, binary mode
-# Returns: encrypted password
+# Arguments: self, pass, salt
+# Returns: encrypted password (in hex)
sub _authEncryptPass{
my($self, $pass, $salt, $bin) = @_;
- my $str = $self->{global_salt} . encode_utf8($pass) . encode_utf8($salt);
- return sha256($str) if $bin;
- return sha256_hex($str);
+ return sha256_hex($self->{global_salt} . encode_utf8($pass) . encode_utf8($salt));
}