Show
Ignore:
Timestamp:
09/03/05 22:42:52 (7 years ago)
Author:
alexx
Message:
  • Auth: Remove MySQL PASSWORD hashing method to hash password, replace by MD5 hashing, add code to make a smooth transition between hashing method
  • XML engine: Fix a trivial recent bug in dotnode-xml.php
  • Robots: fix a bug in crontab script robots/launch_robots.sh (add cd dirname $0)
  • CSS: Add max_width to image in blog (work on Mozilla/*, Opera but not good on Safari (no proportional resizing), of course, that doesn't work on IE)
  • DB: changing DB structure !!! 
    ALTER TABLE `user` ADD `passwd_md5` CHAR( 32 ) NOT NULL AFTER `passwd` ;
ALTER TABLE `user` CHANGE `passwd` `passwd` VARCHAR( 42 ) NULL ;
ALTER TABLE `dntp_translator` ADD `passwd_md5` CHAR( 32 ) NOT NULL AFTER `passwd` ;
ALTER TABLE `dntp_translator` CHANGE `passwd` `passwd` VARCHAR( 42 ) NULL ;
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/actions/login.action.php

    r1 r33  
    2626if( $_POST['login'] && $_POST['passwd']) 
    2727{ 
    28         $values = array( $_POST['login'], $_POST['passwd'] ); 
     28        $user =& $db->getRow('SELECT id, login, fname, lname, nick, status, passwd FROM user WHERE login=? AND (passwd_md5=? OR passwd=OLD_PASSWORD(?))', array( $_POST['login'], md5($_POST['passwd']), $_POST['passwd'])); 
    2929 
    30         $user =& $db->getRow('SELECT id, login, fname, lname, nick, status FROM user WHERE login=? AND passwd=PASSWORD(?)', $values); 
    31         if( $user ) 
     30        if( $user['id'] ) 
    3231        { 
     32                // If success with old password hashing method, update new passwd_md5 field 
     33                if(!is_null($user['passwd'])) 
     34                        $db->query('UPDATE user SET passwd_md5=?, passwd=NULL WHERE id=?', array(md5($_POST['passwd']), $user['id'])); 
     35         
    3336                session_destroy(); 
    3437                session_set_save_handler ('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');