28
28
# Erik Stambaugh <erik@dasbistro.com>
30
30
package Bugzilla::Auth::Verify::DB;
32
use base qw(Bugzilla::Auth::Verify);
35
34
use Bugzilla::Constants;
36
36
use Bugzilla::Util;
37
37
use Bugzilla::User;
47
my ($class, $type) = @_;
48
return $edit_options->{$type};
52
my ($class, $username, $passwd) = @_;
54
return (AUTH_NODATA) unless defined $username && defined $passwd;
56
my $userid = Bugzilla::User::login_to_id($username);
57
return (AUTH_LOGINFAILED) unless $userid;
59
return (AUTH_LOGINFAILED, $userid)
60
unless $class->check_password($userid, $passwd);
39
sub check_credentials {
40
my ($self, $login_data) = @_;
41
my $dbh = Bugzilla->dbh;
43
my $username = $login_data->{username};
44
my $user_id = login_to_id($username);
46
return { failure => AUTH_NO_SUCH_USER } unless $user_id;
48
$login_data->{bz_username} = $username;
49
my $password = $login_data->{password};
51
trick_taint($username);
52
my ($real_password_crypted) = $dbh->selectrow_array(
53
"SELECT cryptpassword FROM profiles WHERE userid = ?",
56
# Using the internal crypted password as the salt,
57
# crypt the password the user entered.
58
my $entered_password_crypted = crypt($password, $real_password_crypted);
60
return { failure => AUTH_LOGINFAILED }
61
if $entered_password_crypted ne $real_password_crypted;
62
63
# The user's credentials are okay, so delete any outstanding
63
64
# password tokens they may have generated.
64
require Bugzilla::Token;
65
Bugzilla::Token::DeletePasswordTokens($userid, "user_logged_in");
67
# Account may have been disabled
68
my $disabledtext = $class->get_disabled($userid);
69
return (AUTH_DISABLED, $userid, $disabledtext)
70
if $disabledtext ne '';
72
return (AUTH_OK, $userid);
76
my ($class, $userid) = @_;
77
my $dbh = Bugzilla->dbh;
78
my $sth = $dbh->prepare_cached("SELECT disabledtext FROM profiles " .
80
my ($text) = $dbh->selectrow_array($sth, undef, $userid);
85
my ($class, $userid, $passwd) = @_;
86
my $dbh = Bugzilla->dbh;
87
my $sth = $dbh->prepare_cached("SELECT cryptpassword FROM profiles " .
89
my ($realcryptpwd) = $dbh->selectrow_array($sth, undef, $userid);
91
# Get the salt from the user's crypted password.
92
my $salt = $realcryptpwd;
94
# Using the salt, crypt the password the user entered.
95
my $enteredCryptedPassword = crypt($passwd, $salt);
97
return $enteredCryptedPassword eq $realcryptpwd;
65
Bugzilla::Token::DeletePasswordTokens($user_id, "user_logged_in");
100
70
sub change_password {
101
my ($class, $userid, $password) = @_;
71
my ($self, $user, $password) = @_;
102
72
my $dbh = Bugzilla->dbh;
103
73
my $cryptpassword = bz_crypt($password);
104
$dbh->do("UPDATE profiles SET cryptpassword = ? WHERE userid = ?",
105
undef, $cryptpassword, $userid);
74
$dbh->do("UPDATE profiles SET cryptpassword = ? WHERE userid = ?",
75
undef, $cryptpassword, $user->id);
114
Bugzilla::Auth::Verify::DB - database authentication for Bugzilla
118
This is an L<authentication module|Bugzilla::Auth/"AUTHENTICATION"> for
119
Bugzilla, which logs the user in using the password stored in the C<profiles>
120
table. This is the most commonly used authentication module.