merged 7.5 utf8 password fix

This commit is contained in:
JT Smith 2008-10-28 16:05:47 +00:00
parent 6193d6bef5
commit 3c325c9c5a
2 changed files with 47 additions and 22 deletions

View file

@ -21,21 +21,6 @@
definition and the table schema.
- Fixed a limit bug in the asset discovery service.
- Fixed #8853: link to manageWorkflows is broken
- Fixed #8890: meta_loop in post form not working (United Knowledge)
- added: ldaps and ldapi are now supported when working with LDAP authentication
- rfe #740: Thingy Pre-Text (SDH Consulting Group)
- rfe #746: use the menu title in asset manager
- rfe #549: New macro for checking spectre status. VersionTag::RequestCommit and Operation::VestionTag::www_commitVertionTag now both check for spectre status before trying to commit.
- rfe #637: Alphabetize wiki items under a keyword?
- Autocommit assets like CS posts or Calendar Events can now be added before the
parent is committed. They will go into the same version tag as their parent.
- rfe #640: Refactored autocommit and autocomment
- added a perltidyrc to the docs folder. we'll be using this to clean up code.
- fixed: Site Nav navigation template can now be used more than once per page
- added: TextArea now supports "maxlength" attribute
- added: DataForm can now run a workflow when an entry is added
- Fixed #8921: Duplicating templates through conventional methods maintains default template flag
- Fixed #8962: Wrong mime-type used for json data
- Added: WebGUI::Pluggable find() and findAndLoad() for easier module loading
- Added RFE #327: Select All button to class list in Search asset
- Fixed #8984: Weather Asset missing hoverhelp
@ -162,6 +147,39 @@
- fixed: Shelf/Product import export does not work
- fixed: Shelf/Product import does not work with windows files
7.5.31
- fixed: debian licensing problem with user list
- fixed: Wrong password behaviour (#8905)
- removed the old js file IndexedSearch/ColorPicker2.js that hasn't been used
in about 3 years.
- Fixed #8984: Weather Asset missing hoverhelp
7.5.30
- fixed: can't add EMS tickets to badges
- fixed 8962: Wrong mime-type used for json data
- fixed: default site has no content
- fixed: possible to execute arbitrary perl code as any user that can upload files
7.5.29
- fixed: Site Nav is broken
7.5.28
- Fixed #8890: meta_loop in post form not working (United Knowledge)
- added: ldaps and ldapi are now supported when working with LDAP authentication
- rfe #740: Thingy Pre-Text (SDH Consulting Group)
- rfe #746: use the menu title in asset manager
- rfe #549: New macro for checking spectre status. VersionTag::RequestCommit and Operation::VestionTag::www_commitVertionTag now both check for spectre status before trying to commit.
- rfe #637: Alphabetize wiki items under a keyword?
- Autocommit assets like CS posts or Calendar Events can now be added before the
parent is committed. They will go into the same version tag as their parent.
- rfe #640: Refactored autocommit and autocomment
- added a perltidyrc to the docs folder. we'll be using this to clean up code.
- fixed: Site Nav navigation template can now be used more than once per page
- added: TextArea now supports "maxlength" attribute
- added: DataForm can now run a workflow when an entry is added
- Fixed #8921: Duplicating templates through conventional methods maintains default template flag
- Fixed #8962: Wrong mime-type used for json data
7.5.24
- fixed: Spelling mistake on site starter
- fixed: DatePicker.js can now use different first days of the week.

View file

@ -120,7 +120,7 @@ sub authenticate {
$identifier = $_[1];
$userData = $self->getParams;
if ((Digest::MD5::md5_base64(Encode::encode_utf8($identifier)) eq $$userData{identifier}) && ($identifier ne "")) {
if (($self->hashPassword($identifier) eq $$userData{identifier}) && ($identifier ne "")) {
return 1;
}
$self->user(WebGUI::User->new($self->session,1));
@ -246,7 +246,7 @@ sub createAccountSave {
my $properties;
$properties->{ changeUsername } = $setting->get("webguiChangeUsername");
$properties->{ changePassword } = $setting->get("webguiChangePassword");
$properties->{ identifier } = Digest::MD5::md5_base64($password);
$properties->{ identifier } = $self->hashPassword($password);
$properties->{ passwordLastUpdated } = $session->datetime->time();
$properties->{ passwordTimeout } = $setting->get("webguiPasswordTimeout");
$properties->{ status } = 'Deactivated' if ($setting->get("webguiValidateEmail"));
@ -409,7 +409,7 @@ sub editUserFormSave {
my $userData = $self->getParams($userId);
my $identifier = $self->session->form->process('authWebGUI.identifier');
unless (!$identifier || $identifier eq "password") {
$properties->{identifier} = Digest::MD5::md5_base64($self->session->form->process('authWebGUI.identifier'));
$properties->{identifier} = $self->hashPassword($self->session->form->process('authWebGUI.identifier'));
if($userData->{identifier} ne $properties->{identifier}){
$properties->{passwordLastUpdated} =$self->session->datetime->time();
}
@ -671,6 +671,13 @@ sub getUserIdByPasswordRecoveryToken {
return $session->db->quickScalar("select userId from authentication where fieldName = 'emailRecoverPasswordVerificationNumber' and fieldData = ?", [$token]);
}
#-------------------------------------------------------------------
sub hashPassword {
my ($self, $password) = @_;
return Digest::MD5::md5_base64(Encode::encode_utf8($password));
}
#-------------------------------------------------------------------
sub login {
my $self = shift;
@ -954,7 +961,7 @@ sub profileRecoverPasswordFinish {
if ($self->_isValidPassword($password, $passwordConfirm)) {
$self->user( $user );
$self->saveParams($userId, $self->authMethod,
{ identifier => Digest::MD5::md5_base64($password),
{ identifier => $self->hashPassword($password),
passwordLastUpdated => $self->session->datetime->time });
$self->_logSecurityMessage;
return $self->SUPER::login;
@ -1103,7 +1110,7 @@ sub emailResetPasswordFinish {
if ($self->_isValidPassword($password, $passwordConfirm)) {
$self->user(WebGUI::User->new($self->session, $userId));
$self->saveParams($userId, $self->authMethod,
{ identifier => Digest::MD5::md5_base64($password),
{ identifier => $self->hashPassword($password),
passwordLastUpdated => $self->session->datetime->time });
$self->_logSecurityMessage;
@ -1157,7 +1164,7 @@ sub resetExpiredPasswordSave {
return $self->resetExpiredPassword($u->userId, "<h1>".$i18n->get(70)."</h1><ul>".$error.'</ul>') if ($error);
$properties->{identifier} = Digest::MD5::md5_base64($self->session->form->process("identifier"));
$properties->{identifier} = $self->hashPassword($self->session->form->process("identifier"));
$properties->{passwordLastUpdated} =$self->session->datetime->time();
$self->saveParams($u->userId,$self->authMethod,$properties);
@ -1229,7 +1236,7 @@ sub updateAccount {
if($password){
my $userData = $self->getParams;
unless ($password eq "password") {
$properties->{identifier} = Digest::MD5::md5_base64($password);
$properties->{identifier} = $self->hashPassword($password);
$self->_logSecurityMessage();
if($userData->{identifier} ne $properties->{identifier}){
$properties->{passwordLastUpdated} =$self->session->datetime->time();