]> ruin.nu Git - ndwebbie.git/blobdiff - lib/NDWeb/Auth/User.pm
projects / ndwebbie.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Properly salt passwords
[ndwebbie.git] / lib / NDWeb / Auth / User.pm
diff --git a/lib/NDWeb/Auth/User.pm b/lib/NDWeb/Auth/User.pm
index c5738c3db3c464e93eedd23112e3788450998f41..a5e8366e5940178fa969144cdae3e712d7501fc5 100644 (file)
--- a/lib/NDWeb/Auth/User.pm
+++ b/lib/NDWeb/Auth/User.pm
@@ -102,10 +102,20 @@ sub from_session {
 sub check_password {
        my ( $self, $password ) = @_;
        my $query = $self->{c}->model->prepare(q{
-               SELECT uid FROM users WHERE uid = ? AND password = md5(?)
+               SELECT uid FROM users WHERE uid = $1 AND password = crypt($2,password)
        });
        $query->execute($self->id,$password);
-       if ($query->rows == 1){
+
+       if ($query->rows == 0) {
+               $query = $self->{c}->model->prepare(q{
+                       UPDATE users SET password = $2
+                       WHERE uid = $1 AND password = md5($2)
+                       RETURNING uid
+               });
+               $query->execute($self->id,$password);
+       }
+
+       if ($query->rows == 1) {
                return $self;
        }
        return;
The ND webbie, with scripts and database schemas