diff options
| author | ivan <ivan> | 2004-03-17 23:16:24 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2004-03-17 23:16:24 +0000 |
| commit | 7deeaf2b76d8e4b072cf54191a9204c39cb860cc (patch) | |
| tree | 577c22bb163708c95a406f8c62a92b12f236e50f | |
| parent | 080031723064a2e3f6475fdc6b1fccf090a6643d (diff) | |
fixup password checking to understand old-style *SUSPENDED* accounts and not to allow access for * ! !! passwords
| -rw-r--r-- | FS/FS/svc_acct.pm | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/FS/FS/svc_acct.pm b/FS/FS/svc_acct.pm index 2b1dc837e..4b51a3671 100644 --- a/FS/FS/svc_acct.pm +++ b/FS/FS/svc_acct.pm @@ -1147,14 +1147,21 @@ Currently supported encryptions are: classic DES crypt() and MD5 sub check_password { my($self, $check_password) = @_; + + #remove old-style SUSPENDED kludge, they should be allowed to login to + #self-service and pay up + ( my $password = $self->_password ) =~ s/^\*SUSPENDED\* //; + #eventually should check a "password-encoding" field - if ( length($self->_password) < 13 ) { #plaintext - $check_password eq $self->_password; - } elsif ( length($self->_password) == 13 ) { #traditional DES crypt - crypt($check_password, $self->_password) eq $self->_password; - } elsif ( $self->_password =~ /^\$1\$/ ) { #MD5 crypt - unix_md5_crypt($check_password, $self->_password) eq $self->_password; - } elsif ( $self->_password =~ /^\$2a?\$/ ) { #Blowfish + if ( $password =~ /^(\*|!!?)$/ ) { #no self-service login + return 0; + } elsif ( length($password) < 13 ) { #plaintext + $check_password eq $password; + } elsif ( length($password) == 13 ) { #traditional DES crypt + crypt($check_password, $password) eq $password; + } elsif ( $password =~ /^\$1\$/ ) { #MD5 crypt + unix_md5_crypt($check_password, $password) eq $password; + } elsif ( $password =~ /^\$2a?\$/ ) { #Blowfish warn "Can't check password: Blowfish encryption not yet supported, svcnum". $self->svcnum. "\n"; 0; |