[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb: [679] branches/1.2/LedgerSMB/Session/DB.pm
- Subject: SF.net SVN: ledger-smb: [679] branches/1.2/LedgerSMB/Session/DB.pm
- From: ..hidden..
- Date: Tue, 21 Nov 2006 21:30:09 -0800
Revision: 679
http://svn.sourceforge.net/ledger-smb/?rev=679&view=rev
Author: tetragon
Date: 2006-11-21 21:30:04 -0800 (Tue, 21 Nov 2006)
Log Message:
-----------
Adding check for determining that the requested user is the retreived user
Modified Paths:
--------------
branches/1.2/LedgerSMB/Session/DB.pm
Modified: branches/1.2/LedgerSMB/Session/DB.pm
===================================================================
--- branches/1.2/LedgerSMB/Session/DB.pm 2006-11-21 06:56:08 UTC (rev 678)
+++ branches/1.2/LedgerSMB/Session/DB.pm 2006-11-22 05:30:04 UTC (rev 679)
@@ -219,16 +219,19 @@
# use the central database handle
my $dbh = ${LedgerSMB::Sysconfig::GLOBALDBH};
- my $fetchPassword = $dbh->prepare("SELECT uc.password, uc.crypted_password
+ my $fetchPassword = $dbh->prepare("SELECT u.username, uc.password, uc.crypted_password
FROM users as u, users_conf as uc
WHERE u.username = ?
AND u.id = uc.id;");
$fetchPassword->execute($username) || $form->dberror(__FILE__.':'.__LINE__.': Fetching password : ');
- my ($md5Password, $cryptPassword) = $fetchPassword->fetchrow_array;
+ my ($dbusername, $md5Password, $cryptPassword) = $fetchPassword->fetchrow_array;
- if ($cryptPassword){
+ if ($dbusername ne $username) {
+ # User data retrieved from db not for the requested user
+ return 0;
+ } elsif ($cryptPassword){
#First time login from old system, check crypted password
if ((crypt $password, substr($username, 0, 2)) eq $cryptPassword) {
@@ -250,12 +253,12 @@
return 0; #password failed
}
- }elsif ($md5Password){
+ } elsif ($md5Password){
if ($md5Password ne (Digest::MD5::md5_hex $password) ) {
return 0;
}
- else{
+ else {
return 1;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.