summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorchristopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46>2006-11-13 05:53:45 +0000
committerchristopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46>2006-11-13 05:53:45 +0000
commit10a2aa2d8cec3163b6d39208fd9c30a9db7d3bd9 (patch)
tree7a9a65094bc7fb4551e1cb7206ff54e7a770b77b
parentcaa4450ea731a408968ec6f1ef2e285dce3554dd (diff)
fixing double md5()ing of passwords. User::save_member now assumes that a 32 char password that matches the old md5 password means do not change
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@554 4979c152-3d1c-0410-bac9-87ea11338e46
-rwxr-xr-xLedgerSMB/User.pm21
-rwxr-xr-xbin/admin.pl19
2 files changed, 26 insertions, 14 deletions
diff --git a/LedgerSMB/User.pm b/LedgerSMB/User.pm
index 7eb58a45..4bdb0519 100755
--- a/LedgerSMB/User.pm
+++ b/LedgerSMB/User.pm
@@ -146,6 +146,7 @@ sub fetch_config {
$myconfig{'dbport'} = '5432';
}
+ $myconfig{'login'} = $login;
$myconfig{'dbconnect'} = 'dbi:Pg:dbname='.$myconfig{'dbname'}.';host='.$myconfig{'dbhost'}.';port='.$myconfig{'dbport'};
}
@@ -717,10 +718,10 @@ sub save_member {
if($userID){
#got an id, check to see if it's in the users_conf table
- my $userConfCheck = $dbh->prepare("SELECT count(*) FROM users_conf WHERE id = ?");
+ my $userConfCheck = $dbh->prepare("SELECT password, 1 FROM users_conf WHERE id = ?");
$userConfCheck->execute($userID);
- ($userConfExists) = $userConfCheck->fetchrow_array;
+ ($oldPassword, $userConfExists) = $userConfCheck->fetchrow_array;
}
else{
my $userConfAdd = $dbh->prepare("SELECT create_user(?);");
@@ -738,7 +739,7 @@ sub save_member {
dbhost = ?, dbname = ?, dboptions = ?,
dbpasswd = ?, dbport = ?, dbuser = ?,
email = ?, fax = ?, menuwidth = ?,
- name = ?, numberformat = ?, password = md5(?),
+ name = ?, numberformat = ?,
print = ?, printer = ?, role = ?,
sid = ?, signature = ?, stylesheet = ?,
tel = ?, templates = ?, timeout = ?,
@@ -751,13 +752,25 @@ sub save_member {
$self->{dbhost}, $self->{dbname}, $self->{dboptions},
$self->{dbpasswd}, $self->{dbport}, $self->{dbuser},
$self->{email}, $self->{fax}, $self->{menuwidth},
- $self->{name}, $self->{numberformat}, $self->{password},
+ $self->{name}, $self->{numberformat},
$self->{print}, $self->{printer}, $self->{role},
$self->{sid}, $self->{signature}, $self->{stylesheet},
$self->{tel}, $self->{templates}, $self->{timeout},
$self->{vclimit}, $userID);
+ if($oldPassword ne $self->{password}){
+ # if they're supplying a 32 char password that matches their old password
+ # assume they don't want to change passwords
+
+ $userConfUpdate = $dbh->prepare("UPDATE users_conf
+ SET password = md5(?)
+ WHERE id = ?");
+
+ $userConfUpdate->execute($self->{password}, $userID);
+
+ }
+
}
else{
diff --git a/bin/admin.pl b/bin/admin.pl
index e2abd142..872ed72c 100755
--- a/bin/admin.pl
+++ b/bin/admin.pl
@@ -446,7 +446,6 @@ sub form_header {
<tr>
<th align="right">|.$locale->text('Password').qq|</th>
<td><input type="password" name="new_password" size="8" value="$myconfig->{password}" /></td>
- <input type="hidden" name="old_password" value="$myconfig->{password}" />
</tr>
<tr>
<th align="right">|.$locale->text('Name').qq|</th>
@@ -765,8 +764,7 @@ sub save {
$myconfig->{$item} = $form->{$item};
}
- $myconfig->{password} = $form->{old_password};
- $myconfig->{password} = $form->{new_password} if $form->{new_password} ne $form->{old_password};
+ $myconfig->{password} = $form->{new_password};
$myconfig->{timeout} = $form->{newtimeout};
delete $myconfig->{stylesheet};
@@ -1013,18 +1011,19 @@ sub dbselect_source {
<tr>
<th align="right">|.$locale->text('User').qq|</th>
<td><input name="dbuser" size="10" value="$form->{dbuser}" /></td>
-<th align="right">|.$locale->text('Password').qq|</th>
-<td><input type="password" name="dbpasswd" size="10" /></td>
+ <th align="right">|.$locale->text('Password').qq|</th>
+ <td><input type="password" name="dbpasswd" size="10" /></td>
</tr>
<tr>
<th align="right">$form->{connectstring}</th>
<td colspan="3"><input name="dbdefault" size="10" value="$form->{dbdefault}" /></td>
</tr>
-<th align="right">|.$locale->text("Superuser").qq|</th>
- <td><input name="dbsuperuser" size="10" value="$form->{dbsuperuser}" /></td>
-<th align="right">|.$locale->text('Password').qq|</th>
-<td><input type="password" name="dbsuperpasswd" size="10" /></td>
-
+ <tr>
+ <th align="right">|.$locale->text("Superuser").qq|</th>
+ <td><input name="dbsuperuser" size="10" value="$form->{dbsuperuser}" /></td>
+ <th align="right">|.$locale->text('Password').qq|</th>
+ <td><input type="password" name="dbsuperpasswd" size="10" /></td>
+ </tr>
</table>
</td>
</tr>