[PHP-WEBMASTER] [web-master] main: Drop code for handling md5 passwords

Wed, 07 Apr 2021 02:04:40 -0700 

Author: Nikita Popov (nikic)
Date: 2021-04-07T11:04:07+02:00

Commit: 
https://github.com/php/web-master/commit/c25e9bd288ce90464fdbae363ea4b0825a042663
Raw diff: 
https://github.com/php/web-master/commit/c25e9bd288ce90464fdbae363ea4b0825a042663.diff

Drop code for handling md5 passwords

As we reset all passwords anyway, there's no need to handle
upgrade anymore.

Changed paths:
  M  README.md
  M  include/cvs-auth.inc


Diff:

diff --git a/README.md b/README.md
index 032c1a8..7724794 100644
--- a/README.md
+++ b/README.md
@@ -16,8 +16,8 @@ GRANT ALL PRIVILEGES ON phpmasterdb.* TO 'nobody'@'localhost';
 mysql -unobody phpmasterdb < users.sql
 
 # Create user test:test
-INSERT INTO users (username, svnpasswd, cvsaccess) VALUES ('test', 
'd45a6c7dfc5b0dbb3567e28900d47f50', 1);
+INSERT INTO users (username, svnpasswd, cvsaccess) VALUES ('test', 
'$2y$10$iGHyxmfHI62Xyr3DPf8faOPCvmU1UMVMlhJQ/FqooqgPJ3STMHTyG', 1);
 
 # Run server (must have mysql ext)
 php -S localhost:8000 -d include_path="include/" 
-derror_reporting="E_ALL&~E_DEPRECATED"
-```
\ No newline at end of file
+```
diff --git a/include/cvs-auth.inc b/include/cvs-auth.inc
index 2e60be6..356f20b 100644
--- a/include/cvs-auth.inc
+++ b/include/cvs-auth.inc
@@ -1,12 +1,4 @@
 <?php // vim: et ts=4 sw=4
-/* $Id$ */
-
-
-define("REALM", "PHP Subversion Repository");
-
-function gen_legacy_svn_pass($username, $password) {
-         return md5(sprintf("%s:%s:%s", $username, REALM, $password));
-}
 
 function gen_pass($password) {
     return password_hash($password, PASSWORD_BCRYPT);
@@ -20,18 +12,6 @@ function verify_password($user, $pass)
 
     if ($res && mysql_num_rows($res) == 1) {
         $row = mysql_fetch_array($res);
-        if (strlen($row['svnpasswd']) == 32) {
-            // Legacy md5 password.
-            if (gen_legacy_svn_pass($user, $pass) !== $row["svnpasswd"]) {
-                return false;
-            }
-
-            // Upgrade to new password hash.
-            $newHash = gen_pass($pass);
-            db_query_safe("UPDATE users SET svnpasswd = ? WHERE username = ?", 
[$newHash, $user]);
-            return true;
-        }
-
         return password_verify($pass, $row['svnpasswd']);
     }
 

-- 
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to