Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Xavier Bachelot
lemonldap-ng
Commits
23ee91c4
Commit
23ee91c4
authored
Dec 22, 2009
by
Yadd
Browse files
Modify _DBI::checkPassword to make it reuseable by another module than AuthDBI
parent
0a618cda
Changes
3
Hide whitespace changes
Inline
Side-by-side
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Downloader.pm
View file @
23ee91c4
...
...
@@ -203,8 +203,8 @@ sub keyToH {
# If $key is not set, uses Lemonldap::NG::Manager::struct().
# If the URL parameter key is set, uses Lemonldap::NG::Manager::cstruct()
# with this parameter.
# This function call itself 1 time if the key is not found using cstruct()
#
using t
he flag $last.
# This function call itself 1 time if the key is not found using cstruct()
.
#
T
he flag $last
is used to avoid loop
.
# @return An array containing :
# - the (sub)structure of the menu
# - the help chapter (using inheritance of the up key)
...
...
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthDBI.pm
View file @
23ee91c4
...
...
@@ -44,17 +44,8 @@ sub authenticate {
return
PE_ERROR
unless
$dbh
;
# Check credentials
my
$user
=
$self
->
{
user
};
my
$password
=
$self
->
{
password
};
# Prevent SQL injection
$user
=~
s/'/''/g
;
$password
=~
s/'/''/g
;
# Password hash
$password
=
$self
->
hash_password
(
$password
,
$self
->
{
dbiAuthPasswordHash
}
);
my
$result
=
$self
->
check_password
(
$user
,
$password
);
if
(
$result
)
{
my
$result
=
$self
->
check_password
(
$dbh
);
if
(
$result
)
{
return
PE_OK
;
}
else
{
...
...
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_DBI.pm
View file @
23ee91c4
...
...
@@ -54,11 +54,8 @@ sub hash_password {
my
$hash
=
shift
;
if
(
$hash
=~
/^(md5|sha|sha1)$/i
)
{
$self
->
lmLog
(
"
Using
"
.
uc
(
$hash
)
.
"
to hash password
",
'
debug
'
);
return
uc
(
$hash
)
.
"
('
$password
')
";
$self
->
lmLog
(
"
Using
"
.
uc
(
$hash
)
.
"
to hash password
",
'
debug
'
);
return
uc
(
$hash
)
.
"
('
$password
')
";
}
else
{
$self
->
lmLog
(
"
No valid password hash, using clear text for password
",
...
...
@@ -75,17 +72,24 @@ sub hash_password {
# @return boolean result
sub
check_password
{
my
$self
=
shift
;
my
$
user
=
shift
;
my
$
password
=
shift
;
my
$
dbh
=
shift
;
my
$
user
=
$self
->
{
user
}
;
my
$password
=
$self
->
{
password
};
my
$table
=
$self
->
{
dbiAuthTable
};
my
$loginCol
=
$self
->
{
dbiAuthLoginCol
};
my
$passwordCol
=
$self
->
{
dbiAuthPasswordCol
};
# Prevent SQL injection
$user
=~
s/'/''/g
;
$password
=~
s/'/''/g
;
# Password hash
$password
=
$self
->
hash_password
(
$password
,
$self
->
{
dbiAuthPasswordHash
}
);
my
@rows
=
();
eval
{
my
$sth
=
$
self
->
{
_
dbh
}
->
prepare
(
"
SELECT
$loginCol
FROM
$table
WHERE
$loginCol
='
$user
' AND
$passwordCol
=
$password
"
my
$sth
=
$dbh
->
prepare
(
"
SELECT
$loginCol
FROM
$table
WHERE
$loginCol
='
$user
' AND
$passwordCol
=
$password
"
);
$sth
->
execute
();
@rows
=
$sth
->
fetchrow_array
();
...
...
@@ -121,7 +125,8 @@ sub modify_password {
my
$passwordCol
=
$self
->
{
dbiAuthPasswordCol
};
eval
{
my
$sth
=
$self
->
{
_dbh
}
->
prepare
(
my
$sth
=
$self
->
{
_dbh
}
->
prepare
(
"
UPDATE
$table
SET
$passwordCol
=
$password
WHERE
$loginCol
='
$user
'
");
$sth
->
execute
();
};
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment