projects
/
e-DoKo.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
updated to better password hash: use crypt instead of md5
[e-DoKo.git]
/
include
/
login.php
diff --git
a/include/login.php
b/include/login.php
index 22d422f737e79e20db1a99c72425ebcf26832c23..eb7d5b8e39de6e56c93a1b82fc9d39e5c1251beb 100644
(file)
--- a/
include/login.php
+++ b/
include/login.php
@@
-1,5
+1,5
@@
<?php
<?php
-/* Copyright 2006, 2007, 2008, 2009, 2010 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010
, 2011, 2012
Arun Persaud <arun@nubati.net>
*
* This file is part of e-DoKo.
*
*
* This file is part of e-DoKo.
*
@@
-85,21
+85,27
@@
else if(myisset('email','password'))
$password = $_REQUEST['password'];
/* verify password and email */
$password = $_REQUEST['password'];
/* verify password and email */
- if(strlen($password)!=32)
- $password = md5($password);
$ok = 1;
$ok = 1;
- $myid = DB_get_userid('email-password',$email,$password);
- if(!$myid)
- $ok = 0;
+ $myid = DB_get_userid('email',$email);
- if($ok)
+ $result = verify_password($email, $password);
+ switch($result)
{
{
- /* user information is ok, set session variabel */
- $myname = DB_get_name('email',$email);
+ case 0:
+ /* user information is ok, set session variable */
+ $myname = DB_get_name('email',$email);
+ $hashedpassword = DB_get_passwd_by_userid($myid);
$_SESSION['name'] = $myname;
$_SESSION['id'] = $myid;
$_SESSION['name'] = $myname;
$_SESSION['id'] = $myid;
- $_SESSION['pass'] = $password;
+ $_SESSION['pass'] = $hashedpassword;
+ break;
+ case 1:
+ echo "Can't find you in the database\n";
+ break;
+ case 2:
+ echo "Problem creating password hash, please contact $ADMIN at $ADMIN_EMAIL\n";
+ break;
}
}
else
}
}
else