Show
Ignore:
Timestamp:
09/03/05 22:42:52 (7 years ago)
Author:
alexx
Message:
  • Auth: Remove MySQL PASSWORD hashing method to hash password, replace by MD5 hashing, add code to make a smooth transition between hashing method
  • XML engine: Fix a trivial recent bug in dotnode-xml.php
  • Robots: fix a bug in crontab script robots/launch_robots.sh (add cd dirname $0)
  • CSS: Add max_width to image in blog (work on Mozilla/*, Opera but not good on Safari (no proportional resizing), of course, that doesn't work on IE)
  • DB: changing DB structure !!! 
    ALTER TABLE `user` ADD `passwd_md5` CHAR( 32 ) NOT NULL AFTER `passwd` ;
ALTER TABLE `user` CHANGE `passwd` `passwd` VARCHAR( 42 ) NULL ;
ALTER TABLE `dntp_translator` ADD `passwd_md5` CHAR( 32 ) NOT NULL AFTER `passwd` ;
ALTER TABLE `dntp_translator` CHANGE `passwd` `passwd` VARCHAR( 42 ) NULL ;
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/actions_dntp/login.action.php

    r1 r33  
    2626if( $_POST['login'] && $_POST['passwd']) 
    2727{ 
    28         $values = array( $_POST['login'], $_POST['passwd'] ); 
    2928 
    30                 $user =& $db->getRow('SELECT id_translator, login, status, lang, level FROM dntp_translator WHERE login=? AND passwd=PASSWORD(?)', $values); 
    31         if( $user ) 
     29        $user =& $db->getRow('SELECT id_translator, login, status, lang, level FROM dntp_translator WHERE login=? AND (passwd_md5=? OR passwd=OLD_PASSWORD(?))', array( $_POST['login'], md5($_POST['passwd'], $_POST['passwd']))); 
     30         
     31        if( $user['id'] ) 
    3232        { 
     33                if(!is_null($user['passwd'])) 
     34                        $db->query('UPDATE dntp_translator SET passwd_md5=?, passwd=NULL WHERE id=?', array(md5($_POST['passwd']), $user['id'])); 
     35                                         
    3336                @session_destroy(); 
    3437