summaryrefslogtreecommitdiff
path: root/LedgerSMB
diff options
context:
space:
mode:
authorchristopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46>2006-11-13 05:53:45 +0000
committerchristopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46>2006-11-13 05:53:45 +0000
commit10a2aa2d8cec3163b6d39208fd9c30a9db7d3bd9 (patch)
tree7a9a65094bc7fb4551e1cb7206ff54e7a770b77b /LedgerSMB
parentcaa4450ea731a408968ec6f1ef2e285dce3554dd (diff)
fixing double md5()ing of passwords. User::save_member now assumes that a 32 char password that matches the old md5 password means do not change
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@554 4979c152-3d1c-0410-bac9-87ea11338e46
Diffstat (limited to 'LedgerSMB')
-rwxr-xr-xLedgerSMB/User.pm21
1 files changed, 17 insertions, 4 deletions
diff --git a/LedgerSMB/User.pm b/LedgerSMB/User.pm
index 7eb58a45..4bdb0519 100755
--- a/LedgerSMB/User.pm
+++ b/LedgerSMB/User.pm
@@ -146,6 +146,7 @@ sub fetch_config {
$myconfig{'dbport'} = '5432';
}
+ $myconfig{'login'} = $login;
$myconfig{'dbconnect'} = 'dbi:Pg:dbname='.$myconfig{'dbname'}.';host='.$myconfig{'dbhost'}.';port='.$myconfig{'dbport'};
}
@@ -717,10 +718,10 @@ sub save_member {
if($userID){
#got an id, check to see if it's in the users_conf table
- my $userConfCheck = $dbh->prepare("SELECT count(*) FROM users_conf WHERE id = ?");
+ my $userConfCheck = $dbh->prepare("SELECT password, 1 FROM users_conf WHERE id = ?");
$userConfCheck->execute($userID);
- ($userConfExists) = $userConfCheck->fetchrow_array;
+ ($oldPassword, $userConfExists) = $userConfCheck->fetchrow_array;
}
else{
my $userConfAdd = $dbh->prepare("SELECT create_user(?);");
@@ -738,7 +739,7 @@ sub save_member {
dbhost = ?, dbname = ?, dboptions = ?,
dbpasswd = ?, dbport = ?, dbuser = ?,
email = ?, fax = ?, menuwidth = ?,
- name = ?, numberformat = ?, password = md5(?),
+ name = ?, numberformat = ?,
print = ?, printer = ?, role = ?,
sid = ?, signature = ?, stylesheet = ?,
tel = ?, templates = ?, timeout = ?,
@@ -751,13 +752,25 @@ sub save_member {
$self->{dbhost}, $self->{dbname}, $self->{dboptions},
$self->{dbpasswd}, $self->{dbport}, $self->{dbuser},
$self->{email}, $self->{fax}, $self->{menuwidth},
- $self->{name}, $self->{numberformat}, $self->{password},
+ $self->{name}, $self->{numberformat},
$self->{print}, $self->{printer}, $self->{role},
$self->{sid}, $self->{signature}, $self->{stylesheet},
$self->{tel}, $self->{templates}, $self->{timeout},
$self->{vclimit}, $userID);
+ if($oldPassword ne $self->{password}){
+ # if they're supplying a 32 char password that matches their old password
+ # assume they don't want to change passwords
+
+ $userConfUpdate = $dbh->prepare("UPDATE users_conf
+ SET password = md5(?)
+ WHERE id = ?");
+
+ $userConfUpdate->execute($self->{password}, $userID);
+
+ }
+
}
else{