Show
Ignore:
Timestamp:
09/03/05 22:42:52 (7 years ago)
Author:
alexx
Message:
  • Auth: Remove MySQL PASSWORD hashing method to hash password, replace by MD5 hashing, add code to make a smooth transition between hashing method
  • XML engine: Fix a trivial recent bug in dotnode-xml.php
  • Robots: fix a bug in crontab script robots/launch_robots.sh (add cd dirname $0)
  • CSS: Add max_width to image in blog (work on Mozilla/*, Opera but not good on Safari (no proportional resizing), of course, that doesn't work on IE)
  • DB: changing DB structure !!! 
    ALTER TABLE `user` ADD `passwd_md5` CHAR( 32 ) NOT NULL AFTER `passwd` ;
ALTER TABLE `user` CHANGE `passwd` `passwd` VARCHAR( 42 ) NULL ;
ALTER TABLE `dntp_translator` ADD `passwd_md5` CHAR( 32 ) NOT NULL AFTER `passwd` ;
ALTER TABLE `dntp_translator` CHANGE `passwd` `passwd` VARCHAR( 42 ) NULL ;
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/actions/my/password/record.action.php

    r1 r33  
    2323 ******************** http://opensource.ikse.net/projects/dotnode ***/ 
    2424 
    25 $nb = $db->getOne('SELECT COUNT(id) FROM user WHERE id=? AND passwd=PASSWORD(?)', array($_SESSION['my_id'], $_POST['oldpasswd'])); 
    26 //print_r($nb); 
     25$nb = $db->getOne('SELECT COUNT(id) FROM user WHERE id=? AND passwd_md5=?', array($_SESSION['my_id'], md5($_POST['oldpasswd']))); 
     26 
    2727if($nb == 1 || isset($_SESSION['old_password'])) 
    2828{ 
    2929        if($_POST['passwd1'] == $_POST['passwd2'] && strlen($_POST['passwd1']) >3) 
    3030        { 
    31                 $db->query('UPDATE user SET passwd=PASSWORD(?) WHERE id=?', array($_POST['passwd1'], $_SESSION['my_id']) ); 
     31                $db->query('UPDATE user SET passwd_md5=? WHERE id=?', array(md5($_POST['passwd1']), $_SESSION['my_id']) ); 
    3232                header('Location: /my'); 
    3333        }