From 10a2aa2d8cec3163b6d39208fd9c30a9db7d3bd9 Mon Sep 17 00:00:00 2001 From: christopherm Date: Mon, 13 Nov 2006 05:53:45 +0000 Subject: fixing double md5()ing of passwords. User::save_member now assumes that a 32 char password that matches the old md5 password means do not change git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@554 4979c152-3d1c-0410-bac9-87ea11338e46 --- LedgerSMB/User.pm | 21 +++++++++++++++++---- bin/admin.pl | 19 +++++++++---------- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/LedgerSMB/User.pm b/LedgerSMB/User.pm index 7eb58a45..4bdb0519 100755 --- a/LedgerSMB/User.pm +++ b/LedgerSMB/User.pm @@ -146,6 +146,7 @@ sub fetch_config { $myconfig{'dbport'} = '5432'; } + $myconfig{'login'} = $login; $myconfig{'dbconnect'} = 'dbi:Pg:dbname='.$myconfig{'dbname'}.';host='.$myconfig{'dbhost'}.';port='.$myconfig{'dbport'}; } @@ -717,10 +718,10 @@ sub save_member { if($userID){ #got an id, check to see if it's in the users_conf table - my $userConfCheck = $dbh->prepare("SELECT count(*) FROM users_conf WHERE id = ?"); + my $userConfCheck = $dbh->prepare("SELECT password, 1 FROM users_conf WHERE id = ?"); $userConfCheck->execute($userID); - ($userConfExists) = $userConfCheck->fetchrow_array; + ($oldPassword, $userConfExists) = $userConfCheck->fetchrow_array; } else{ my $userConfAdd = $dbh->prepare("SELECT create_user(?);"); @@ -738,7 +739,7 @@ sub save_member { dbhost = ?, dbname = ?, dboptions = ?, dbpasswd = ?, dbport = ?, dbuser = ?, email = ?, fax = ?, menuwidth = ?, - name = ?, numberformat = ?, password = md5(?), + name = ?, numberformat = ?, print = ?, printer = ?, role = ?, sid = ?, signature = ?, stylesheet = ?, tel = ?, templates = ?, timeout = ?, @@ -751,13 +752,25 @@ sub save_member { $self->{dbhost}, $self->{dbname}, $self->{dboptions}, $self->{dbpasswd}, $self->{dbport}, $self->{dbuser}, $self->{email}, $self->{fax}, $self->{menuwidth}, - $self->{name}, $self->{numberformat}, $self->{password}, + $self->{name}, $self->{numberformat}, $self->{print}, $self->{printer}, $self->{role}, $self->{sid}, $self->{signature}, $self->{stylesheet}, $self->{tel}, $self->{templates}, $self->{timeout}, $self->{vclimit}, $userID); + if($oldPassword ne $self->{password}){ + # if they're supplying a 32 char password that matches their old password + # assume they don't want to change passwords + + $userConfUpdate = $dbh->prepare("UPDATE users_conf + SET password = md5(?) + WHERE id = ?"); + + $userConfUpdate->execute($self->{password}, $userID); + + } + } else{ diff --git a/bin/admin.pl b/bin/admin.pl index e2abd142..872ed72c 100755 --- a/bin/admin.pl +++ b/bin/admin.pl @@ -446,7 +446,6 @@ sub form_header { |.$locale->text('Password').qq| - |.$locale->text('Name').qq| @@ -765,8 +764,7 @@ sub save { $myconfig->{$item} = $form->{$item}; } - $myconfig->{password} = $form->{old_password}; - $myconfig->{password} = $form->{new_password} if $form->{new_password} ne $form->{old_password}; + $myconfig->{password} = $form->{new_password}; $myconfig->{timeout} = $form->{newtimeout}; delete $myconfig->{stylesheet}; @@ -1013,18 +1011,19 @@ sub dbselect_source { |.$locale->text('User').qq| -|.$locale->text('Password').qq| - + |.$locale->text('Password').qq| + $form->{connectstring} -|.$locale->text("Superuser").qq| - -|.$locale->text('Password').qq| - - + + |.$locale->text("Superuser").qq| + + |.$locale->text('Password').qq| + + -- cgit v1.2.3