From 968e9d7a88eeb91e635b88b7e5ae5b795e0b4225 Mon Sep 17 00:00:00 2001
From: "terry%netscape.com" <>
Date: Thu, 3 Sep 1998 01:52:48 +0000
Subject: Changed the way password validation works.  We now keep a crypt'd
 version of the password in the database, and check against that.  (This is
 silly, because we're also keeping the plaintext version there, but I have
 plans...)  Stop passing the plaintext password around as a cookie; instead,
 we have a cookie that references a record in a new database table,
 logincookies.

IMPORTANT: if updating from an older version of Bugzilla, you must run
the following commands to keep things working:

 ./makelogincookiestable.sh
 echo "alter table profiles add column cryptpassword varchar(64);" | mysql bugs
 echo "update profiles set cryptpassword = encrypt(password,substring(rand(),3, 4));" | mysql bugs
---
 relogin.cgi | 1 +
 1 file changed, 1 insertion(+)

(limited to 'relogin.cgi')

diff --git a/relogin.cgi b/relogin.cgi
index e56949604..4bc1a394c 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -26,6 +26,7 @@ source CGI.tcl
 
 
 puts "Set-Cookie: Bugzilla_login= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
+Set-Cookie: Bugzilla_logincookie= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
 Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
 Content-type: text/html
 
-- 
cgit v1.2.3-24-g4f1b