diff options
| author | terry%mozilla.org <> | 2000-01-18 23:40:18 +0100 |
|---|---|---|
| committer | terry%mozilla.org <> | 2000-01-18 23:40:18 +0100 |
| commit | ca8760339069c50ccbdcf3d92e416f7d1522adf8 (patch) | |
| tree | e2386af360bc276ba659635b80075da04dd24ed4 /CGI.pl | |
| parent | e908456f366483dcc915bafc7036733310ebc6e5 (diff) | |
| download | bugzilla-ca8760339069c50ccbdcf3d92e416f7d1522adf8.tar.gz bugzilla-ca8760339069c50ccbdcf3d92e416f7d1522adf8.tar.xz | |
Stop ever using perl's crypt() function; only use mysql's. (Using
both was causing corruption on about 1 in 40 passwords.)
Diffstat (limited to 'CGI.pl')
| -rw-r--r-- | CGI.pl | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -604,7 +604,10 @@ sub confirm_login { exit; } - my $enteredcryptpwd = crypt($enteredpwd, substr($realcryptpwd, 0, 2)); + SendSQL("SELECT encrypt(" . SqlQuote($enteredpwd) . ", " . + SqlQuote(substr($realcryptpwd, 0, 2)) . ")"); + my $enteredcryptpwd = FetchOneColumn(); + if ($realcryptpwd eq "" || $enteredcryptpwd ne $realcryptpwd) { print "Content-type: text/html\n\n"; PutHeader("Login failed"); |