diff options
| author | christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> | 2006-11-13 05:53:45 +0000 |
|---|---|---|
| committer | christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> | 2006-11-13 05:53:45 +0000 |
| commit | 10a2aa2d8cec3163b6d39208fd9c30a9db7d3bd9 (patch) | |
| tree | 7a9a65094bc7fb4551e1cb7206ff54e7a770b77b /LedgerSMB/User.pm | |
| parent | caa4450ea731a408968ec6f1ef2e285dce3554dd (diff) | |
fixing double md5()ing of passwords. User::save_member now assumes that a 32 char password that matches the old md5 password means do not change
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@554 4979c152-3d1c-0410-bac9-87ea11338e46
Diffstat (limited to 'LedgerSMB/User.pm')
| -rwxr-xr-x | LedgerSMB/User.pm | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/LedgerSMB/User.pm b/LedgerSMB/User.pm index 7eb58a45..4bdb0519 100755 --- a/LedgerSMB/User.pm +++ b/LedgerSMB/User.pm @@ -146,6 +146,7 @@ sub fetch_config { $myconfig{'dbport'} = '5432'; } + $myconfig{'login'} = $login; $myconfig{'dbconnect'} = 'dbi:Pg:dbname='.$myconfig{'dbname'}.';host='.$myconfig{'dbhost'}.';port='.$myconfig{'dbport'}; } @@ -717,10 +718,10 @@ sub save_member { if($userID){ #got an id, check to see if it's in the users_conf table - my $userConfCheck = $dbh->prepare("SELECT count(*) FROM users_conf WHERE id = ?"); + my $userConfCheck = $dbh->prepare("SELECT password, 1 FROM users_conf WHERE id = ?"); $userConfCheck->execute($userID); - ($userConfExists) = $userConfCheck->fetchrow_array; + ($oldPassword, $userConfExists) = $userConfCheck->fetchrow_array; } else{ my $userConfAdd = $dbh->prepare("SELECT create_user(?);"); @@ -738,7 +739,7 @@ sub save_member { dbhost = ?, dbname = ?, dboptions = ?, dbpasswd = ?, dbport = ?, dbuser = ?, email = ?, fax = ?, menuwidth = ?, - name = ?, numberformat = ?, password = md5(?), + name = ?, numberformat = ?, print = ?, printer = ?, role = ?, sid = ?, signature = ?, stylesheet = ?, tel = ?, templates = ?, timeout = ?, @@ -751,13 +752,25 @@ sub save_member { $self->{dbhost}, $self->{dbname}, $self->{dboptions}, $self->{dbpasswd}, $self->{dbport}, $self->{dbuser}, $self->{email}, $self->{fax}, $self->{menuwidth}, - $self->{name}, $self->{numberformat}, $self->{password}, + $self->{name}, $self->{numberformat}, $self->{print}, $self->{printer}, $self->{role}, $self->{sid}, $self->{signature}, $self->{stylesheet}, $self->{tel}, $self->{templates}, $self->{timeout}, $self->{vclimit}, $userID); + if($oldPassword ne $self->{password}){ + # if they're supplying a 32 char password that matches their old password + # assume they don't want to change passwords + + $userConfUpdate = $dbh->prepare("UPDATE users_conf + SET password = md5(?) + WHERE id = ?"); + + $userConfUpdate->execute($self->{password}, $userID); + + } + } else{ |