Check passwords encrypted both ways because we have a bunch of passwords
in our databases that were encrypted in the old manner which need to still work. We love the legacy we leave. git-svn-id: https://samskivert.googlecode.com/svn/trunk@884 6335cc39-0255-0410-8fd6-9bcaacd3b74c
This commit is contained in:
@@ -1,5 +1,5 @@
|
||||
//
|
||||
// $Id: User.java,v 1.7 2002/09/18 01:18:51 shaper Exp $
|
||||
// $Id: User.java,v 1.8 2002/11/01 00:33:48 mdb Exp $
|
||||
//
|
||||
// samskivert library - useful routines for java programs
|
||||
// Copyright (C) 2001 Michael Bayne
|
||||
@@ -76,7 +76,7 @@ public class User
|
||||
*/
|
||||
public void setPassword (String password)
|
||||
{
|
||||
this.password = UserUtil.encryptPassword(username, password);
|
||||
this.password = UserUtil.encryptPassword(username, password, true);
|
||||
_dirty.setModified("password");
|
||||
}
|
||||
|
||||
@@ -97,8 +97,13 @@ public class User
|
||||
*/
|
||||
public boolean passwordsMatch (String password)
|
||||
{
|
||||
String epasswd = UserUtil.encryptPassword(username, password);
|
||||
return this.password.equals(epasswd);
|
||||
String epasswd1 = UserUtil.encryptPassword(username, password, true);
|
||||
String epasswd2 = UserUtil.encryptPassword(username, password, false);
|
||||
// because we used to be case sensitive, we have to check both
|
||||
// versions of the encrypted password here for backward
|
||||
// compatibility
|
||||
return (this.password.equals(epasswd1) ||
|
||||
this.password.equals(epasswd2));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
//
|
||||
// $Id: UserUtil.java,v 1.7 2002/10/30 18:58:42 mdb Exp $
|
||||
// $Id: UserUtil.java,v 1.8 2002/11/01 00:33:48 mdb Exp $
|
||||
//
|
||||
// samskivert library - useful routines for java programs
|
||||
// Copyright (C) 2001 Michael Bayne
|
||||
@@ -45,11 +45,22 @@ public class UserUtil
|
||||
|
||||
/**
|
||||
* Encrypts the user's password according to our preferred scheme.
|
||||
*
|
||||
* @param username the username of the user whose password is to be
|
||||
* encrypted.
|
||||
* @param password the plaintext of the password to be encrypted.
|
||||
* @param ignoreUserCase true if the username should be uncapitalized
|
||||
* prior to performing the encryption so that future password checks
|
||||
* will work if the user registers as "Bluebeard" but logs in as
|
||||
* "bluebeard".
|
||||
*/
|
||||
public static String encryptPassword (String username, String password)
|
||||
public static String encryptPassword (
|
||||
String username, String password, boolean ignoreUserCase)
|
||||
{
|
||||
// lets not be (case) sensitive about these things
|
||||
username = username.toLowerCase();
|
||||
// perhaps we'll not be too (case) sensitive
|
||||
if (ignoreUserCase) {
|
||||
username = username.toLowerCase();
|
||||
}
|
||||
return Crypt.crypt(username.substring(0, 2), password);
|
||||
}
|
||||
|
||||
@@ -59,8 +70,7 @@ public class UserUtil
|
||||
System.err.println("Usage: UserUtil username password");
|
||||
System.exit(-1);
|
||||
}
|
||||
|
||||
System.out.println("Encrypted password: " +
|
||||
encryptPassword(args[0], args[1]));
|
||||
encryptPassword(args[0], args[1], true));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user