diff options
author | terry%netscape.com <> | 1998-09-03 03:52:48 +0200 |
---|---|---|
committer | terry%netscape.com <> | 1998-09-03 03:52:48 +0200 |
commit | 968e9d7a88eeb91e635b88b7e5ae5b795e0b4225 (patch) | |
tree | 48fd47f41237d9436e4d066be67a869ca4769992 /query.cgi | |
parent | a40c093d9249b8afcf14a4eccc02127d0bd18a08 (diff) | |
download | bugzilla-968e9d7a88eeb91e635b88b7e5ae5b795e0b4225.tar.gz bugzilla-968e9d7a88eeb91e635b88b7e5ae5b795e0b4225.tar.xz |
Changed the way password validation works. We now keep a
crypt'd version of the password in the database, and check against
that. (This is silly, because we're also keeping the plaintext
version there, but I have plans...) Stop passing the plaintext
password around as a cookie; instead, we have a cookie that references
a record in a new database table, logincookies.
IMPORTANT: if updating from an older version of Bugzilla, you must run
the following commands to keep things working:
./makelogincookiestable.sh
echo "alter table profiles add column cryptpassword varchar(64);" | mysql bugs
echo "update profiles set cryptpassword = encrypt(password,substring(rand(),3, 4));" | mysql bugs
Diffstat (limited to 'query.cgi')
-rwxr-xr-x | query.cgi | 6 |
1 files changed, 2 insertions, 4 deletions
@@ -234,11 +234,9 @@ if {[info exists COOKIE(Bugzilla_login)]} { if {[cequal $COOKIE(Bugzilla_login) [Param maintainer]]} { puts "<a href=editparams.cgi>Edit Bugzilla operating parameters</a><br>" } - puts " -<a href=relogin.cgi>Log in as someone besides <b>$COOKIE(Bugzilla_login)</b></a><br> -<a href=changepassword.cgi>Change my password.</a><br>" + puts "<a href=relogin.cgi>Log in as someone besides <b>$COOKIE(Bugzilla_login)</b></a><br>" } - +puts "<a href=changepassword.cgi>Change your password.</a><br>" puts "<a href=\"enter_bug.cgi\">Create a new bug.</a><br>" }]} { |