Make a UserUtil method that encrypts our password properly.

git-svn-id: https://samskivert.googlecode.com/svn/trunk@1173 6335cc39-0255-0410-8fd6-9bcaacd3b74c
This commit is contained in:
mdb
2003-07-20 01:43:59 +00:00
parent 46a1a75da0
commit 14b199df3a
2 changed files with 19 additions and 9 deletions
@@ -1,5 +1,5 @@
//
// $Id: User.java,v 1.8 2002/11/01 00:33:48 mdb Exp $
// $Id: User.java,v 1.9 2003/07/20 01:43:59 mdb Exp $
//
// samskivert library - useful routines for java programs
// Copyright (C) 2001 Michael Bayne
@@ -76,7 +76,7 @@ public class User
*/
public void setPassword (String password)
{
this.password = UserUtil.encryptPassword(username, password, true);
this.password = UserUtil.encryptPassword(username, password);
_dirty.setModified("password");
}
@@ -90,20 +90,20 @@ public class User
}
/**
* Compares the supplied password with the password associated with
* this user record.
* Compares the supplied (unencrypted) password with the password
* associated with this user record.
*
* @return true if the passwords match, false if they do not.
*/
public boolean passwordsMatch (String password)
{
String epasswd1 = UserUtil.encryptPassword(username, password, true);
String epasswd2 = UserUtil.encryptPassword(username, password, false);
String epasswd = UserUtil.encryptPassword(username, password);
String oldpasswd = UserUtil.encryptPassword(username, password, false);
// because we used to be case sensitive, we have to check both
// versions of the encrypted password here for backward
// compatibility
return (this.password.equals(epasswd1) ||
this.password.equals(epasswd2));
return (this.password.equals(epasswd) ||
this.password.equals(oldpasswd));
}
/**
@@ -1,5 +1,5 @@
//
// $Id: UserUtil.java,v 1.8 2002/11/01 00:33:48 mdb Exp $
// $Id: UserUtil.java,v 1.9 2003/07/20 01:43:59 mdb Exp $
//
// samskivert library - useful routines for java programs
// Copyright (C) 2001 Michael Bayne
@@ -43,6 +43,16 @@ public class UserUtil
return StringUtil.md5hex(buf.toString());
}
/**
* Encrypts the supplied username and password and returns the value
* that would be stored in the user record were the password to be
* updated via {@link User#setPassword}.
*/
public static String encryptPassword (String username, String password)
{
return encryptPassword(username, password, true);
}
/**
* Encrypts the user's password according to our preferred scheme.
*