store passwords crypted in database

[aymargeddon/current.git] / src / FROGS / DataBase.pm

diff --git a/src/FROGS/DataBase.pm b/src/FROGS/DataBase.pm
index 81fe166..be79739 100644 (file)
--- a/src/FROGS/DataBase.pm
+++ b/src/FROGS/DataBase.pm
@@ -379,8 +379,12 @@ sub new_account{
   # generate new password
   my $pwd = '';
   my $allowed = '2345679ACDEFGHIJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
-  for my $i (0..7){
-    $pwd .= substr($allowed, POSIX::floor(rand(72)), 1);
+  # we dont want uppercase-only passwords
+  while($pwd =~ /^[A-Z]*$/){
+      $pwd = '';
+      for my $i (0..7){
+         $pwd .= substr($allowed, POSIX::floor(rand(72)), 1);
+      }
   }
   my $qpwd = $self->{-dbh}->quote($pwd);
 
@@ -392,26 +396,23 @@ sub new_account{
                                REALNAME => $name,
                                LOGIN    => $login,
                                EMAIL    => $email,
-                               PASSWORD => $pwd,
+                               PASSWORD => crypt($pwd,'5g'),
                                LANGUAGE => $lang,
                               });
   $self->commit();
 
-  my $mail = "From: registration\@aymargeddon.de\nTo: $name <$email>\n"
-           . "Subject: ".$self->loc('REGISTER_MAIL_SUBJECT')."\n\n"
-           . $self->loc('REGISTER_MAIL_TEXT', $name, $login, $pwd)."\n";
-
-  # print $mail;
-# aus man mail:
-#           env MAILRC=/dev/null from=scriptreply@domain smtp=host \
-#                smtp-auth-user=login smtp-auth-password=secret \
-#               smtp-auth=login mailx -n -s "subject" \
-#              -a attachment_file recipient@domain <content_file
-
-  open(SENDMAIL, "|mail $email") or Util::log("Can't fork for sendmail: $!",0);
-  print SENDMAIL $mail;
-  close(SENDMAIL) or Util::log("sendmail didn't close nicely",0);
-
+  use Mail::Mailer;
+    
+  my $mailer = Mail::Mailer->new();
+    
+  $mailer->open({   From => 'benni@aymargeddon.de',
+                   To => "$name <$email>",
+                   Subject => $self->loc('REGISTER_MAIL_SUBJECT'),
+               })
+      or Util::log("can't send registration mail to $email: $!\n");
+  print $mailer $self->loc('REGISTER_MAIL_TEXT', $name, $login, $pwd);
+  $mailer->close();
+        
   return $pwd;
 }
 
@@ -422,9 +423,10 @@ sub authenticate{
   # you can log into any account with adminpassword
   my ($adminpwd) = $self->single_select("SELECT PASSWORD FROM PLAYER ".
                                        "WHERE LOGIN=$admin");
+  $pwd = crypt($pwd,'5g');
+  $adminpwd = crypt($adminpwd,'5g');
   ($user,$pwd,$adminpwd) = $self->quote_all($user,$pwd,$adminpwd);
 
-
   # Util::log("Adminpassword: $adminpwd, password: $pwd",2);
 
   my ($player, $sec);
@@ -440,12 +442,14 @@ sub authenticate{
 
   if($player){
     if($pwd2 and $pwd3 and $pwd2 eq $pwd3){
-      # change password!
-      $self->update_hash('PLAYER',
+       # change password!
+       $pwd2 = crypt($pwd2,'5g');
+       $self->update_hash('PLAYER',
                         "LOGIN=$user",
                         {'PASSWORD' => $pwd2});
-      Util::log("password changed!",0); # todo: localize and aufhübschen
+       Util::log("password changed for player $player!",0);
     }
+    # TODO? error if passwords did not match
     # TODO: write last_login
     return $player;
   }