Author: spadkins
Date: Thu Jul 9 08:23:39 2009
New Revision: 13024
Modified:
p5ee/trunk/App-Repository/lib/App/Authentication/Repository.pm
Log:
updated to allow for use of apache_md5_crypt, with a fallback upon the standard
crypt function to support backward compatibility
Modified: p5ee/trunk/App-Repository/lib/App/Authentication/Repository.pm
==============================================================================
--- p5ee/trunk/App-Repository/lib/App/Authentication/Repository.pm
(original)
+++ p5ee/trunk/App-Repository/lib/App/Authentication/Repository.pm Thu Jul
9 08:23:39 2009
@@ -10,6 +10,7 @@
use App::Authentication;
@ISA = ( "App::Authentication" );
+use Crypt::PasswdMD5 qw(apache_md5_crypt);
use strict;
=head1 NAME
@@ -97,9 +98,17 @@
$pword = $db->get($table, { "$username_column.eq" => $username },
$password_column);
}
if ($pword) {
- my $crypt = crypt($password, $pword);
+ # support more secure md5 algorithm.
+ my $crypt = apache_md5_crypt( $password, $pword );
$valid = ($pword eq $crypt) ? 1 : 0;
+
+ if (!$valid) {
+ # backwards compatibility with older crypt.
+ my $crypt = crypt($password, $pword);
+ $valid = ($pword eq $crypt) ? 1 : 0;
+ }
}
+
&App::sub_exit($valid) if ($App::trace);
return($valid);
}
