diff options
| author | travis%sedsystems.ca <> | 2005-02-01 04:26:00 +0100 |
|---|---|---|
| committer | travis%sedsystems.ca <> | 2005-02-01 04:26:00 +0100 |
| commit | 5ddb84da8800728b887f2497a205fad01c44be8a (patch) | |
| tree | fe0142c706d425c17148cb2f634461e285f247c7 /globals.pl | |
| parent | c4b39497330fb3849989b3ebda7fec317643e9db (diff) | |
| download | bugzilla-5ddb84da8800728b887f2497a205fad01c44be8a.tar.gz bugzilla-5ddb84da8800728b887f2497a205fad01c44be8a.tar.xz | |
Bug 278792 : Move Crypt() to Bugzilla::Auth
Patch by Max Kanat-Alexander <mkanat@kerio.com> r=vladd a=justdave
Diffstat (limited to 'globals.pl')
| -rw-r--r-- | globals.pl | 36 |
1 files changed, 2 insertions, 34 deletions
diff --git a/globals.pl b/globals.pl index 694d02f49..0badac43e 100644 --- a/globals.pl +++ b/globals.pl @@ -34,6 +34,7 @@ use Bugzilla::Util; # Bring ChmodDataFile in until this is all moved to the module use Bugzilla::Config qw(:DEFAULT ChmodDataFile $localconfig $datadir); use Bugzilla::BugMail; +use Bugzilla::Auth; # Shut up misguided -w warnings about "used only once". For some reason, # "use vars" chokes on me when I try it here. @@ -414,7 +415,7 @@ sub InsertNewUser { # Generate a new random password for the user. my $password = GenerateRandomPassword(); - my $cryptpassword = Crypt($password); + my $cryptpassword = bz_crypt($password); my $defaultflagstring = SqlQuote(Bugzilla::Constants::DEFAULT_EMAIL_SETTINGS); @@ -696,39 +697,6 @@ sub ValidatePassword { } } - -sub Crypt { - # Crypts a password, generating a random salt to do it. - # Random salts are generated because the alternative is usually - # to use the first two characters of the password itself, and since - # the salt appears in plaintext at the beginning of the crypted - # password string this has the effect of revealing the first two - # characters of the password to anyone who views the crypted version. - - my ($password) = @_; - - # The list of characters that can appear in a salt. Salts and hashes - # are both encoded as a sequence of characters from a set containing - # 64 characters, each one of which represents 6 bits of the salt/hash. - # The encoding is similar to BASE64, the difference being that the - # BASE64 plus sign (+) is replaced with a forward slash (/). - my @saltchars = (0..9, 'A'..'Z', 'a'..'z', '.', '/'); - - # Generate the salt. We use an 8 character (48 bit) salt for maximum - # security on systems whose crypt uses MD5. Systems with older - # versions of crypt will just use the first two characters of the salt. - my $salt = ''; - for ( my $i=0 ; $i < 8 ; ++$i ) { - $salt .= $saltchars[rand(64)]; - } - - # Crypt the password. - my $cryptedpassword = crypt($password, $salt); - - # Return the crypted password. - return $cryptedpassword; -} - sub DBID_to_real_or_loginname { my ($id) = (@_); PushGlobalSQLState(); |