[interchange] Add salted md5 password support to UserDB.
Dan Browning
interchange-cvs at icdevgroup.org
Sat Apr 2 06:39:10 UTC 2011
commit eb8f7db03fcbf74654ab71fcaadfb231b2415ac9
Author: Daniel Browning <db at kavod.com>
Date: Fri Apr 1 19:47:53 2011 -0700
Add salted md5 password support to UserDB.
The specific format used here is to store the password and salt in a single
field, separated by a colon. I used it to convert a Zen Cart store to
Interchange.
To use this feature, set the following catalog configuration parameters:
UserDB default md5_salted 1
UserDB default crypt 1
lib/Vend/UserDB.pm | 29 +++++++++++++++++++++++++++++
1 files changed, 29 insertions(+), 0 deletions(-)
---
diff --git a/lib/Vend/UserDB.pm b/lib/Vend/UserDB.pm
index a17b461..54c2bbd 100644
--- a/lib/Vend/UserDB.pm
+++ b/lib/Vend/UserDB.pm
@@ -61,6 +61,34 @@ my %enc_subs = (
my $obj = shift;
return Digest::MD5::md5_hex(shift);
},
+ # This particular md5_salted encryption stores the salt with the password
+ # in colon-separated format: /.+:(..)/. It is compatible with Zen Cart.
+ # Detecting context based on the length of the mystery meat is a little
+ # hokey; it would be more ideal to specify or detect the context
+ # explicitly in/from the object itself (or as a named/separate parameter).
+ md5_salted => sub {
+ my ($obj, $password, $mystery_meat) = @_;
+
+ my $encrypted;
+ my $return_salt;
+ my $mystery_meat_length = length $mystery_meat;
+ if ($mystery_meat_length == 35) {
+ # Extract only the salt; we don't need the database password here.
+ my (undef, $db_salt) = split(':', $mystery_meat);
+ $encrypted = Digest::MD5::md5_hex($db_salt . $password);
+ $return_salt = $db_salt;
+ }
+ else {
+ if ($mystery_meat_length != 2) {
+ # Assume the mystery meat is a salt and soldier on anyway.
+ ::logError("Unrecognized salt for md5_salted encryption.");
+ }
+ $return_salt = $mystery_meat;
+ $encrypted = Digest::MD5::md5_hex($return_salt . $password);
+ }
+
+ return "$encrypted:$return_salt";
+ },
sha1 => sub {
my $obj = shift;
unless ($HAVE_SHA1) {
@@ -77,6 +105,7 @@ my %enc_subs = (
my %enc_id = qw/
13 default
32 md5
+ 35 md5_salted
40 sha1
/;
More information about the interchange-cvs
mailing list