| # -*- Mode: perl; indent-tabs-mode: nil -*- |
| # |
| # The contents of this file are subject to the Mozilla Public |
| # License Version 1.1 (the "License"); you may not use this file |
| # except in compliance with the License. You may obtain a copy of |
| # the License at http://www.mozilla.org/MPL/ |
| # |
| # Software distributed under the License is distributed on an "AS |
| # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or |
| # implied. See the License for the specific language governing |
| # rights and limitations under the License. |
| # |
| # The Original Code is the Bugzilla Bug Tracking System. |
| # |
| # The Initial Developer of the Original Code is Netscape Communications |
| # Corporation. Portions created by Netscape are |
| # Copyright (C) 1998 Netscape Communications Corporation. All |
| # Rights Reserved. |
| # |
| # Contributor(s): Terry Weissman <terry@mozilla.org> |
| # Dan Mosedale <dmose@mozilla.org> |
| # Joe Robins <jmrobins@tgix.com> |
| # Dave Miller <justdave@syndicomm.com> |
| # Christopher Aillon <christopher@aillon.com> |
| # Gervase Markham <gerv@gerv.net> |
| # Christian Reis <kiko@async.com.br> |
| # Bradley Baetz <bbaetz@acm.org> |
| # Erik Stambaugh <erik@dasbistro.com> |
| |
| package Bugzilla::Auth::Verify::DB; |
| use strict; |
| use base qw(Bugzilla::Auth::Verify); |
| |
| use Bugzilla::Constants; |
| use Bugzilla::Token; |
| use Bugzilla::Util; |
| use Bugzilla::User; |
| |
| sub check_credentials { |
| my ($self, $login_data) = @_; |
| my $dbh = Bugzilla->dbh; |
| |
| my $username = $login_data->{username}; |
| my $user_id = login_to_id($username); |
| |
| return { failure => AUTH_NO_SUCH_USER } unless $user_id; |
| |
| $login_data->{bz_username} = $username; |
| my $password = $login_data->{password}; |
| |
| trick_taint($username); |
| my ($real_password_crypted) = $dbh->selectrow_array( |
| "SELECT cryptpassword FROM profiles WHERE userid = ?", |
| undef, $user_id); |
| |
| # Wide characters cause crypt to die |
| if (Bugzilla->params->{'utf8'}) { |
| utf8::encode($password) if utf8::is_utf8($password); |
| } |
| |
| # Using the internal crypted password as the salt, |
| # crypt the password the user entered. |
| my $entered_password_crypted = crypt($password, $real_password_crypted); |
| |
| return { failure => AUTH_LOGINFAILED } |
| if $entered_password_crypted ne $real_password_crypted; |
| |
| # The user's credentials are okay, so delete any outstanding |
| # password tokens they may have generated. |
| Bugzilla::Token::DeletePasswordTokens($user_id, "user_logged_in"); |
| |
| return $login_data; |
| } |
| |
| sub change_password { |
| my ($self, $user, $password) = @_; |
| my $dbh = Bugzilla->dbh; |
| my $cryptpassword = bz_crypt($password); |
| $dbh->do("UPDATE profiles SET cryptpassword = ? WHERE userid = ?", |
| undef, $cryptpassword, $user->id); |
| } |
| |
| 1; |