[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb: [554] trunk

Subject: SF.net SVN: ledger-smb: [554] trunk
From: ..hidden..
Date: Sun, 12 Nov 2006 21:53:48 -0800
Revision: 554
          http://svn.sourceforge.net/ledger-smb/?rev=554&view=rev
Author:   christopherm
Date:     2006-11-12 21:53:45 -0800 (Sun, 12 Nov 2006)

Log Message:
-----------
fixing double md5()ing of passwords. User::save_member now assumes that a 32 char password that matches the old md5 password means do not change

Modified Paths:
--------------
    trunk/LedgerSMB/User.pm
    trunk/bin/admin.pl

Modified: trunk/LedgerSMB/User.pm
===================================================================
--- trunk/LedgerSMB/User.pm	2006-11-13 05:06:04 UTC (rev 553)
+++ trunk/LedgerSMB/User.pm	2006-11-13 05:53:45 UTC (rev 554)
@@ -146,6 +146,7 @@
 			$myconfig{'dbport'} = '5432';
 		}
 
+		$myconfig{'login'} = $login;
 		$myconfig{'dbconnect'} = 'dbi:Pg:dbname='.$myconfig{'dbname'}.';host='.$myconfig{'dbhost'}.';port='.$myconfig{'dbport'};
 	}
  
@@ -717,10 +718,10 @@
 
 	if($userID){
 		#got an id, check to see if it's in the users_conf table
-		my $userConfCheck = $dbh->prepare("SELECT count(*) FROM users_conf WHERE id = ?");
+		my $userConfCheck = $dbh->prepare("SELECT password, 1 FROM users_conf WHERE id = ?");
 		$userConfCheck->execute($userID);
 
-		($userConfExists) = $userConfCheck->fetchrow_array;
+		($oldPassword, $userConfExists) = $userConfCheck->fetchrow_array;
 	}
 	else{
 		my $userConfAdd = $dbh->prepare("SELECT create_user(?);");
@@ -738,7 +739,7 @@
 												   dbhost = ?, dbname = ?, dboptions = ?, 
 												   dbpasswd = ?, dbport = ?, dbuser = ?,
 												   email = ?, fax = ?, menuwidth = ?,
-												   name = ?, numberformat = ?, password = md5(?),
+												   name = ?, numberformat = ?,
 												   print = ?, printer = ?, role = ?,
 												   sid = ?, signature = ?, stylesheet = ?,
 												   tel = ?, templates = ?, timeout = ?,
@@ -751,13 +752,25 @@
 								 $self->{dbhost}, $self->{dbname}, $self->{dboptions}, 
 								 $self->{dbpasswd}, $self->{dbport}, $self->{dbuser}, 
 								 $self->{email}, $self->{fax}, $self->{menuwidth},
-								 $self->{name}, $self->{numberformat}, $self->{password}, 
+								 $self->{name}, $self->{numberformat}, 
 								 $self->{print}, $self->{printer}, $self->{role}, 
 								 $self->{sid}, $self->{signature}, $self->{stylesheet},
 								 $self->{tel}, $self->{templates}, $self->{timeout}, 
 								 $self->{vclimit}, $userID);
 	  
 
+		if($oldPassword ne $self->{password}){
+			# if they're supplying a 32 char password that matches their old password
+			# assume they don't want to change passwords
+
+			$userConfUpdate = $dbh->prepare("UPDATE users_conf
+												SET password = md5(?)
+											  WHERE id = ?");
+
+			$userConfUpdate->execute($self->{password}, $userID);
+
+		}
+
 	}
 	else{
 

Modified: trunk/bin/admin.pl
===================================================================
--- trunk/bin/admin.pl	2006-11-13 05:06:04 UTC (rev 553)
+++ trunk/bin/admin.pl	2006-11-13 05:53:45 UTC (rev 554)
@@ -446,7 +446,6 @@
 					<tr>
 						<th align="right">|.$locale->text('Password').qq|</th>
 						<td><input type="password" name="new_password" size="8" value="$myconfig->{password}" /></td>
-						<input type="hidden" name="old_password" value="$myconfig->{password}" />
 					</tr>
 					<tr>
 						<th align="right">|.$locale->text('Name').qq|</th>
@@ -765,8 +764,7 @@
 		$myconfig->{$item} = $form->{$item};
 	}
 
-	$myconfig->{password} = $form->{old_password};
-	$myconfig->{password} = $form->{new_password} if $form->{new_password} ne $form->{old_password};
+	$myconfig->{password} = $form->{new_password};
 	$myconfig->{timeout} = $form->{newtimeout};
 
 	delete $myconfig->{stylesheet};
@@ -1013,18 +1011,19 @@
 									<tr>
 										<th align="right">|.$locale->text('User').qq|</th>
 										<td><input name="dbuser" size="10" value="$form->{dbuser}" /></td>
-<th align="right">|.$locale->text('Password').qq|</th>				
-<td><input type="password" name="dbpasswd" size="10" /></td>
+										<th align="right">|.$locale->text('Password').qq|</th>				
+										<td><input type="password" name="dbpasswd" size="10" /></td>
 									</tr>
 									<tr>
 										<th align="right">$form->{connectstring}</th>
 										<td colspan="3"><input name="dbdefault" size="10" value="$form->{dbdefault}" /></td>
 									</tr>
-<th align="right">|.$locale->text("Superuser").qq|</th>
- <td><input name="dbsuperuser" size="10" value="$form->{dbsuperuser}" /></td>
-<th align="right">|.$locale->text('Password').qq|</th>				
-<td><input type="password" name="dbsuperpasswd" size="10" /></td>
-
+									<tr>
+										<th align="right">|.$locale->text("Superuser").qq|</th>
+										 <td><input name="dbsuperuser" size="10" value="$form->{dbsuperuser}" /></td>
+										<th align="right">|.$locale->text('Password').qq|</th>				
+										<td><input type="password" name="dbsuperpasswd" size="10" /></td>
+									</tr>
 								</table>
 							</td>
 						</tr>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
Prev by Date: SF.net SVN: ledger-smb: [519] trunk/common.pl
Next by Date: SF.net SVN: ledger-smb: [567] trunk/doc/release_notes
Previous by thread: SF.net SVN: ledger-smb: [519] trunk/common.pl
Next by thread: SF.net SVN: ledger-smb: [567] trunk/doc/release_notes
Index(es):
- Date
- Thread