soundsoftware-site: extra/svn/.svn/text-base/Redmine.pm.svn-base comparison

* Update to SVN trunk revision 4993

comparison

equal deleted inserted replaced

-:8972b600f4fb
+:051f544170fe
 sub RedmineDSN {
 my ($self, $parms, $arg) = @_;
 $self->{RedmineDSN} = $arg;
 my $query = "SELECT
-hashed_password, auth_source_id, permissions
+hashed_password, salt, auth_source_id, permissions
 FROM members, projects, users, roles, member_roles
 WHERE
 projects.id=members.project_id
 AND member_roles.member_id=members.id
 AND users.id=members.user_id
 my $query = $cfg->{RedmineQuery};
 my $sth = $dbh->prepare($query);
 $sth->execute($redmine_user, $project_id);
 my $ret;
-while (my ($hashed_password, $auth_source_id, $permissions) = $sth->fetchrow_array) {
+while (my ($hashed_password, $salt, $auth_source_id, $permissions) = $sth->fetchrow_array) {
 unless ($auth_source_id) {
-	  my $method = $r->method;
+	  			my $method = $r->method;
-if ($hashed_password eq $pass_digest && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {
+my $salted_password = Digest::SHA1::sha1_hex($salt.$pass_digest);
+					if ($hashed_password eq $salted_password && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {
 $ret = 1;
 last;
 }
 } elsif ($CanUseLDAPAuth) {
 my $sthldap = $dbh->prepare(

Mercurial > hg > soundsoftware-site