X-Git-Url: https://git.sesse.net/?p=pr0n;a=blobdiff_plain;f=perl%2FSesse%2Fpr0n%2FCommon.pm;h=d72e0cb967892c6921b80944f64d5d962afc9423;hp=f98d16fe28dbba3e77719e61c7d94a520574e83e;hb=3d40b6487a2276c403022a1534eb943a5374ebc5;hpb=99d9f0c703c79fe70a4874d0d658944e150f15d6

diff --git a/perl/Sesse/pr0n/Common.pm b/perl/Sesse/pr0n/Common.pm
index f98d16f..d72e0cb 100644
--- a/perl/Sesse/pr0n/Common.pm
+++ b/perl/Sesse/pr0n/Common.pm
@@ -13,8 +13,6 @@ use DBD::Pg;
 use Image::Magick;
 use IO::String;
 use POSIX;
-use Digest::SHA;
-use Digest::HMAC_SHA1;
 use MIME::Base64;
 use MIME::Types;
 use LWP::Simple;
@@ -34,7 +32,7 @@ BEGIN {
 		require Sesse::pr0n::Config_local;
 	};
 
-	$VERSION     = "v3.00";
+	$VERSION     = "v3.01";
 	@ISA         = qw(Exporter);
 	@EXPORT      = qw(&error &dberror);
 	%EXPORT_TAGS = qw();
@@ -130,7 +128,8 @@ sub get_query_string {
 	my $first = 1;
 	my $str = "";
 
-	while (my ($key, $value) = each %$param) {
+	for my $key (sort keys %$param) {
+		my $value = $param->{$key};
 		next unless defined($value);
 		next if (defined($defparam->{$key}) && $value == $defparam->{$key});
 
@@ -342,35 +341,16 @@ sub check_basic_auth {
 	my ($raw_user, $pass) = split /:/, MIME::Base64::decode_base64($auth);
 	my ($user, $takenby) = extract_takenby($raw_user);
 
-	my $ref = $dbh->selectrow_hashref('SELECT sha1password,cryptpassword FROM users WHERE username=? AND vhost=?',
+	my $ref = $dbh->selectrow_hashref('SELECT cryptpassword FROM users WHERE username=? AND vhost=?',
 		undef, $user, Sesse::pr0n::Common::get_server_name($r));
-	my ($sha1_matches, $bcrypt_matches) = (0, 0);
-	if (defined($ref) && defined($ref->{'sha1password'})) {
-		$sha1_matches = (Digest::SHA::sha1_base64($pass) eq $ref->{'sha1password'});
-	}
-	if (defined($ref) && defined($ref->{'cryptpassword'})) {
-		$bcrypt_matches = (Crypt::Eksblowfish::Bcrypt::bcrypt($pass, $ref->{'cryptpassword'}) eq $ref->{'cryptpassword'});
-	}
-
-	if (!defined($ref) || (!$sha1_matches && !$bcrypt_matches)) {
+	my $bcrypt_matches = 0;
+	if (!defined($ref) || Crypt::Eksblowfish::Bcrypt::bcrypt($pass, $ref->{'cryptpassword'}) ne $ref->{'cryptpassword'}) {
 		$r->content_type('text/plain; charset=utf-8');
 		log_warn($r, "Authentication failed for $user/$takenby");
 		return undef;
 	}
 	log_info($r, "Authentication succeeded for $user/$takenby");
 
-	# Make sure we can use bcrypt authentication in the future with this password.
-	# Also remove old-style SHA1 password when we migrate.
-	if (!$bcrypt_matches) {
-		my $salt = get_pseudorandom_bytes(16);  # Doesn't need to be cryptographically secur.
-		my $hash = "\$2a\$07\$" . Crypt::Eksblowfish::Bcrypt::en_base64($salt);
-		my $cryptpassword = Crypt::Eksblowfish::Bcrypt::bcrypt($pass, $hash);
-		$dbh->do('UPDATE users SET sha1password=NULL,cryptpassword=? WHERE username=? AND vhost=?',
-			undef, $cryptpassword, $user, Sesse::pr0n::Common::get_server_name($r))
-			or die "Couldn't update: " . $dbh->errstr;
-		log_info($r, "Updated bcrypt hash for $user");
-	}
-
 	return ($user, $takenby);
 }