--- /dev/null
+CREATE OR REPLACE FUNCTION user_password() RETURNS trigger
+ AS $_X$
+DECLARE
+BEGIN
+ IF COALESCE(NEW.password <> OLD.password,TRUE) AND
+ NOT NEW.password SIMILAR TO '$2a$\d+$[a-zA-Z0-9./]+'
+ THEN
+ NEW.password := crypt(NEW.password,gen_salt('bf',10));
+ END IF;
+ RETURN NEW;
+END;
+$_X$ LANGUAGE plpgsql;
+
+/*
+alter table users alter COLUMN password drop not null ;
+CREATE TRIGGER user_password BEFORE UPDATE OR INSERT ON users FOR EACH ROW EXECUTE PROCEDURE user_password()
+*/
sub check_password {
my ( $self, $password ) = @_;
my $query = $self->{c}->model->prepare(q{
- SELECT uid FROM users WHERE uid = ? AND password = md5(?)
+ SELECT uid FROM users WHERE uid = $1 AND password = crypt($2,password)
});
$query->execute($self->id,$password);
- if ($query->rows == 1){
+
+ if ($query->rows == 0) {
+ $query = $self->{c}->model->prepare(q{
+ UPDATE users SET password = $2
+ WHERE uid = $1 AND password = md5($2)
+ RETURNING uid
+ });
+ $query->execute($self->id,$password);
+ }
+
+ if ($query->rows == 1) {
return $self;
}
return;
my ( $self, $c ) = @_;
my $dbh = $c->model;
- my $query = $dbh->prepare(q{UPDATE users SET password = MD5($1)
- WHERE password = MD5($2) AND uid = $3
+ if (length $c->req->param('pass') < 4) {
+ $c->flash(error => "Your password need to be at least 4 characters");
+ } else {
+ my $query = $dbh->prepare(q{UPDATE users SET password = $1
+ WHERE password = crypt($2,password) AND uid = $3
});
- $query->execute($c->req->param('pass'),$c->req->param('oldpass'),$c->user->id);
+ $query->execute($c->req->param('pass'),$c->req->param('oldpass'),$c->user->id);
- $c->flash(error => "Old password was invalid") unless $query->rows;
+ $c->flash(error => "Old password was invalid") unless $query->rows;
+ }
$c->res->redirect($c->uri_for(''));
}