diff options
author | terry%mozilla.org <> | 2000-01-18 23:40:18 +0100 |
---|---|---|
committer | terry%mozilla.org <> | 2000-01-18 23:40:18 +0100 |
commit | ca8760339069c50ccbdcf3d92e416f7d1522adf8 (patch) | |
tree | e2386af360bc276ba659635b80075da04dd24ed4 /CGI.pl | |
parent | e908456f366483dcc915bafc7036733310ebc6e5 (diff) | |
download | bugzilla-ca8760339069c50ccbdcf3d92e416f7d1522adf8.tar.gz bugzilla-ca8760339069c50ccbdcf3d92e416f7d1522adf8.tar.xz |
Stop ever using perl's crypt() function; only use mysql's. (Using
both was causing corruption on about 1 in 40 passwords.)
Diffstat (limited to 'CGI.pl')
-rw-r--r-- | CGI.pl | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -604,7 +604,10 @@ sub confirm_login { exit; } - my $enteredcryptpwd = crypt($enteredpwd, substr($realcryptpwd, 0, 2)); + SendSQL("SELECT encrypt(" . SqlQuote($enteredpwd) . ", " . + SqlQuote(substr($realcryptpwd, 0, 2)) . ")"); + my $enteredcryptpwd = FetchOneColumn(); + if ($realcryptpwd eq "" || $enteredcryptpwd ne $realcryptpwd) { print "Content-type: text/html\n\n"; PutHeader("Login failed"); |