X-Git-Url: https://git.sesse.net/?p=pr0n;a=blobdiff_plain;f=perl%2FSesse%2Fpr0n%2FCommon.pm;h=d85ce6aa896508923424d1c699551badfee9b138;hp=ebcf408a866db140b1db75540b1f36932d6cc7f5;hb=d0e9a452e8354fe827162ad367b4bf5bf2f76ff2;hpb=1a510dfa9c7cf801e9189f3ed329ef29b3526d65 diff --git a/perl/Sesse/pr0n/Common.pm b/perl/Sesse/pr0n/Common.pm index ebcf408..d85ce6a 100644 --- a/perl/Sesse/pr0n/Common.pm +++ b/perl/Sesse/pr0n/Common.pm @@ -369,19 +369,25 @@ sub check_basic_auth { my ($raw_user, $pass) = split /:/, MIME::Base64::decode_base64($auth); my ($user, $takenby) = extract_takenby($raw_user); - my $oldpass = $pass; - $pass = Digest::SHA1::sha1_base64($pass); - my $ref = $dbh->selectrow_hashref('SELECT count(*) AS auth FROM users WHERE username=? AND sha1password=? AND vhost=?', - undef, $user, $pass, $r->get_server_name); - if ($ref->{'auth'} != 1) { + my $ref = $dbh->selectrow_hashref('SELECT sha1password,digest_ha1_hex FROM users WHERE username=? AND vhost=?', + undef, $user, $r->get_server_name); + if (!defined($ref) || $ref->{'sha1password'} ne Digest::SHA1::sha1_base64($pass)) { $r->content_type('text/plain; charset=utf-8'); $r->log->warn("Authentication failed for $user/$takenby"); output_401($r); return undef; } - $r->log->info("Authentication succeeded for $user/$takenby"); + # Make sure we can use Digest authentication in the future with this password. + my $ha1 = Digest::MD5::md5_hex($user . ':pr0n.sesse.net:' . $pass); + if (!defined($ref->{'digest_ha1_hex'}) || $ref->{'digest_ha1_hex'} ne $ha1) { + $dbh->do('UPDATE users SET digest_ha1_hex=? WHERE username=? AND vhost=?', + undef, $ha1, $user, $r->get_server_name) + or die "Couldn't update: " . $dbh->errstr; + $r->log->info("Updated Digest auth hash for for $user"); + } + return ($user, $takenby); } @@ -1125,7 +1131,7 @@ sub get_all_cache_urls { } elsif ($fname =~ /^$id-(\d+)-(\d+)-box\.png$/) { push @ret, "/$event/$1x$2/box/$filename"; } else { - $r->log->warning("Couldn't find a purging URL for $fname"); + $r->log->warn("Couldn't find a purging URL for $fname"); } }