diff options
| author | terry%mozilla.org <> | 2000-01-18 23:40:18 +0100 |
|---|---|---|
| committer | terry%mozilla.org <> | 2000-01-18 23:40:18 +0100 |
| commit | ca8760339069c50ccbdcf3d92e416f7d1522adf8 (patch) | |
| tree | e2386af360bc276ba659635b80075da04dd24ed4 /changepassword.cgi | |
| parent | e908456f366483dcc915bafc7036733310ebc6e5 (diff) | |
| download | bugzilla-ca8760339069c50ccbdcf3d92e416f7d1522adf8.tar.gz bugzilla-ca8760339069c50ccbdcf3d92e416f7d1522adf8.tar.xz | |
Stop ever using perl's crypt() function; only use mysql's. (Using
both was causing corruption on about 1 in 40 passwords.)
Diffstat (limited to 'changepassword.cgi')
| -rwxr-xr-x | changepassword.cgi | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/changepassword.cgi b/changepassword.cgi index d62259ac5..93b736e55 100755 --- a/changepassword.cgi +++ b/changepassword.cgi @@ -102,11 +102,6 @@ The two passwords you entered did not match. Please click <b>Back</b> and try a my $pwd = $::FORM{'pwd1'}; -sub x { - my $sc="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./"; - return substr($sc, int (rand () * 100000) % (length ($sc) + 1), 1); -} - if ($pwd ne "") { if ($pwd !~ /^[a-zA-Z0-9-_]*$/ || length($pwd) < 3 || length($pwd) > 15) { print "<H1>Sorry; we're picky.</H1> @@ -119,14 +114,13 @@ Please click <b>Back</b> and try again.\n"; } -# Generate a random salt. - - my $salt = x() . x(); - - my $encrypted = crypt($pwd, $salt); - - SendSQL("update profiles set password='$pwd',cryptpassword='$encrypted' where login_name=" . + my $qpwd = SqlQuote($pwd); + SendSQL("UPDATE profiles SET password=$qpwd,cryptpassword=encrypt($qpwd) + WHERE login_name = " . + SqlQuote($::COOKIE{'Bugzilla_login'})); + SendSQL("SELECT cryptpassword FROM profiles WHERE login_name = " . SqlQuote($::COOKIE{'Bugzilla_login'})); + my $encrypted = FetchOneColumn(); SendSQL("update logincookies set cryptpassword = '$encrypted' where cookie = $::COOKIE{'Bugzilla_logincookie'}"); } |