Websites/bugs.webkit.org/Bugzilla/Auth/Verify/DB.pm - platform/external/chromium_org/third_party/WebKit - Git at Google

 # -*- Mode: perl; indent-tabs-mode: nil -*-
 #
 # The contents of this file are subject to the Mozilla Public
 # License Version 1.1 (the "License"); you may not use this file
 # except in compliance with the License. You may obtain a copy of
 # the License at http://www.mozilla.org/MPL/
 #
 # Software distributed under the License is distributed on an "AS
 # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 # implied. See the License for the specific language governing
 # rights and limitations under the License.
 #
 # The Original Code is the Bugzilla Bug Tracking System.
 #
 # The Initial Developer of the Original Code is Netscape Communications
 # Corporation. Portions created by Netscape are
 # Copyright (C) 1998 Netscape Communications Corporation. All
 # Rights Reserved.
 #
 # Contributor(s): Terry Weissman <terry@mozilla.org>
 #                 Dan Mosedale <dmose@mozilla.org>
 #                 Joe Robins <jmrobins@tgix.com>
 #                 Dave Miller <justdave@syndicomm.com>
 #                 Christopher Aillon <christopher@aillon.com>
 #                 Gervase Markham <gerv@gerv.net>
 #                 Christian Reis <kiko@async.com.br>
 #                 Bradley Baetz <bbaetz@acm.org>
 #                 Erik Stambaugh <erik@dasbistro.com>

 package Bugzilla::Auth::Verify::DB;
 use strict;
 use base qw(Bugzilla::Auth::Verify);

 use Bugzilla::Constants;
 use Bugzilla::Token;
 use Bugzilla::Util;
 use Bugzilla::User;

 sub check_credentials {
     my ($self, $login_data) = @_;
     my $dbh = Bugzilla->dbh;

     my $username = $login_data->{username};
     my $user_id  = login_to_id($username);

     return { failure => AUTH_NO_SUCH_USER } unless $user_id;

     $login_data->{bz_username} = $username;
     my $password = $login_data->{password};

     trick_taint($username);
     my ($real_password_crypted) = $dbh->selectrow_array(
         "SELECT cryptpassword FROM profiles WHERE userid = ?",
         undef, $user_id);

     # Wide characters cause crypt to die
     if (Bugzilla->params->{'utf8'}) {
         utf8::encode($password) if utf8::is_utf8($password);
     }

     # Using the internal crypted password as the salt,
     # crypt the password the user entered.
     my $entered_password_crypted = crypt($password, $real_password_crypted);

     return { failure => AUTH_LOGINFAILED }
         if $entered_password_crypted ne $real_password_crypted;

     # The user's credentials are okay, so delete any outstanding
     # password tokens they may have generated.
     Bugzilla::Token::DeletePasswordTokens($user_id, "user_logged_in");

     return $login_data;
 }

 sub change_password {
     my ($self, $user, $password) = @_;
     my $dbh = Bugzilla->dbh;
     my $cryptpassword = bz_crypt($password);
     $dbh->do("UPDATE profiles SET cryptpassword = ? WHERE userid = ?",
              undef, $cryptpassword, $user->id);
 }

 1;
	# -- Mode: perl; indent-tabs-mode: nil --
	#
	# The contents of this file are subject to the Mozilla Public
	# License Version 1.1 (the "License"); you may not use this file
	# except in compliance with the License. You may obtain a copy of
	# the License at http://www.mozilla.org/MPL/
	#
	# Software distributed under the License is distributed on an "AS
	# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
	# implied. See the License for the specific language governing
	# rights and limitations under the License.
	#
	# The Original Code is the Bugzilla Bug Tracking System.
	#
	# The Initial Developer of the Original Code is Netscape Communications
	# Corporation. Portions created by Netscape are
	# Copyright (C) 1998 Netscape Communications Corporation. All
	# Rights Reserved.
	#
	# Contributor(s): Terry Weissman <terry@mozilla.org>
	# Dan Mosedale <dmose@mozilla.org>
	# Joe Robins <jmrobins@tgix.com>
	# Dave Miller <justdave@syndicomm.com>
	# Christopher Aillon <christopher@aillon.com>
	# Gervase Markham <gerv@gerv.net>
	# Christian Reis <kiko@async.com.br>
	# Bradley Baetz <bbaetz@acm.org>
	# Erik Stambaugh <erik@dasbistro.com>

	package Bugzilla::Auth::Verify::DB;
	use strict;
	use base qw(Bugzilla::Auth::Verify);

	use Bugzilla::Constants;
	use Bugzilla::Token;
	use Bugzilla::Util;
	use Bugzilla::User;

	sub check_credentials {
	my ($self, $login_data) = @_;
	my $dbh = Bugzilla->dbh;

	my $username = $login_data->{username};
	my $user_id = login_to_id($username);

	return { failure => AUTH_NO_SUCH_USER } unless $user_id;

	$login_data->{bz_username} = $username;
	my $password = $login_data->{password};

	trick_taint($username);
	my ($real_password_crypted) = $dbh->selectrow_array(
	"SELECT cryptpassword FROM profiles WHERE userid = ?",
	undef, $user_id);

	# Wide characters cause crypt to die
	if (Bugzilla->params->{'utf8'}) {
	utf8::encode($password) if utf8::is_utf8($password);
	}

	# Using the internal crypted password as the salt,
	# crypt the password the user entered.
	my $entered_password_crypted = crypt($password, $real_password_crypted);

	return { failure => AUTH_LOGINFAILED }
	if $entered_password_crypted ne $real_password_crypted;

	# The user's credentials are okay, so delete any outstanding
	# password tokens they may have generated.
	Bugzilla::Token::DeletePasswordTokens($user_id, "user_logged_in");

	return $login_data;
	}

	sub change_password {
	my ($self, $user, $password) = @_;
	my $dbh = Bugzilla->dbh;
	my $cryptpassword = bz_crypt($password);
	$dbh->do("UPDATE profiles SET cryptpassword = ? WHERE userid = ?",
	undef, $cryptpassword, $user->id);
	}

	1;