remove support for plain-text passwords

author Andrew Dolgov <fox@bah.spb.su>

Tue, 7 Mar 2006 11:25:44 +0000 (12:25 +0100)

committer Andrew Dolgov <fox@bah.spb.su>

Tue, 7 Mar 2006 11:25:44 +0000 (12:25 +0100)
author Andrew Dolgov <fox@bah.spb.su>
Tue, 7 Mar 2006 11:25:44 +0000 (12:25 +0100)
committer Andrew Dolgov <fox@bah.spb.su>
Tue, 7 Mar 2006 11:25:44 +0000 (12:25 +0100)
diff --git a/functions.php b/functions.php

index 931774cfdf89b427cacc3e7788f6508b2c0edc68..a7a17f9b5546461b76bb9c2ae0277f7834cdbba9 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -740,8 +740,7 @@
                 $pwd_hash = 'SHA1:' . sha1($password);
  
                 $result = db_query($link, "SELECT id,login,access_level FROM ttrss_users WHERE 
-                       login = '$login' AND ((pwd_hash = '$password' AND '$password' = 'password')
-                               OR pwd_hash = '$pwd_hash')");
+                       login = '$login' AND pwd_hash = '$pwd_hash'");
  
                 if (db_num_rows($result) == 1) {
                         $_SESSION["uid"] = db_fetch_result($result, 0, "id");
diff --git a/schema/ttrss_schema_mysql.sql b/schema/ttrss_schema_mysql.sql

index c2357f5b53f1378c6b0386395e3e5079e1deeb4a..a5a6f1db4c7f04c7c73b08f2d740d26ab97f97e1 100644 (file)
--- a/schema/ttrss_schema_mysql.sql
+++ b/schema/ttrss_schema_mysql.sql
@@ -34,7 +34,8 @@ create table ttrss_users (id integer primary key not null auto_increment,
         index (theme_id),
         foreign key (theme_id) references ttrss_themes(id)) TYPE=InnoDB;
  
-insert into ttrss_users (login,pwd_hash,access_level) values ('admin', 'password', 10);
+insert into ttrss_users (login,pwd_hash,access_level) values ('admin', 
+       'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', 10);
  
  create table ttrss_feed_categories(id integer not null primary key auto_increment,
         owner_uid integer not null,
diff --git a/schema/ttrss_schema_pgsql.sql b/schema/ttrss_schema_pgsql.sql

index 2ac43fd6dac48034347fd0e63a0bc7df31f6010c..4c064bed69ac5f8e52425d06700f4f82c609b94f 100644 (file)
--- a/schema/ttrss_schema_pgsql.sql
+++ b/schema/ttrss_schema_pgsql.sql
@@ -32,7 +32,8 @@ create table ttrss_users (id serial not null primary key,
         email varchar(250) not null default '',
         theme_id integer references ttrss_themes(id) default null);
  
-insert into ttrss_users (login,pwd_hash,access_level) values ('admin', 'password', 10);
+insert into ttrss_users (login,pwd_hash,access_level) values ('admin', 
+       'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', 10);
  
  create table ttrss_feed_categories(id serial not null primary key,
         owner_uid integer not null references ttrss_users(id) on delete cascade,
author	Andrew Dolgov <fox@bah.spb.su>
	Tue, 7 Mar 2006 11:25:44 +0000 (12:25 +0100)
committer	Andrew Dolgov <fox@bah.spb.su>
	Tue, 7 Mar 2006 11:25:44 +0000 (12:25 +0100)
functions.php		patch \| blob \| history
schema/ttrss_schema_mysql.sql		patch \| blob \| history
schema/ttrss_schema_pgsql.sql		patch \| blob \| history