exit;
}
- my $enteredcryptpwd = crypt($enteredpwd, substr($realcryptpwd, 0, 2));
+ SendSQL("SELECT encrypt(" . SqlQuote($enteredpwd) . ", " .
+ SqlQuote(substr($realcryptpwd, 0, 2)) . ")");
+ my $enteredcryptpwd = FetchOneColumn();
+
if ($realcryptpwd eq "" || $enteredcryptpwd ne $realcryptpwd) {
print "Content-type: text/html\n\n";
PutHeader("Login failed");
my $pwd = $::FORM{'pwd1'};
-sub x {
- my $sc="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./";
- return substr($sc, int (rand () * 100000) % (length ($sc) + 1), 1);
-}
-
if ($pwd ne "") {
if ($pwd !~ /^[a-zA-Z0-9-_]*$/ || length($pwd) < 3 || length($pwd) > 15) {
print "<H1>Sorry; we're picky.</H1>
}
-# Generate a random salt.
-
- my $salt = x() . x();
-
- my $encrypted = crypt($pwd, $salt);
-
- SendSQL("update profiles set password='$pwd',cryptpassword='$encrypted' where login_name=" .
+ my $qpwd = SqlQuote($pwd);
+ SendSQL("UPDATE profiles SET password=$qpwd,cryptpassword=encrypt($qpwd)
+ WHERE login_name = " .
+ SqlQuote($::COOKIE{'Bugzilla_login'}));
+ SendSQL("SELECT cryptpassword FROM profiles WHERE login_name = " .
SqlQuote($::COOKIE{'Bugzilla_login'}));
+ my $encrypted = FetchOneColumn();
SendSQL("update logincookies set cryptpassword = '$encrypted' where cookie = $::COOKIE{'Bugzilla_logincookie'}");
}
}
- sub x {
- my $sc="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./";
- return substr($sc, int (rand () * 100000) % (length ($sc) + 1), 1);
- }
-
- my $salt = x() . x();
- my $cryptpassword = crypt($password, $salt);
-
# Add the new user
SendSQL("INSERT INTO profiles ( " .
"login_name, password, cryptpassword, realname, groupset" .
" ) VALUES ( " .
SqlQuote($user) . "," .
SqlQuote($password) . "," .
- SqlQuote($cryptpassword) . "," .
+ "encrypt(" . SqlQuote($password) . ")," .
SqlQuote($realname) . "," .
$bits . ")" );
projects / thirdparty / bugzilla.git / commitdiff
