diff options
author | christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> | 2006-11-13 05:53:45 +0000 |
---|---|---|
committer | christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> | 2006-11-13 05:53:45 +0000 |
commit | 10a2aa2d8cec3163b6d39208fd9c30a9db7d3bd9 (patch) | |
tree | 7a9a65094bc7fb4551e1cb7206ff54e7a770b77b | |
parent | caa4450ea731a408968ec6f1ef2e285dce3554dd (diff) |
fixing double md5()ing of passwords. User::save_member now assumes that a 32 char password that matches the old md5 password means do not change
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@554 4979c152-3d1c-0410-bac9-87ea11338e46
-rwxr-xr-x | LedgerSMB/User.pm | 21 | ||||
-rwxr-xr-x | bin/admin.pl | 19 |
2 files changed, 26 insertions, 14 deletions
diff --git a/LedgerSMB/User.pm b/LedgerSMB/User.pm index 7eb58a45..4bdb0519 100755 --- a/LedgerSMB/User.pm +++ b/LedgerSMB/User.pm @@ -146,6 +146,7 @@ sub fetch_config { $myconfig{'dbport'} = '5432'; } + $myconfig{'login'} = $login; $myconfig{'dbconnect'} = 'dbi:Pg:dbname='.$myconfig{'dbname'}.';host='.$myconfig{'dbhost'}.';port='.$myconfig{'dbport'}; } @@ -717,10 +718,10 @@ sub save_member { if($userID){ #got an id, check to see if it's in the users_conf table - my $userConfCheck = $dbh->prepare("SELECT count(*) FROM users_conf WHERE id = ?"); + my $userConfCheck = $dbh->prepare("SELECT password, 1 FROM users_conf WHERE id = ?"); $userConfCheck->execute($userID); - ($userConfExists) = $userConfCheck->fetchrow_array; + ($oldPassword, $userConfExists) = $userConfCheck->fetchrow_array; } else{ my $userConfAdd = $dbh->prepare("SELECT create_user(?);"); @@ -738,7 +739,7 @@ sub save_member { dbhost = ?, dbname = ?, dboptions = ?, dbpasswd = ?, dbport = ?, dbuser = ?, email = ?, fax = ?, menuwidth = ?, - name = ?, numberformat = ?, password = md5(?), + name = ?, numberformat = ?, print = ?, printer = ?, role = ?, sid = ?, signature = ?, stylesheet = ?, tel = ?, templates = ?, timeout = ?, @@ -751,13 +752,25 @@ sub save_member { $self->{dbhost}, $self->{dbname}, $self->{dboptions}, $self->{dbpasswd}, $self->{dbport}, $self->{dbuser}, $self->{email}, $self->{fax}, $self->{menuwidth}, - $self->{name}, $self->{numberformat}, $self->{password}, + $self->{name}, $self->{numberformat}, $self->{print}, $self->{printer}, $self->{role}, $self->{sid}, $self->{signature}, $self->{stylesheet}, $self->{tel}, $self->{templates}, $self->{timeout}, $self->{vclimit}, $userID); + if($oldPassword ne $self->{password}){ + # if they're supplying a 32 char password that matches their old password + # assume they don't want to change passwords + + $userConfUpdate = $dbh->prepare("UPDATE users_conf + SET password = md5(?) + WHERE id = ?"); + + $userConfUpdate->execute($self->{password}, $userID); + + } + } else{ diff --git a/bin/admin.pl b/bin/admin.pl index e2abd142..872ed72c 100755 --- a/bin/admin.pl +++ b/bin/admin.pl @@ -446,7 +446,6 @@ sub form_header { <tr> <th align="right">|.$locale->text('Password').qq|</th> <td><input type="password" name="new_password" size="8" value="$myconfig->{password}" /></td> - <input type="hidden" name="old_password" value="$myconfig->{password}" /> </tr> <tr> <th align="right">|.$locale->text('Name').qq|</th> @@ -765,8 +764,7 @@ sub save { $myconfig->{$item} = $form->{$item}; } - $myconfig->{password} = $form->{old_password}; - $myconfig->{password} = $form->{new_password} if $form->{new_password} ne $form->{old_password}; + $myconfig->{password} = $form->{new_password}; $myconfig->{timeout} = $form->{newtimeout}; delete $myconfig->{stylesheet}; @@ -1013,18 +1011,19 @@ sub dbselect_source { <tr> <th align="right">|.$locale->text('User').qq|</th> <td><input name="dbuser" size="10" value="$form->{dbuser}" /></td> -<th align="right">|.$locale->text('Password').qq|</th> -<td><input type="password" name="dbpasswd" size="10" /></td> + <th align="right">|.$locale->text('Password').qq|</th> + <td><input type="password" name="dbpasswd" size="10" /></td> </tr> <tr> <th align="right">$form->{connectstring}</th> <td colspan="3"><input name="dbdefault" size="10" value="$form->{dbdefault}" /></td> </tr> -<th align="right">|.$locale->text("Superuser").qq|</th> - <td><input name="dbsuperuser" size="10" value="$form->{dbsuperuser}" /></td> -<th align="right">|.$locale->text('Password').qq|</th> -<td><input type="password" name="dbsuperpasswd" size="10" /></td> - + <tr> + <th align="right">|.$locale->text("Superuser").qq|</th> + <td><input name="dbsuperuser" size="10" value="$form->{dbsuperuser}" /></td> + <th align="right">|.$locale->text('Password').qq|</th> + <td><input type="password" name="dbsuperpasswd" size="10" /></td> + </tr> </table> </td> </tr> |