While cobbling together an Atom implementation for MovableType, I've had to change how passwords are stored. After a quick email from Mark, I changed lib/MT/Author.pm slightly to make the passwords stored in a manner more friendly to the current Atom Authentication Scheme, and allow easy migration of current passwords.
Here is the diff:
--- Author.pm.old Thu May 29 00:04:58 2003
+++ Author.pm Thu Sep 11 09:13:48 2003
@@ -6,6 +6,8 @@
package MT::Author;
use strict;
+use Digest::SHA1 qw( sha1_hex );
+
use MT::Object;
@MT::Author::ISA = qw( MT::Object );
__PACKAGE__->install_properties({
@@ -25,9 +27,8 @@
sub set_password {
my $auth = shift;
my($pass) = @_;
- my @alpha = ('a'..'z', 'A'..'Z', 0..9);
- my $salt = join '', map $alpha[rand @alpha], 1..2;
- $auth->column('password', crypt $pass, $salt);
+ $auth->column ('password',
+ sha1_hex (join (':', $auth->column ('name'), 'MovableType', $pass)));
}
sub is_valid_password {
@@ -35,8 +36,15 @@
my($pass, $crypted) = @_;
$pass ||= '';
my $real_pass = $auth->column('password');
- return $crypted ? $real_pass eq $pass :
- crypt($pass, $real_pass) eq $real_pass;
+ return 1 if ($crypted ? $pass eq $real_pass :
+ sha1_hex (join (':', $auth->column ('name'), 'MovableType', $pass))
+ eq $real_pass);
+ if (crypt ($pass, $real_pass) eq $real_pass) {
+ $auth->set_password ($pass);
+ return 1;
+ }
+
+ return 0;
}
sub remove {; "Feed Stats Widget")
; "Google Referrer")
; "MediaConsumer Template Output")
; "MediaConsumer List Items")
; "MediaConsumer Edit Item")
; "mt-qotd.png")
; "Vox-qotd.png")
Leave a comment