From 5e9e6a78d3b7ffd177d91dba6602946dbd9a4c09 Mon Sep 17 00:00:00 2001
From: Yorhel <git@yorhel.nl>
Date: Fri, 31 Jul 2009 12:01:35 +0200
Subject: Fetch hex hashes from dbUserGet() and do comparison in hex

For consistency, it's best to do everything related to hashes in
hexadecimal notation in Perl.
---
 lib/VNDB/DB/Users.pm  |  5 ++---
 lib/VNDB/Util/Auth.pm | 16 +++++++---------
 2 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/lib/VNDB/DB/Users.pm b/lib/VNDB/DB/Users.pm
index eaed1234..ae46b896 100644
--- a/lib/VNDB/DB/Users.pm
+++ b/lib/VNDB/DB/Users.pm
@@ -24,8 +24,6 @@ sub dbUserGet {
   my %where = (
     $o{username} ? (
       'username = ?' => $o{username} ) : (),
-    $o{passwd} ? (
-      'passwd = decode(?, \'hex\')' => $o{passwd} ) : (),
     $o{firstchar} ? (
       'SUBSTRING(username from 1 for 1) = ?' => $o{firstchar} ) : (),
     !$o{firstchar} && defined $o{firstchar} ? (
@@ -45,7 +43,8 @@ sub dbUserGet {
   );
 
   my @select = (
-    'u.*',
+    qw|id username mail rank salt registered c_votes c_changes show_nsfw show_list skin customcss ip c_tags|,
+    q|encode(passwd, 'hex') AS passwd|,
     $o{what} =~ /stats/ ? (
       '(SELECT COUNT(*) FROM rlists WHERE uid = u.id) AS releasecount',
       '(SELECT COUNT(DISTINCT rv.vid) FROM rlists rl JOIN releases r ON rl.rid = r.id JOIN releases_vn rv ON rv.rid = r.latest WHERE uid = u.id) AS vncount',
diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm
index ce548a98..b9724964 100644
--- a/lib/VNDB/Util/Auth.pm
+++ b/lib/VNDB/Util/Auth.pm
@@ -5,8 +5,8 @@ package VNDB::Util::Auth;
 use strict;
 use warnings;
 use Exporter 'import';
-use Digest::MD5 'md5';
-use Digest::SHA qw|sha1_hex sha256 sha256_hex|;
+use Digest::MD5 'md5_hex';
+use Digest::SHA qw|sha1_hex sha256_hex|;
 use Time::HiRes;
 use Encode 'encode_utf8';
 use POSIX 'strftime';
@@ -98,11 +98,11 @@ sub _authCheck {
   my $d = $self->dbUserGet(username => $user, what => 'mymessages')->[0];
   return 0 if !defined $d->{id} || !$d->{rank};
 
-  if(_authEncryptPass($self, $pass, $d->{salt}, 1) eq $d->{passwd}) {
+  if(_authEncryptPass($self, $pass, $d->{salt}) eq $d->{passwd}) {
     $self->{_auth} = $d;
     return 1;
   }
-  if(md5($pass) eq $d->{passwd}) {
+  if(md5_hex($pass) eq $d->{passwd}) {
     $self->{_auth} = $d;
     my %o;
     ($o{passwd}, $o{salt}) = authPreparePass($self, $pass);
@@ -115,13 +115,11 @@ sub _authCheck {
 
 
 # Encryption algorithm for user passwords
-# Arguments: self, pass, salt, binary mode
-# Returns: encrypted password
+# Arguments: self, pass, salt
+# Returns: encrypted password (in hex)
 sub _authEncryptPass{
   my($self, $pass, $salt, $bin) = @_;
-  my $str = $self->{global_salt} . encode_utf8($pass) . encode_utf8($salt);
-  return sha256($str) if $bin;
-  return sha256_hex($str);
+  return sha256_hex($self->{global_salt} . encode_utf8($pass) . encode_utf8($salt));
 }
 
 
-- 
cgit v1.2.3