Check passwords encrypted both ways because we have a bunch of passwords

in our databases that were encrypted in the old manner which need to still
work. We love the legacy we leave.


git-svn-id: https://samskivert.googlecode.com/svn/trunk@884 6335cc39-0255-0410-8fd6-9bcaacd3b74c
This commit is contained in:
mdb
2002-11-01 00:33:48 +00:00
parent 421cf7f1e4
commit 1444f62d0d
2 changed files with 25 additions and 10 deletions
@@ -1,5 +1,5 @@
//
// $Id: User.java,v 1.7 2002/09/18 01:18:51 shaper Exp $
// $Id: User.java,v 1.8 2002/11/01 00:33:48 mdb Exp $
//
// samskivert library - useful routines for java programs
// Copyright (C) 2001 Michael Bayne
@@ -76,7 +76,7 @@ public class User
*/
public void setPassword (String password)
{
this.password = UserUtil.encryptPassword(username, password);
this.password = UserUtil.encryptPassword(username, password, true);
_dirty.setModified("password");
}
@@ -97,8 +97,13 @@ public class User
*/
public boolean passwordsMatch (String password)
{
String epasswd = UserUtil.encryptPassword(username, password);
return this.password.equals(epasswd);
String epasswd1 = UserUtil.encryptPassword(username, password, true);
String epasswd2 = UserUtil.encryptPassword(username, password, false);
// because we used to be case sensitive, we have to check both
// versions of the encrypted password here for backward
// compatibility
return (this.password.equals(epasswd1) ||
this.password.equals(epasswd2));
}
/**
@@ -1,5 +1,5 @@
//
// $Id: UserUtil.java,v 1.7 2002/10/30 18:58:42 mdb Exp $
// $Id: UserUtil.java,v 1.8 2002/11/01 00:33:48 mdb Exp $
//
// samskivert library - useful routines for java programs
// Copyright (C) 2001 Michael Bayne
@@ -45,11 +45,22 @@ public class UserUtil
/**
* Encrypts the user's password according to our preferred scheme.
*
* @param username the username of the user whose password is to be
* encrypted.
* @param password the plaintext of the password to be encrypted.
* @param ignoreUserCase true if the username should be uncapitalized
* prior to performing the encryption so that future password checks
* will work if the user registers as "Bluebeard" but logs in as
* "bluebeard".
*/
public static String encryptPassword (String username, String password)
public static String encryptPassword (
String username, String password, boolean ignoreUserCase)
{
// lets not be (case) sensitive about these things
username = username.toLowerCase();
// perhaps we'll not be too (case) sensitive
if (ignoreUserCase) {
username = username.toLowerCase();
}
return Crypt.crypt(username.substring(0, 2), password);
}
@@ -59,8 +70,7 @@ public class UserUtil
System.err.println("Usage: UserUtil username password");
System.exit(-1);
}
System.out.println("Encrypted password: " +
encryptPassword(args[0], args[1]));
encryptPassword(args[0], args[1], true));
}
}