From af7dec7a5e74137c6236364bbab6184f1e971954 Mon Sep 17 00:00:00 2001
From: Yorhel <git@yorhel.nl>
Date: Mon, 22 Aug 2011 10:04:39 +0200
Subject: Removed support for pre-2.6 passwords

Users who haven't logged in since 2009-08-09 will find that their
passwords have been reset. They need to use the password recovery
feature before logging in again.
---
 lib/VNDB/Util/Auth.pm | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

(limited to 'lib/VNDB/Util/Auth.pm')

diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm
index 89807bef..06ed1984 100644
--- a/lib/VNDB/Util/Auth.pm
+++ b/lib/VNDB/Util/Auth.pm
@@ -5,7 +5,6 @@ package VNDB::Util::Auth;
 use strict;
 use warnings;
 use Exporter 'import';
-use Digest::MD5 'md5_hex';
 use Digest::SHA qw|sha1_hex sha256_hex|;
 use Time::HiRes;
 use Encode 'encode_utf8';
@@ -101,19 +100,12 @@ sub _authCheck {
   return 0 if !$user || length($user) > 15 || length($user) < 2 || !$pass;
 
   my $d = $self->dbUserGet(username => $user, what => 'extended notifycount')->[0];
-  return 0 if !$d->{id};
+  return 0 if !$d->{id} || $d->{salt} =~ /^ *$/;
 
   if(_authEncryptPass($self, $pass, $d->{salt}) eq $d->{passwd}) {
     $self->{_auth} = $d;
     return 1;
   }
-  if(md5_hex($pass) eq $d->{passwd}) {
-    $self->{_auth} = $d;
-    my %o;
-    ($o{passwd}, $o{salt}) = authPreparePass($self, $pass);
-    $self->dbUserEdit($d->{id}, %o);
-    return 1;
-  }
 
   return 0;
 }
-- 
cgit v1.2.3