[Freevo-cvslog] r8896 - in branches/rel-1/freevo/src: www

Mon, 01 Jan 2007 11:47:32 -0800 

Author: tack
Date: Mon Jan  1 19:47:27 2007
New Revision: 8896

Modified:
   branches/rel-1/freevo/src/helpers/passwd.py
   branches/rel-1/freevo/src/www/web_types.py

Log:
Adapt web-server password code to store password using unix crypt().  If
password is not stored in crypt form, assume it's plaintext.


Modified: branches/rel-1/freevo/src/helpers/passwd.py
==============================================================================
--- branches/rel-1/freevo/src/helpers/passwd.py (original)
+++ branches/rel-1/freevo/src/helpers/passwd.py Mon Jan  1 19:47:27 2007
@@ -29,10 +29,28 @@
 # -----------------------------------------------------------------------
 
 import base64
-import md5
+import crypt
+import string
+import os
+import sys
 
-username_in = raw_input('Enter username:')
-password_in = raw_input('Enter password:')
-password = md5.new(password_in + username_in)
-username = md5.new(username_in + password_in)
-print("'%s' : '%s'" % (base64.b32encode(username.digest()), 
base64.b32encode(password.digest())))
+username = raw_input('Username: ')
+try:
+    os.system("stty -echo")
+    password1 = raw_input('Password: ')
+    password2 = raw_input('\nRetype Password: ')
+    os.system("stty echo")
+except KeyboardInterrupt, SystemExit:
+    print
+    os.system("stty echo")
+    sys.exit(0)
+
+if password1 != password2:
+    print "\nPasswords don't match; try again."
+    sys.exit(1)
+
+salt_chars = string.letters + string.digits + '/.'
+salt = [ salt_chars[ord(x) % len(salt_chars)] for x in os.urandom(8) ]
+cryptpass = crypt.crypt(password1, '$1$%s$' % "".join(salt))
+print "\n\nAdd this line to WWW_USERS in local_conf.py:"
+print "'%s' : '%s'" % (username, cryptpass)

Modified: branches/rel-1/freevo/src/www/web_types.py
==============================================================================
--- branches/rel-1/freevo/src/www/web_types.py  (original)
+++ branches/rel-1/freevo/src/www/web_types.py  Mon Jan  1 19:47:27 2007
@@ -28,7 +28,8 @@
 #
 # -----------------------------------------------------------------------
 import base64
-import md5
+import crypt
+import re
 
 import os, sys, time
 
@@ -106,16 +107,15 @@
         If authentication is successfull it returns True otherwise False.
         """
         print 'auth_user(self, username=\"%s\", password=\"%s\")' % (username, 
'******')
-        realpass = config.WWW_USERS.get(username)
-        if not realpass:
-            md5user = md5.new(username + password)
-            realpass = config.WWW_USERS.get(base64.b32encode(md5user.digest()))
-            md5pass = md5.new(password + username)
-            password = base64.b32encode(md5pass.digest())
-        if realpass == password:
-            return True
-        else:
+        cryptpass = config.WWW_USERS.get(username)
+        if not cryptpass:
             return False
+        m = re.match(r'^(\$1\$[a-zA-Z\d/.]{8}\$)', cryptpass)
+        if m:
+            # Password is in crypt()ed form.
+            return cryptpass == crypt.crypt(password, m.group(1))
+        # Assume password is stored as plaintext
+        return cryptpass == password
 
 
 

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Freevo-cvslog mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/freevo-cvslog

Reply via email to