Ok here we go. It is salted like you ask. There was a little trouble
with the way the '$' for the salt were handled when stored, so I drop
them from the string before saving them.
Index: src/www/web_types.py
===================================================================
--- src/www/web_types.py (revision 8885)
+++ src/www/web_types.py (working copy)
@@ -1,4 +1,4 @@
-# -*- coding: iso-8859-1 -*-
+# /bin/bash: indent: command not found
# -----------------------------------------------------------------------
# web_types.py - Classes useful for the web interface.
# -----------------------------------------------------------------------
@@ -27,8 +27,8 @@
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# -----------------------------------------------------------------------
-import base64
-import md5
+from crypt import crypt
+import string
import os, sys, time
@@ -107,13 +107,10 @@
"""
print 'auth_user(self, username=\"%s\", password=\"%s\")' % (username,
'******')
realpass = config.WWW_USERS.get(username)
- if not realpass:
- md5user = md5.new(username + password)
- realpass = config.WWW_USERS.get(base64.b32encode(md5user.digest()))
- md5pass = md5.new(password + username)
- password = base64.b32encode(md5pass.digest())
if realpass == password:
return True
+ elif realpass == crypt(password,'$1$' + str(realpass)[1:-22] +
'$').replace('$',''):
+ return True
else:
return False
Index: src/helpers/passwd.py
===================================================================
--- src/helpers/passwd.py (revision 8885)
+++ src/helpers/passwd.py (working copy)
@@ -27,12 +27,18 @@
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# -----------------------------------------------------------------------
+import re
+import os
+from crypt import crypt
-import base64
-import md5
-
-username_in = raw_input('Enter username:')
-password_in = raw_input('Enter password:')
-password = md5.new(password_in + username_in)
-username = md5.new(username_in + password_in)
-print("'%s' : '%s'" % (base64.b32encode(username.digest()),
base64.b32encode(password.digest())))
+username = raw_input('Enter username:')
+password = raw_input('Enter password:')
+salt = ''
+while len(salt) < 8:
+ char = os.urandom(1)
+ if re.match('[a-zA-Z0-9/.]', char):
+ salt = salt + char
+
+password = crypt(password, '$1$%s$' % salt)
+password = password.replace('$','')
+print("'%s' : '%s'" % (username, password))
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Freevo-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/freevo-devel
