Update of /cvsroot/sandweb/sandweb/lib/SandWeb/Auth
In directory usw-pr-cvs1:/tmp/cvs-serv1216/lib/SandWeb/Auth
Modified Files:
FlatFile.pm
Log Message:
* md5 authentication checked in and enabled.
NOTE: you MUST change your password with sandweb-admin --passwd-user AND
make sure md5.js is installed in your apache's docroot.
Index: FlatFile.pm
===================================================================
RCS file: /cvsroot/sandweb/sandweb/lib/SandWeb/Auth/FlatFile.pm,v
retrieving revision 1.4
retrieving revision 1.5
diff -U2 -r1.4 -r1.5
--- FlatFile.pm 10 Mar 2002 01:56:05 -0000 1.4
+++ FlatFile.pm 11 Mar 2002 19:43:41 -0000 1.5
@@ -22,4 +22,6 @@
package SandWeb::Auth::FlatFile;
+use Digest::MD5 qw(md5_hex);
+
sub new {
my $class = shift;
@@ -39,4 +41,6 @@
my $password = shift;
my $data_dir = shift;
+ my $another_salt = shift;
+
my $log = $self->_logobj();
open (PF, "< $data_dir/passwd") or
@@ -46,7 +50,10 @@
my ($real_username, $uid, $real_password) = split(':', $passwd_file);
if ($username eq $real_username) {
- my $salt = substr($real_password, 0, 2);
+# my $salt = substr($real_password, 0, 2);
chomp($real_password);
- if (crypt($password, $salt) ne $real_password) {
+# $log->debug("real_passwd:$real_password\n");
+# $log->debug("another_salt:$another_salt\n");
+# if (crypt($password, $salt) ne $real_password) {
+ if ($password ne md5_hex($real_password . $another_salt)) {
close PF;
return 0;
|
