« Category Feeds | Main | Crypto Challenge »
September 11, 2003
Updating MT to play well with Atom
While cobbling together an Atom implementation for MovableType, I've had to change how passwords are stored. After a quick email from Mark, I changed lib/MT/Author.pm slightly to make the passwords stored in a manner more friendly to the current Atom Authentication Scheme, and allow easy migration of current passwords.
Here is the diff:
--- Author.pm.old Thu May 29 00:04:58 2003
+++ Author.pm Thu Sep 11 09:13:48 2003
@@ -6,6 +6,8 @@
package MT::Author;
use strict;
+use Digest::SHA1 qw( sha1_hex );
+
use MT::Object;
@MT::Author::ISA = qw( MT::Object );
__PACKAGE__->install_properties({
@@ -25,9 +27,8 @@
sub set_password {
my $auth = shift;
my($pass) = @_;
- my @alpha = ('a'..'z', 'A'..'Z', 0..9);
- my $salt = join '', map $alpha[rand @alpha], 1..2;
- $auth->column('password', crypt $pass, $salt);
+ $auth->column ('password',
+ sha1_hex (join (':', $auth->column ('name'), 'MovableType', $pass)));
}
sub is_valid_password {
@@ -35,8 +36,15 @@
my($pass, $crypted) = @_;
$pass ||= '';
my $real_pass = $auth->column('password');
- return $crypted ? $real_pass eq $pass :
- crypt($pass, $real_pass) eq $real_pass;
+ return 1 if ($crypted ? $pass eq $real_pass :
+ sha1_hex (join (':', $auth->column ('name'), 'MovableType', $pass))
+ eq $real_pass);
+ if (crypt ($pass, $real_pass) eq $real_pass) {
+ $auth->set_password ($pass);
+ return 1;
+ }
+
+ return 0;
}
sub remove {Posted by rayners at September 11, 2003 09:18 AM
Trackback Pings
TrackBack URL for this entry:
http://mt.rayners.org/mt-tb.cgi/237