From 085cfc6bca30718a6d719d645709097cf86f01db Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Thu, 11 Oct 2018 12:00:31 +0200 Subject: [PATCH] Bug 21547: Use set_password in opac-passwd and remove sub goodkey Remove sql statement to change password by calling set_password. Remove sub goodkey by calling C4::Auth::checkpw_hash. Adding the scalar before param Oldkey (from bug 21036). Rebased on top of 21178 (using set_password instead of update_password). Test plan: Try to change password in OPAC with good and bad pw. Signed-off-by: Marcel de Rooy Signed-off-by: Owen Leonard Signed-off-by: Tomas Cohen Arazi Signed-off-by: Nick Clemens --- opac/opac-passwd.pl | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/opac/opac-passwd.pl b/opac/opac-passwd.pl index b58bc14865..f183506f27 100755 --- a/opac/opac-passwd.pl +++ b/opac/opac-passwd.pl @@ -46,7 +46,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user( my $patron = Koha::Patrons->find( $borrowernumber ); if ( C4::Context->preference("OpacPasswordChange") ) { - my $sth = $dbh->prepare("UPDATE borrowers SET password = ? WHERE borrowernumber=?"); if ( $query->param('Oldkey') && $query->param('Newkey') && $query->param('Confirm') ) @@ -54,7 +53,7 @@ if ( C4::Context->preference("OpacPasswordChange") ) { my $error; my $new_password = $query->param('Newkey'); my $confirm_password = $query->param('Confirm'); - if ( goodkey( $dbh, $borrowernumber, $query->param('Oldkey') ) ) { + if ( C4::Auth::checkpw_hash( scalar $query->param('Oldkey'), $patron->password ) ) { if ( $new_password ne $confirm_password ) { $template->param( 'Ask_data' => '1' ); @@ -68,8 +67,7 @@ if ( C4::Context->preference("OpacPasswordChange") ) { $error = 'password_has_whitespaces' if $error eq 'has_whitespaces'; } else { # Password is valid and match - my $clave = hash_password( $new_password ); - $sth->execute( $clave, $borrowernumber ); + $patron->set_password( $new_password ); $template->param( 'password_updated' => '1' ); $template->param( 'borrowernumber' => $borrowernumber ); } @@ -111,23 +109,3 @@ $template->param( output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 }; - -sub goodkey { - my ( $dbh, $borrowernumber, $key ) = @_; - - my $sth = - $dbh->prepare("SELECT password FROM borrowers WHERE borrowernumber=?"); - $sth->execute($borrowernumber); - if ( $sth->rows ) { - my $hash; - my ($stored_hash) = $sth->fetchrow; - if ( substr($stored_hash,0,2) eq '$2') { - $hash = hash_password($key, $stored_hash); - } else { - $hash = md5_base64($key); - } - if ( $hash eq $stored_hash ) { return 1; } - else { return 0; } - } - else { return 0; } -} -- 2.39.5