[Koha-patches] [PATCH] bug_9611: use checkpw_hash() instead of md5 hash
Srdjan
srdjan at catalyst.net.nz
Mon Sep 30 02:27:05 CEST 2013
Test:
* SIP: Have an old user and create a new user
- use either tenet sip test or
C4/SIP/interactive_patron_check_password.pl to check old
userid/password
- do the same for the new user
---
C4/SIP/ILS/Patron.pm | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/C4/SIP/ILS/Patron.pm b/C4/SIP/ILS/Patron.pm
index b9f0659..1155d51 100644
--- a/C4/SIP/ILS/Patron.pm
+++ b/C4/SIP/ILS/Patron.pm
@@ -21,8 +21,8 @@ use C4::Koha;
use C4::Members;
use C4::Reserves;
use C4::Branch qw(GetBranchName);
-use Digest::MD5 qw(md5_base64);
use C4::Items qw( GetBarcodeFromItemnumber GetItemnumbersForBiblio);
+use C4::Auth qw(checkpw_hash);
our $VERSION = 3.07.00.049;
@@ -40,7 +40,7 @@ sub new {
}
$kp = GetMemberDetails($kp->{borrowernumber});
$debug and warn "new Patron (GetMemberDetails): " . Dumper($kp);
- my $pw = $kp->{password}; ### FIXME - md5hash -- deal with .
+ my $pw = $kp->{password};
my $flags = $kp->{flags}; # or warn "Warning: No flags from patron object for '$patron_id'";
my $debarred = defined($kp->{flags}->{DBARRED});
$debug and warn sprintf("Debarred = %s : ", ($debarred||'undef')) . Dumper(%{$kp->{flags}});
@@ -189,11 +189,13 @@ sub AUTOLOAD {
sub check_password {
my ($self, $pwd) = @_;
- my $md5pwd = $self->{password};
+ defined $pwd or return 0; # you gotta give me something (at least ''), or no deal
+
+ my $hashed_pwd = $self->{password};
+ defined $hashed_pwd or return $pwd eq ''; # if the record has a NULL password, accept '' as match
+
# warn sprintf "check_password for %s: '%s' vs. '%s'",($self->{name}||''),($self->{password}||''),($pwd||'');
- (defined $pwd ) or return 0; # you gotta give me something (at least ''), or no deal
- (defined $md5pwd) or return($pwd eq ''); # if the record has a NULL password, accept '' as match
- return (md5_base64($pwd) eq $md5pwd);
+ return checkpw_hash($pwd, $hashed_pwd);
}
# A few special cases, not in AUTOLOADed %fields
--
1.8.1.2
More information about the Koha-patches
mailing list