Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision 38a4efa7

Von Moritz Bunkus vor mehr als 13 Jahren hinzugefügt

  • ID 38a4efa72af13521bba89c82c1c7e6dd00644f2d
  • Vorgänger d0c2cfbe
  • Nachfolger 1c385c60

Das Admin-Passwort nicht im Klartext in Session-Tabelle ablegen

Unterschiede anzeigen:

SL/Auth.pm
137 137 
sub authenticate_root {
138 138 
  $main::lxdebug->enter_sub();
139 139 

  		




  140
  
  
    
  my $self           = shift;


  		




  141
  
  
    
  my $password       = shift;


  		




  142
  
  
    
  my $is_crypted     = shift;


  		




  
  140
  
    
  my ($self, $password) = @_;


  		




  143
  141
  
    

  		




  144
  
  
    
  $password          = crypt $password, 'ro' if (!$password || !$is_crypted);


  		




  145
  
  
    
  my $admin_password = crypt "$self->{admin_password}", 'ro';


  		




  
  142
  
    
  $password             = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $password);


  		




  
  143
  
    
  my $admin_password    = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $self->{admin_password});


  		




  146
  144
  
    

  		




  147
  145
  
    
  $main::lxdebug->leave_sub();


  		




  148
  146
  
    

  		




  ......




  173
  171
  
    
  $self->set_session_value(login => $params{login}, password => $params{password});


  		




  174
  172
  
    
}


  		




  175
  173
  
    

  		




  
  174
  
    
sub store_root_credentials_in_session {


  		




  
  175
  
    
  my ($self, $rpw) = @_;


  		




  
  176
  
    

  		




  
  177
  
    
  $rpw = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $rpw)


  		




  
  178
  
    
    unless $self->{authenticator}->requires_cleartext_password;


  		




  
  179
  
    

  		




  
  180
  
    
  $self->set_session_value(rpw => $rpw);


  		




  
  181
  
    
}


  		




  
  182
  
    

  		




  176
  183
  
    
sub dbconnect {


  		




  177
  184
  
    
  $main::lxdebug->enter_sub(2);


  		




  178
  185
  
    

  		












  

    
      bin/mozilla/admin.pl
    
  





  73
  73
  
    
  $locale = $::locale;


  		




  74
  74
  
    
  $auth   = $::auth;


  		




  75
  75
  
    

  		




  76
  
  
    
  $::auth->set_session_value('rpw', $::form->{rpw}) if $session_result == SL::Auth->SESSION_OK;


  		




  
  76
  
    
  $::auth->store_root_credentials_in_session($form->{rpw}) if $session_result == SL::Auth->SESSION_OK;


  		




  77
  77
  
    

  		




  78
  78
  
    
  $form->{stylesheet} = "lx-office-erp.css";


  		




  79
  79
  
    
  $form->{favicon}    = "favicon.ico";


  		




  ......




  81
  81
  
    
  if ($form->{action}) {


  		




  82
  82
  
    
    if ($auth->authenticate_root($form->{rpw}) != $auth->OK()) {


  		




  83
  83
  
    
      $form->{error_message} = $locale->text('Incorrect Password!');


  		




  
  84
  
    
      $auth->delete_session_value('rpw');


  		




  84
  85
  
    
      adminlogin();


  		




  85
  86
  
    
    } else {


  		




  86
  87
  
    
      if ($auth->session_tables_present()) {


  		




  87
  
  
    
        $::auth->set_session_value('rpw', $::form->{rpw});


  		




  88
  
  
    
        $::auth->create_or_refresh_session();


  		




  
  88
  
    
        $::auth->store_root_credentials_in_session($::form->{rpw});


  		




  
  89
  
    
        delete $::form->{rpw};


  		




  89
  90
  
    
        _apply_dbupgrade_scripts();


  		




  90
  91
  
    
      }


  		




  91
  92
  
    

  		












Auch abrufbar als:  Unified diff