[geeklog-cvs] Geeklog-1.x/system lib-security.php, 1.59, 1.60 lib-user.php, 1.44, 1.45
Dirk Haun
dhaun at qs1489.pair.com
Sun Dec 9 13:05:41 EST 2007
Update of /cvsroot/geeklog/Geeklog-1.x/system
In directory qs1489.pair.com:/tmp/cvs-serv36406/system
Modified Files:
lib-security.php lib-user.php
Log Message:
New function SEC_encryptPassword() to get all the direct calls to md5() out of the core code and give us a chance to switch to some other encryption method in the future.
Index: lib-user.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/system/lib-user.php,v
retrieving revision 1.44
retrieving revision 1.45
diff -C2 -d -r1.44 -r1.45
*** lib-user.php 25 Nov 2007 06:55:07 -0000 1.44
--- lib-user.php 9 Dec 2007 18:05:39 -0000 1.45
***************
*** 3,7 ****
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
! // | Geeklog 1.4 |
// +---------------------------------------------------------------------------+
// | lib-user.php |
--- 3,7 ----
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
! // | Geeklog 1.5 |
// +---------------------------------------------------------------------------+
// | lib-user.php |
***************
*** 147,151 ****
$passwd = md5 ($passwd);
$passwd = substr ($passwd, 1, 8);
! $passwd2 = md5 ($passwd);
DB_change ($_TABLES['users'], 'passwd', "$passwd2", 'uid', $uid);
--- 147,151 ----
$passwd = md5 ($passwd);
$passwd = substr ($passwd, 1, 8);
! $passwd2 = SEC_encryptPassword($passwd);
DB_change ($_TABLES['users'], 'passwd', "$passwd2", 'uid', $uid);
Index: lib-security.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/system/lib-security.php,v
retrieving revision 1.59
retrieving revision 1.60
diff -C2 -d -r1.59 -r1.60
*** lib-security.php 25 Nov 2007 06:55:07 -0000 1.59
--- lib-security.php 9 Dec 2007 18:05:39 -0000 1.60
***************
*** 3,7 ****
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
! // | Geeklog 1.4 |
// +---------------------------------------------------------------------------+
// | lib-security.php |
--- 3,7 ----
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
! // | Geeklog 1.5 |
// +---------------------------------------------------------------------------+
// | lib-security.php |
***************
*** 9,18 ****
// | Geeklog security library. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2006 by the following authors: |
// | |
! // | Authors: Tony Bibbs - tony at tonybibbs.com |
! // | Mark Limburg - mlimburg at users.sourceforge.net |
! // | Vincent Furia - vmf at abtech.org |
! // | Michael Jervis - mike at fuckingbrit.com |
// +---------------------------------------------------------------------------+
// | |
--- 9,18 ----
// | Geeklog security library. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2007 by the following authors: |
// | |
! // | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
! // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net |
! // | Vincent Furia - vmf AT abtech DOT org |
! // | Michael Jervis - mike AT fuckingbrit DOT com |
// +---------------------------------------------------------------------------+
// | |
***************
*** 702,706 ****
{
return USER_ACCOUNT_DISABLED; // banned, jump to here to save an md5 calc.
! } elseif ($U['passwd'] != md5( $password )) {
return -1; // failed login
} elseif ($U['status'] == USER_ACCOUNT_AWAITING_APPROVAL) {
--- 702,706 ----
{
return USER_ACCOUNT_DISABLED; // banned, jump to here to save an md5 calc.
! } elseif ($U['passwd'] != SEC_encryptPassword( $password )) {
return -1; // failed login
} elseif ($U['status'] == USER_ACCOUNT_AWAITING_APPROVAL) {
***************
*** 803,807 ****
$uid = $U['uid'];
$mypass = $U['passwd']; // also used to see if the user existed later.
! if ($mypass == md5($passwd))
{
/* Valid password for cached user, return status */
--- 803,807 ----
$uid = $U['uid'];
$mypass = $U['passwd']; // also used to see if the user existed later.
! if ($mypass == SEC_encryptPassword($passwd))
{
/* Valid password for cached user, return status */
***************
*** 832,836 ****
}
}
! USER_createAccount($loginname, $authmodule->email, md5($passwd), $authmodule->fullname, $authmodule->homepage, $remoteusername, $service);
$uid = DB_getItem ($_TABLES['users'], 'uid', "remoteusername = '$remoteusername' AND remoteservice='$service'");
// Store full remote account name:
--- 832,836 ----
}
}
! USER_createAccount($loginname, $authmodule->email, SEC_encryptPassword($passwd), $authmodule->fullname, $authmodule->homepage, $remoteusername, $service);
$uid = DB_getItem ($_TABLES['users'], 'uid', "remoteusername = '$remoteusername' AND remoteservice='$service'");
// Store full remote account name:
***************
*** 845,849 ****
} else {
// user existed, update local password:
! DB_Change($_TABLES['users'], 'passwd', md5($passwd), array('remoteusername','remoteservice'), array($remoteusername,$service));
// and return their status
return DB_getItem($_TABLES['users'], 'status', "remoteusername='$remoteusername' AND remoteservice='$service'");
--- 845,849 ----
} else {
// user existed, update local password:
! DB_Change($_TABLES['users'], 'passwd', SEC_encryptPassword($passwd), array('remoteusername','remoteservice'), array($remoteusername,$service));
// and return their status
return DB_getItem($_TABLES['users'], 'status', "remoteusername='$remoteusername' AND remoteservice='$service'");
***************
*** 1020,1023 ****
--- 1020,1039 ----
return $groupdd;
+ }
+
+ /**
+ * Encrypt password
+ *
+ * For now, this is only a wrapper function to get all the direct calls to
+ * md5() out of the core code so that we can switch to another method of
+ * encoding / encrypting our passwords in some future release ...
+ *
+ * @param string $password the password to encrypt, in clear text
+ * @return string encrypted password
+ *
+ */
+ function SEC_encryptPassword($password)
+ {
+ return md5($password);
}
More information about the geeklog-cvs
mailing list