1
# -*- Mode: perl; indent-tabs-mode: nil -*-
3
# The contents of this file are subject to the Mozilla Public
4
# License Version 1.1 (the "License"); you may not use this file
5
# except in compliance with the License. You may obtain a copy of
6
# the License at http://www.mozilla.org/MPL/
8
# Software distributed under the License is distributed on an "AS
9
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
10
# implied. See the License for the specific language governing
11
# rights and limitations under the License.
13
# The Original Code is the Bugzilla Bug Tracking System.
15
# The Initial Developer of the Original Code is Netscape Communications
16
# Corporation. Portions created by Netscape are
17
# Copyright (C) 1998 Netscape Communications Corporation. All
20
# Contributor(s): Terry Weissman <terry@mozilla.org>
21
# Dan Mosedale <dmose@mozilla.org>
22
# Joe Robins <jmrobins@tgix.com>
23
# Dave Miller <justdave@syndicomm.com>
24
# Christopher Aillon <christopher@aillon.com>
25
# Gervase Markham <gerv@gerv.net>
26
# Christian Reis <kiko@async.com.br>
27
# Bradley Baetz <bbaetz@acm.org>
28
# Erik Stambaugh <erik@dasbistro.com>
30
package Bugzilla::Auth::Verify::DB;
32
use base qw(Bugzilla::Auth::Verify);
34
use Bugzilla::Constants;
39
sub check_credentials {
40
my ($self, $login_data) = @_;
41
my $dbh = Bugzilla->dbh;
43
my $username = $login_data->{username};
44
my $user_id = login_to_id($username);
46
return { failure => AUTH_NO_SUCH_USER } unless $user_id;
48
$login_data->{bz_username} = $username;
49
my $password = $login_data->{password};
51
trick_taint($username);
52
my ($real_password_crypted) = $dbh->selectrow_array(
53
"SELECT cryptpassword FROM profiles WHERE userid = ?",
56
# Using the internal crypted password as the salt,
57
# crypt the password the user entered.
58
my $entered_password_crypted = crypt($password, $real_password_crypted);
60
return { failure => AUTH_LOGINFAILED }
61
if $entered_password_crypted ne $real_password_crypted;
63
# The user's credentials are okay, so delete any outstanding
64
# password tokens they may have generated.
65
Bugzilla::Token::DeletePasswordTokens($user_id, "user_logged_in");
71
my ($self, $user, $password) = @_;
72
my $dbh = Bugzilla->dbh;
73
my $cryptpassword = bz_crypt($password);
74
$dbh->do("UPDATE profiles SET cryptpassword = ? WHERE userid = ?",
75
undef, $cryptpassword, $user->id);