aboutsummaryrefslogtreecommitdiffstats
path: root/changepassword.cgi
diff options
context:
space:
mode:
authorterry%mozilla.org <>2000-01-18 22:40:18 +0000
committerterry%mozilla.org <>2000-01-18 22:40:18 +0000
commitca8760339069c50ccbdcf3d92e416f7d1522adf8 (patch)
treee2386af360bc276ba659635b80075da04dd24ed4 /changepassword.cgi
parente908456f366483dcc915bafc7036733310ebc6e5 (diff)
downloadbugs-ca8760339069c50ccbdcf3d92e416f7d1522adf8.tar
bugs-ca8760339069c50ccbdcf3d92e416f7d1522adf8.tar.gz
bugs-ca8760339069c50ccbdcf3d92e416f7d1522adf8.tar.bz2
bugs-ca8760339069c50ccbdcf3d92e416f7d1522adf8.tar.xz
bugs-ca8760339069c50ccbdcf3d92e416f7d1522adf8.zip
Stop ever using perl's crypt() function; only use mysql's. (Using
both was causing corruption on about 1 in 40 passwords.)
Diffstat (limited to 'changepassword.cgi')
-rwxr-xr-xchangepassword.cgi18
1 files changed, 6 insertions, 12 deletions
diff --git a/changepassword.cgi b/changepassword.cgi
index d62259ac5..93b736e55 100755
--- a/changepassword.cgi
+++ b/changepassword.cgi
@@ -102,11 +102,6 @@ The two passwords you entered did not match. Please click <b>Back</b> and try a
my $pwd = $::FORM{'pwd1'};
-sub x {
- my $sc="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./";
- return substr($sc, int (rand () * 100000) % (length ($sc) + 1), 1);
-}
-
if ($pwd ne "") {
if ($pwd !~ /^[a-zA-Z0-9-_]*$/ || length($pwd) < 3 || length($pwd) > 15) {
print "<H1>Sorry; we're picky.</H1>
@@ -119,14 +114,13 @@ Please click <b>Back</b> and try again.\n";
}
-# Generate a random salt.
-
- my $salt = x() . x();
-
- my $encrypted = crypt($pwd, $salt);
-
- SendSQL("update profiles set password='$pwd',cryptpassword='$encrypted' where login_name=" .
+ my $qpwd = SqlQuote($pwd);
+ SendSQL("UPDATE profiles SET password=$qpwd,cryptpassword=encrypt($qpwd)
+ WHERE login_name = " .
+ SqlQuote($::COOKIE{'Bugzilla_login'}));
+ SendSQL("SELECT cryptpassword FROM profiles WHERE login_name = " .
SqlQuote($::COOKIE{'Bugzilla_login'}));
+ my $encrypted = FetchOneColumn();
SendSQL("update logincookies set cryptpassword = '$encrypted' where cookie = $::COOKIE{'Bugzilla_logincookie'}");
}