OpenACS

lars
committed
MAIN:lars:20030916093052
on 16 Sep 03
Stubbing forgot to handle defaulted proc arguments correctly
openacs-4/.../tcl/security-procs.tcl (+6 -2)
203 203     ad_set_cookie -replace t -max_age 0 ad_secure_token ""
204 204     ad_set_cookie -replace t -max_age 0 ad_user_login ""
205 205     ad_set_cookie -replace t -max_age 0 ad_user_login_secure ""
206 206 }
207 207
208 208 ad_proc -public ad_check_password { user_id password_from_form } { Returns 1 if the password is correct for the given user ID. } {
209 209
210 210     if { ![db_0or1row password_select {select password, salt from users where user_id = :user_id}] } {
211 211         return 0
212 212     }
213 213
214 214     set salt [string trim $salt]
215 215
216 216     if { [string compare $password [ns_sha1 "$password_from_form$salt"]] } {
217 217         return 0
218 218     }
219 219
220 220     return 1
221 221 }
222 222
223   ad_proc -public ad_change_password { user_id new_password } { Changed the user's password } {
224  
  223 ad_proc -public ad_change_password {
  224     user_id
  225     new_password
  226 } {
  227     Change the user's password
  228 } {
225 229     # In case someone wants to change the salt from now on, you can do
226 230     # this and still support old users by changing the salt below.
227 231     set salt [sec_random_token]
228 232     set new_password [ns_sha1 "$new_password$salt"]
229 233     db_dml password_update {}
230 234 }
231 235
232 236 ad_proc -private sec_setup_session { new_user_id } {
233 237
234 238     Set up the session, generating a new one if necessary,
235 239     and generates the cookies necessary for the session
236 240
237 241 } {
238 242     set session_id [ad_conn session_id]
239 243
240 244     # figure out the session id, if we don't already have it
241 245     if { [empty_string_p $session_id]} {
242 246
243 247         # ns_log Notice "OACS= empty session_id"
244 248