Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision 38a4efa7

Von Moritz Bunkus vor fast 14 Jahren hinzugefügt

  • ID 38a4efa72af13521bba89c82c1c7e6dd00644f2d
  • Vorgänger d0c2cfbe
  • Nachfolger 1c385c60

Das Admin-Passwort nicht im Klartext in Session-Tabelle ablegen

Unterschiede anzeigen:

SL/Auth.pm
sub authenticate_root {
$main::lxdebug->enter_sub();
my $self = shift;
my $password = shift;
my $is_crypted = shift;
my ($self, $password) = @_;
$password = crypt $password, 'ro' if (!$password || !$is_crypted);
my $admin_password = crypt "$self->{admin_password}", 'ro';
$password = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $password);
my $admin_password = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $self->{admin_password});
$main::lxdebug->leave_sub();
......
$self->set_session_value(login => $params{login}, password => $params{password});
}
sub store_root_credentials_in_session {
my ($self, $rpw) = @_;
$rpw = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $rpw)
unless $self->{authenticator}->requires_cleartext_password;
$self->set_session_value(rpw => $rpw);
}
sub dbconnect {
$main::lxdebug->enter_sub(2);
bin/mozilla/admin.pl
$locale = $::locale;
$auth = $::auth;
$::auth->set_session_value('rpw', $::form->{rpw}) if $session_result == SL::Auth->SESSION_OK;
$::auth->store_root_credentials_in_session($form->{rpw}) if $session_result == SL::Auth->SESSION_OK;
$form->{stylesheet} = "lx-office-erp.css";
$form->{favicon} = "favicon.ico";
......
if ($form->{action}) {
if ($auth->authenticate_root($form->{rpw}) != $auth->OK()) {
$form->{error_message} = $locale->text('Incorrect Password!');
$auth->delete_session_value('rpw');
adminlogin();
} else {
if ($auth->session_tables_present()) {
$::auth->set_session_value('rpw', $::form->{rpw});
$::auth->create_or_refresh_session();
$::auth->store_root_credentials_in_session($::form->{rpw});
delete $::form->{rpw};
_apply_dbupgrade_scripts();
}

Auch abrufbar als: Unified diff