No longer salting login user name
authorJean-Michel Vourgère <jvourger@greenpeace.org>
Thu, 23 Feb 2017 17:51:05 +0000 (06:51 +1300)
committerJean-Michel Vourgère <jvourger@greenpeace.org>
Thu, 23 Feb 2017 17:51:05 +0000 (06:51 +1300)
Password is more than enough.

index.php
squasher.class.php
templates/login.tpl

index 429eefb301c0c3f8816544c00ede5b4912077ab0..569a184fd28d33d0d87f7c0b365d469b528fdeba 100644 (file)
--- a/index.php
+++ b/index.php
@@ -13,13 +13,8 @@ $tools=$_GET[tools];
 
 foreach($_POST AS $key => $value) $submitted[$key]=$value;
 
-$saltplus=md5($_SERVER[REMOTE_ADDR].":".$_SERVER[REMOTE_PORT]."|".$_SERVER[HTTP_USER_AGENT]);
 $salt=md5($_SERVER[REMOTE_ADDR]."|".$_SERVER[HTTP_USER_AGENT]);
 
-//(md5(md5('jasper').$salt) == $vars[user]) ? $vun = "Username validated" : $vun = "Username incorrect";
-//(md5(md5('test'  ).$salt) == $vars[pass]) ? $vpw = "Password validated" : $vpw = "Password incorrect";
-//echo $vun . ' <br/> ' . $vpw;
-
 if ($tools=="logout"){
        session_destroy();
        $_SESSION[creds][validated]=false;
@@ -43,8 +38,6 @@ require_once("smarty/Smarty.class.php");
 $smarty = new Smarty;
 
 $smarty->assign('salt',$salt);
-$smarty->assign('vun',$vun);
-$smarty->assign('vpw',$vpw);
 $smarty->assign('debug',$debug);
 $smarty->display('login.tpl');
 
index 4e3a4cf1c530bfc31f3418ed8b3fe26b6165ec5e..c845f062a920071a50e622ddb35df775d9d3380c 100644 (file)
@@ -24,7 +24,7 @@ function validate_user($vars,$salt){
        $query="SELECT * FROM users";
        $q_result = mysql_query($query);
        while ($fetched_object = mysql_fetch_object($q_result)){
-               if (md5(md5($fetched_object->user_name).$salt) == $vars[user]){
+               if ($fetched_object->user_name == $vars[user]){
                        if (md5($fetched_object->user_pass.$salt) == $vars[pass]){
                                //validated
                                $creds[user_id] = $fetched_object->user_id;
index 48b700b1f980fcf9af886acb88dcdd608d947739..cfdc828aaa410d02a29ac6d5e72561aab6f8d5cc 100644 (file)
@@ -133,7 +133,6 @@ color:#E2EBD8;
 <script language="javascript">
 function hasher(){ldelim}
        var salt = '{$salt}';
-       document.loginform.user.value=hex_md5(hex_md5(document.loginform.user.value)+salt);
        document.loginform.pass.value=hex_md5(hex_md5(document.loginform.pass.value)+salt);
 {rdelim}
 </script>