X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/c510d88bbfea6818ffafaddb7286e88aec96d3b8..1c385c602908735c3be266b1470b301050650fd3:/SL/Auth/DB.pm

diff --git a/SL/Auth/DB.pm b/SL/Auth/DB.pm
index d4e4d48cc..66d23cd27 100644
--- a/SL/Auth/DB.pm
+++ b/SL/Auth/DB.pm
@@ -1,11 +1,13 @@
 package SL::Auth::DB;
 
-use DBI;
+use strict;
 
-#use SL::Auth;
-use SL::DBUtils;
+use Carp;
+use Scalar::Util qw(weaken);
 
-use strict;
+use SL::Auth::Constants qw(:all);
+use SL::Auth::Password;
+use SL::DBUtils;
 
 sub new {
   $main::lxdebug->enter_sub();
@@ -14,6 +16,7 @@ sub new {
   my $self = {};
 
   $self->{auth} = shift;
+  weaken $self->{auth};
 
   bless $self, $type;
 
@@ -28,30 +31,38 @@ sub authenticate {
   my $self       = shift;
   my $login      = shift;
   my $password   = shift;
-  my $is_crypted = shift;
 
   my $dbh        = $self->{auth}->dbconnect();
 
   if (!$dbh) {
     $main::lxdebug->leave_sub();
-    return SL::Auth->ERR_BACKEND();
+    return ERR_BACKEND;
   }
 
   my $query             = qq|SELECT password FROM auth."user" WHERE login = ?|;
   my ($stored_password) = $dbh->selectrow_array($query, undef, $login);
 
-  $password        = crypt $password, substr($login, 0, 2)        if (!$password || !$is_crypted);
-  $stored_password = crypt $stored_password, substr($login, 0, 2) if (!$stored_password);
+  my ($algorithm, $algorithm2);
+
+  # Empty password hashes in the database mean just that -- empty
+  # passwords. Hash it for easier comparison.
+  $stored_password               = SL::Auth::Password->hash(password => $stored_password) unless $stored_password;
+  ($algorithm, $stored_password) = SL::Auth::Password->parse($stored_password);
+  ($algorithm2, $password)       = SL::Auth::Password->parse(SL::Auth::Password->hash_if_unhashed(password => $password, algorithm => $algorithm, login => $login));
 
   $main::lxdebug->leave_sub();
 
-  return $password eq $stored_password ? SL::Auth->OK() : SL::Auth->ERR_PASSWORD();
+  return $password eq $stored_password ? OK : ERR_PASSWORD;
 }
 
 sub can_change_password {
   return 1;
 }
 
+sub requires_cleartext_password {
+  return 0;
+}
+
 sub change_password {
   $main::lxdebug->enter_sub();
 
@@ -64,10 +75,10 @@ sub change_password {
 
   if (!$dbh) {
     $main::lxdebug->leave_sub();
-    return SL::Auth->ERR_BACKEND()
+    return ERR_BACKEND;
   }
 
-  $password = crypt $password, substr($login, 0, 2) if (!$is_crypted);
+  $password = SL::Auth::Password->hash(password => $password) unless $is_crypted;
 
   do_query($main::form, $dbh, qq|UPDATE auth."user" SET password = ? WHERE login = ?|, $password, $login);