From: zapata <zapata>
Date: Fri, 4 Jul 2003 00:27:31 +0000 (+0000)
Subject: change password bugfix + md5 hashing script for passwords
X-Git-Tag: LATEST_MERGED_1_1~332
X-Git-Url: http://erislabs.net/gitweb/?p=mir.git;a=commitdiff_plain;h=501c06c00d35638c278806e0e3442fd78b622e5b

change password bugfix + md5 hashing script for passwords
---

diff --git a/dbscripts/extra/hashpasswords.sh b/dbscripts/extra/hashpasswords.sh
new file mode 100755
index 00000000..258bf619
--- /dev/null
+++ b/dbscripts/extra/hashpasswords.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# DON'T RUN THIS SCRIPT UNLESS YOU KNOW WHAT YOU ARE DOING
+#
+# bash script to md5-hash all passwords: RUN ONLY ONCE!
+# md5sum needs to be installed
+# 
+# this script is not enough to use md5-hashed passwords: an
+# appropriate localizer needs to be set up as well.
+
+
+usage () {
+  echo "usage: $0 dbname"
+}
+
+if [ $# -ne 1 ]; then
+  usage 
+  exit;
+fi;
+
+
+# to get a backslash in the first pass sql script
+s1="\\"
+# to get a backslash in the second pass sql script
+s2="\\\\"
+# to get an escaped backslash in the second pass sql script:
+s3="\\\\\\\\"
+
+ 
+SCRIPT_FILE="/tmp/hashpasswords.$$.sql"
+
+echo psql $1 -P format=unaligned -t -X -F "" -c \
+  "select '${s2}set hashedpassword ${s1}'${s2}${s1}'${s1}' \`echo -n \"'||password||'\" | md5sum \`   \
+            \"${TEXT_SOURCE_PATH}\$(basename \"' || trim($2) || '\")\"\` ${s1}'${s2}${s1}'\\'\n',  \
+                'update webdb_users set password=:hashedpassword where id = '||id from webdb_users" > $SCRIPT_FILE
+
+
+# execute the script
+#psql -f ${SCRIPT_FILE} -d template1
+cat SCRIPT_FILE
+
+rm ${SCRIPT_FILE}
diff --git a/source/mircoders/servlet/ServletModuleUsers.java b/source/mircoders/servlet/ServletModuleUsers.java
index cb331e41..23333ef8 100755
--- a/source/mircoders/servlet/ServletModuleUsers.java
+++ b/source/mircoders/servlet/ServletModuleUsers.java
@@ -53,6 +53,8 @@ import mircoders.entity.EntityUsers;
 import mircoders.global.MirGlobal;
 import mircoders.module.ModuleUsers;
 import mircoders.storage.DatabaseUsers;
+import mircoders.localizer.*;
+import mircoders.global.*;
 
 /*
  *  ServletModuleUsers -
@@ -193,7 +195,7 @@ public class ServletModuleUsers extends ServletModule
 
       String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
       if (newPassword!=null)
-        withValues.put("password", newPassword);
+        withValues.put("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));
 
       mainModule.set(withValues);
 
@@ -216,7 +218,7 @@ public class ServletModuleUsers extends ServletModule
 
       String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
       if (newPassword!=null) {
-        user.setValueForProperty("password", newPassword);
+        user.setValueForProperty("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));
         user.update();
 
         // hackish: to make sure the cached logged in user is up-to-date: