[Weberp-svn] SF.net SVN: weberp:[4666] trunk
Brought to you by:
sotandeka,
tim_schofield
Menu
▾
▴
[Weberp-svn] SF.net SVN: weberp:[4666] trunk
|
From: <tim...@us...> - 2011-03-05 21:52:04
|
Revision: 4666
http://weberp.svn.sourceforge.net/weberp/?rev=4666&view=rev
Author: tim_schofield
Date: 2011-03-05 21:51:58 +0000 (Sat, 05 Mar 2011)
Log Message:
-----------
Remove ability to have plain text passwords as this makes a nonsense of encrypting them
Modified Paths:
--------------
trunk/config.distrib.php
trunk/includes/UserLogin.php
trunk/includes/session.inc
Modified: trunk/config.distrib.php
===================================================================
--- trunk/config.distrib.php 2011-03-05 16:25:09 UTC (rev 4665)
+++ trunk/config.distrib.php 2011-03-05 21:51:58 UTC (rev 4666)
@@ -58,7 +58,6 @@
// which encryption function should be used
//$CryptFunction = "md5"; // MD5 Hash
$CryptFunction = "sha1"; // SHA1 Hash
-//$CryptFunction = ""; // Plain Text
//Setting to 12 or 24 determines the format of the clock display at the end of all screens
$DefaultClock = 12;
Modified: trunk/includes/UserLogin.php
===================================================================
--- trunk/includes/UserLogin.php 2011-03-05 16:25:09 UTC (rev 4665)
+++ trunk/includes/UserLogin.php 2011-03-05 21:51:58 UTC (rev 4666)
@@ -36,11 +36,19 @@
if (!isset($Name) or $Name == '') {
return UL_SHOWLOGIN;
}
+
+ /* Temporary fix for old unencrypted password */
+ $sql="UPDATE www_users
+ SET password='".CryptPass($Password)."'
+ WHERE password='weberp'";
+ $ErrMsg = _('Could not reset password');
+ $Result = DB_query($sql, $db,$ErrMsg);
+ /* End temporary fix */
+
$sql = "SELECT *
FROM www_users
WHERE www_users.userid='" . $Name . "'
- AND (www_users.password='" . CryptPass($Password) . "'
- OR www_users.password='" . $Password . "')";
+ AND (www_users.password='" . CryptPass($Password) . "')";
$ErrMsg = _('Could not retrieve user details on login because');
$debug =1;
$Auth_Result = DB_query($sql, $db,$ErrMsg);
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2011-03-05 16:25:09 UTC (rev 4665)
+++ trunk/includes/session.inc 2011-03-05 21:51:58 UTC (rev 4666)
@@ -303,14 +303,14 @@
$debug = 0; //don't allow debug messages
}
function CryptPass( $Password ) {
- global $CryptFunction;
- if ( $CryptFunction == 'sha1' ) {
- return sha1($Password);
- } elseif ( $CryptFunction == 'md5' ) {
- return md5($Password);
+ global $CryptFunction;
+ if ( $CryptFunction == 'sha1' ) {
+ return sha1($Password);
+ } elseif ( $CryptFunction == 'md5' ) {
+ return md5($Password);
} else {
- return $Password;
- }
+ return false;
+ }
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
