Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#8 Refactor md5 password to single place

Patches
closed
nobody
5
2012-09-25
2003-03-26
Nathan Dial
No

the current cvs code (I updated just a few minutes ago)
calls the md5() function on the password whenever it
calls the LoginUser function. I refactored the code to
pass a clear password to the LoginUser function and
call md5 there before it is passed to the database.
This makes the code cleaner and more flexible for
different authentication mechanisms. Here is a cvs
diff. As you can see the changes are small and easy to
identify.

Index: class/xml/rpc/xmlrpcapi.php

RCS file:
/cvsroot/xoops/xoops2/class/xml/rpc/xmlrpcapi.php,v
retrieving revision 1.6
diff -r1.6 xmlrpcapi.php
76c76
< $this->user =&
$member_handler->loginUser($username, md5($password));


> $this->user =&
$member_handler->loginUser($username, $password);
Index: extras/login.php
===================================================================
RCS file: /cvsroot/xoops/xoops2/extras/login.php,v
retrieving revision 1.2
diff -r1.2 login.php
43c43
< $user =&
$member_handler->loginUser(addslashes($myts->stripSlashesGPC($username)),
addslashes(md5($myts->stripSlashesGPC($password))));


> $user =&
$member_handler->loginUser(addslashes($myts->stripSlashesGPC($username)),
addslashes($myts->stripSlashesGPC($password)));
Index: include/checklogin.php
===================================================================
RCS file: /cvsroot/xoops/xoops2/include/checklogin.php,v
retrieving revision 1.9
diff -r1.9 checklogin.php
44c44
< $user =&
$member_handler->loginUser(addslashes($myts->stripSlashesGPC($uname)),
addslashes(md5($myts->stripSlashesGPC($pass))));


> $user =&
$member_handler->loginUser(addslashes($myts->stripSlashesGPC($uname)),
addslashes($myts->stripSlashesGPC($pass)));
Index: kernel/member.php
===================================================================
RCS file: /cvsroot/xoops/xoops2/kernel/member.php,v
retrieving revision 1.4
diff -r1.4 member.php
313c313
< function &loginUser($uname, $md5pwd)


> function &loginUser($uname, $clearPwd)
316c316
< $criteria->add(new Criteria('pass', $md5pwd));


> $criteria->add(new Criteria('pass',
md5($clearPwd)));

Discussion

  • Kazumi Ono
    Kazumi Ono
    2003-04-11

    Logged In: YES
    user_id=669367

    Thanks. It has been merged with the core now.