From 968e9d7a88eeb91e635b88b7e5ae5b795e0b4225 Mon Sep 17 00:00:00 2001
From: "terry%netscape.com" <>
Date: Thu, 3 Sep 1998 01:52:48 +0000
Subject: Changed the way password validation works. We now keep a crypt'd
version of the password in the database, and check against that. (This is
silly, because we're also keeping the plaintext version there, but I have
plans...) Stop passing the plaintext password around as a cookie; instead,
we have a cookie that references a record in a new database table,
logincookies.
IMPORTANT: if updating from an older version of Bugzilla, you must run
the following commands to keep things working:
./makelogincookiestable.sh
echo "alter table profiles add column cryptpassword varchar(64);" | mysql bugs
echo "update profiles set cryptpassword = encrypt(password,substring(rand(),3, 4));" | mysql bugs
---
changepassword.cgi | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
(limited to 'changepassword.cgi')
diff --git a/changepassword.cgi b/changepassword.cgi
index 2e0a4f06a..9e031bb16 100755
--- a/changepassword.cgi
+++ b/changepassword.cgi
@@ -66,7 +66,11 @@ Please click Back and try again."
puts "Content-type: text/html\n"
-SendSQL "update profiles set password='$pwd' where login_name='[SqlQuote $COOKIE(Bugzilla_login)]'"
+SendSQL "select encrypt('$pwd')"
+set encrypted [lindex [FetchSQLData] 0]
+
+SendSQL "update profiles set password='$pwd',cryptpassword='$encrypted' where login_name='[SqlQuote $COOKIE(Bugzilla_login)]'"
+SendSQL "update logincookies set cryptpassword = '$encrypted' where cookie = $COOKIE(Bugzilla_logincookie)"
puts "OK, done.
Your new password has been set.
--
cgit v1.2.3-24-g4f1b