diff options
author | tetragon <tetragon@4979c152-3d1c-0410-bac9-87ea11338e46> | 2006-11-22 05:30:04 +0000 |
---|---|---|
committer | tetragon <tetragon@4979c152-3d1c-0410-bac9-87ea11338e46> | 2006-11-22 05:30:04 +0000 |
commit | 009726fc8d3de1044b964195809bc6946de816b6 (patch) | |
tree | c90e3f3ca0b0eff7ecabd59ed5084411cd2adccf | |
parent | 35013e3feb3261f2d2f8c41bbe5e7052ac966ee1 (diff) |
Adding check for determining that the requested user is the retreived user
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@679 4979c152-3d1c-0410-bac9-87ea11338e46
-rwxr-xr-x | LedgerSMB/Session/DB.pm | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/LedgerSMB/Session/DB.pm b/LedgerSMB/Session/DB.pm index f69418cd..ecd87814 100755 --- a/LedgerSMB/Session/DB.pm +++ b/LedgerSMB/Session/DB.pm @@ -219,16 +219,19 @@ sub password_check { # use the central database handle my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH}; - my $fetchPassword = $dbh->prepare("SELECT uc.password, uc.crypted_password + my $fetchPassword = $dbh->prepare("SELECT u.username, uc.password, uc.crypted_password FROM users as u, users_conf as uc WHERE u.username = ? AND u.id = uc.id;"); $fetchPassword->execute($username) || $form->dberror(__FILE__.':'.__LINE__.': Fetching password : '); - my ($md5Password, $cryptPassword) = $fetchPassword->fetchrow_array; + my ($dbusername, $md5Password, $cryptPassword) = $fetchPassword->fetchrow_array; - if ($cryptPassword){ + if ($dbusername ne $username) { + # User data retrieved from db not for the requested user + return 0; + } elsif ($cryptPassword){ #First time login from old system, check crypted password if ((crypt $password, substr($username, 0, 2)) eq $cryptPassword) { @@ -250,12 +253,12 @@ sub password_check { return 0; #password failed } - }elsif ($md5Password){ + } elsif ($md5Password){ if ($md5Password ne (Digest::MD5::md5_hex $password) ) { return 0; } - else{ + else { return 1; } |