OpenACS

donb
committed
MAIN:donb:20090721233933
on 22 Jul 09
Some very archaic PG code that was only working because of weak type checking
in earlier versions. Uncovered by playing with the subsite ad… Show more
Some very archaic PG code that was only working because of weak type checking

in earlier versions.  Uncovered by playing with the subsite admin object type

code.

Show less

openacs-4/.../tcl/security-procs.tcl (+6 -2)
203 203     ad_set_cookie -replace t -max_age 0 ad_secure_token ""
204 204     ad_set_cookie -replace t -max_age 0 ad_user_login ""
205 205     ad_set_cookie -replace t -max_age 0 ad_user_login_secure ""
206 206 }
207 207
208 208 ad_proc -public ad_check_password { user_id password_from_form } { Returns 1 if the password is correct for the given user ID. } {
209 209
210 210     if { ![db_0or1row password_select {select password, salt from users where user_id = :user_id}] } {
211 211         return 0
212 212     }
213 213
214 214     set salt [string trim $salt]
215 215
216 216     if { [string compare $password [ns_sha1 "$password_from_form$salt"]] } {
217 217         return 0
218 218     }
219 219
220 220     return 1
221 221 }
222 222
223   ad_proc -public ad_change_password { user_id new_password } { Changed the user's password } {
224  
  223 ad_proc -public ad_change_password {
  224     user_id
  225     new_password
  226 } {
  227     Change the user's password
  228 } {
225 229     # In case someone wants to change the salt from now on, you can do
226 230     # this and still support old users by changing the salt below.
227 231     set salt [sec_random_token]
228 232     set new_password [ns_sha1 "$new_password$salt"]
229 233     db_dml password_update {}
230 234 }
231 235
232 236 ad_proc -private sec_setup_session { new_user_id } {
233 237
234 238     Set up the session, generating a new one if necessary,
235 239     and generates the cookies necessary for the session
236 240
237 241 } {
238 242     set session_id [ad_conn session_id]
239 243
240 244     # figure out the session id, if we don't already have it
241 245     if { [empty_string_p $session_id]} {
242 246
243 247         # ns_log Notice "OACS= empty session_id"
244 248