[interchange] Add salted md5 password support to UserDB.

Dan Browning interchange-cvs at icdevgroup.org
Sat Apr 2 06:39:10 UTC 2011


commit eb8f7db03fcbf74654ab71fcaadfb231b2415ac9
Author: Daniel Browning <db at kavod.com>
Date:   Fri Apr 1 19:47:53 2011 -0700

    Add salted md5 password support to UserDB.
    
    The specific format used here is to store the password and salt in a single
    field, separated by a colon. I used it to convert a Zen Cart store to
    Interchange.
    
    To use this feature, set the following catalog configuration parameters:
    
    UserDB    default    md5_salted    1
    UserDB    default    crypt         1

 lib/Vend/UserDB.pm |   29 +++++++++++++++++++++++++++++
 1 files changed, 29 insertions(+), 0 deletions(-)
---
diff --git a/lib/Vend/UserDB.pm b/lib/Vend/UserDB.pm
index a17b461..54c2bbd 100644
--- a/lib/Vend/UserDB.pm
+++ b/lib/Vend/UserDB.pm
@@ -61,6 +61,34 @@ my %enc_subs = (
         my $obj = shift;
         return Digest::MD5::md5_hex(shift);
     },
+    # This particular md5_salted encryption stores the salt with the password
+    # in colon-separated format: /.+:(..)/. It is compatible with Zen Cart.
+    # Detecting context based on the length of the mystery meat is a little
+    # hokey; it would be more ideal to specify or detect the context 
+    # explicitly in/from the object itself (or as a named/separate parameter).
+    md5_salted => sub {
+        my ($obj, $password, $mystery_meat) = @_;
+
+        my $encrypted;
+        my $return_salt;
+        my $mystery_meat_length = length $mystery_meat;
+        if ($mystery_meat_length == 35) {
+            # Extract only the salt; we don't need the database password here.
+            my (undef, $db_salt) = split(':', $mystery_meat);
+            $encrypted = Digest::MD5::md5_hex($db_salt . $password);
+            $return_salt = $db_salt;
+        }
+        else {
+            if ($mystery_meat_length != 2) {
+                # Assume the mystery meat is a salt and soldier on anyway.
+                ::logError("Unrecognized salt for md5_salted encryption.");
+            }
+            $return_salt = $mystery_meat;
+            $encrypted = Digest::MD5::md5_hex($return_salt . $password);
+        }
+
+        return "$encrypted:$return_salt";
+    },
     sha1 => sub {
         my $obj = shift;
         unless ($HAVE_SHA1) {
@@ -77,6 +105,7 @@ my %enc_subs = (
 my %enc_id = qw/
     13  default
     32  md5
+    35  md5_salted
     40  sha1
 /;
 



More information about the interchange-cvs mailing list