Properly salt passwords

[ndwebbie.git] / lib / NDWeb / Auth / User.pm

diff --git a/lib/NDWeb/Auth/User.pm b/lib/NDWeb/Auth/User.pm
index c19ba2b097b85bf54f4d3c224e52097a5483314d..a5e8366e5940178fa969144cdae3e712d7501fc5 100644 (file)
--- a/lib/NDWeb/Auth/User.pm
+++ b/lib/NDWeb/Auth/User.pm
@@ -31,7 +31,7 @@ sub load {
 
        if (exists $authinfo->{id}){
                $self->{id} = $dbh->selectrow_array(q{
-                       SELECT uid FROM users WHERE lower(username) = lower(?)
+                       SELECT uid FROM users WHERE username = ?
                },undef,$authinfo->{id});
        }elsif (exists $authinfo->{uid}){
                $self->{id} = $authinfo->{uid};
@@ -42,7 +42,7 @@ sub load {
        }
 
        ($self->{planet},$self->{username},$self->{css}) = $dbh->selectrow_array(q{
-               SELECT planet,username,css FROM users WHERE uid = ?
+               SELECT pid,username,css FROM users WHERE uid = ?
                },undef,$self->{id}) or die $dbh->errstr;
 
        return $self;
@@ -102,10 +102,20 @@ sub from_session {
 sub check_password {
        my ( $self, $password ) = @_;
        my $query = $self->{c}->model->prepare(q{
-               SELECT uid FROM users WHERE uid = ? AND password = md5(?)
+               SELECT uid FROM users WHERE uid = $1 AND password = crypt($2,password)
        });
        $query->execute($self->id,$password);
-       if ($query->rows == 1){
+
+       if ($query->rows == 0) {
+               $query = $self->{c}->model->prepare(q{
+                       UPDATE users SET password = $2
+                       WHERE uid = $1 AND password = md5($2)
+                       RETURNING uid
+               });
+               $query->execute($self->id,$password);
+       }
+
+       if ($query->rows == 1) {
                return $self;
        }
        return;