summaryrefslogtreecommitdiff
path: root/FS
diff options
context:
space:
mode:
authorivan <ivan>2004-03-17 23:16:21 +0000
committerivan <ivan>2004-03-17 23:16:21 +0000
commit32ce27b2183644a901bc79f16278ae750537fbdd (patch)
tree60abb9994be5c370b041e5cb915dfa903623c75e /FS
parent3fe2bdd02f71c30a4d2bb29fdf3e63f416fd92d7 (diff)
fixup password checking to understand old-style *SUSPENDED* accounts and not to allow access for * ! !! passwords
Diffstat (limited to 'FS')
-rw-r--r--FS/FS/svc_acct.pm21
1 files changed, 14 insertions, 7 deletions
diff --git a/FS/FS/svc_acct.pm b/FS/FS/svc_acct.pm
index 991cedd21..4ea52520c 100644
--- a/FS/FS/svc_acct.pm
+++ b/FS/FS/svc_acct.pm
@@ -1128,14 +1128,21 @@ Currently supported encryptions are: classic DES crypt() and MD5
sub check_password {
my($self, $check_password) = @_;
+
+ #remove old-style SUSPENDED kludge, they should be allowed to login to
+ #self-service and pay up
+ ( my $password = $self->_password ) =~ s/^\*SUSPENDED\* //;
+
#eventually should check a "password-encoding" field
- if ( length($self->_password) < 13 ) { #plaintext
- $check_password eq $self->_password;
- } elsif ( length($self->_password) == 13 ) { #traditional DES crypt
- crypt($check_password, $self->_password) eq $self->_password;
- } elsif ( $self->_password =~ /^\$1\$/ ) { #MD5 crypt
- unix_md5_crypt($check_password, $self->_password) eq $self->_password;
- } elsif ( $self->_password =~ /^\$2a?\$/ ) { #Blowfish
+ if ( $password =~ /^(\*|!!?)$/ ) { #no self-service login
+ return 0;
+ } elsif ( length($password) < 13 ) { #plaintext
+ $check_password eq $password;
+ } elsif ( length($password) == 13 ) { #traditional DES crypt
+ crypt($check_password, $password) eq $password;
+ } elsif ( $password =~ /^\$1\$/ ) { #MD5 crypt
+ unix_md5_crypt($check_password, $password) eq $password;
+ } elsif ( $password =~ /^\$2a?\$/ ) { #Blowfish
warn "Can't check password: Blowfish encryption not yet supported, svcnum".
$self->svcnum. "\n";
0;