X-Git-Url: http://aymargeddon.de/gitweb/?p=aymargeddon%2Fcurrent.git;a=blobdiff_plain;f=src%2FFROGS%2FDataBase.pm;h=34e415cf8fdee6cdf9814f77e4293bca7e128fe2;hp=9a43f69de502280b3f6c9855ba53267bd67d3818;hb=448ecd81168816b51bf23219e8cc802ed4e2346e;hpb=05176fd6f49774b1ce2e785e220b534e436fcab2
diff --git a/src/FROGS/DataBase.pm b/src/FROGS/DataBase.pm
index 9a43f69..34e415c 100644
--- a/src/FROGS/DataBase.pm
+++ b/src/FROGS/DataBase.pm
@@ -1,23 +1,24 @@
##########################################################################
#
-# Copyright (c) 2003 Aymargeddon Development Team
+# Copyright (c) 2003-2012 Aymargeddon Development Team
#
-# This file is part of
-# "FROGS" = Framework for Realtime Online Games of Strategy
-#
-# FROGS is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the Free
-# Software Foundation; either version 2 of the License, or (at your option)
-# any later version.
-#
-# FROGS is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
-# more details.
-# You should have received a copy of the GNU General Public License along
-# with this program; if not, write to the Free Software Foundation, Inc., 675
-# Mass Ave, Cambridge, MA 02139, USA.
+# This file is part of "Last days of Aymargeddon" - a massive multi player
+# onine game of strategy
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
+# See the GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
###########################################################################
#
@@ -379,8 +380,12 @@ sub new_account{
# generate new password
my $pwd = '';
my $allowed = '2345679ACDEFGHIJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
- for my $i (0..7){
- $pwd .= substr($allowed, POSIX::floor(rand(72)), 1);
+ # we dont want uppercase-only passwords, which would lead to LOCALIZE-Problems
+ while($pwd =~ /^[A-Z]*$/){
+ $pwd = '';
+ for my $i (0..7){
+ $pwd .= substr($allowed, POSIX::floor(rand(72)), 1);
+ }
}
my $qpwd = $self->{-dbh}->quote($pwd);
@@ -392,26 +397,11 @@ sub new_account{
REALNAME => $name,
LOGIN => $login,
EMAIL => $email,
- PASSWORD => $pwd,
+ PASSWORD => crypt($pwd,'5g'),
LANGUAGE => $lang,
});
$self->commit();
- # my $mail = "From: registration\@aymargeddon.de\nTo: $name <$email>\n"
- # . "Subject: ".$self->loc('REGISTER_MAIL_SUBJECT')."\n\n"
- # . $self->loc('REGISTER_MAIL_TEXT', $name, $login, $pwd)."\n";
-
- # print $mail;
-# aus man mail:
-# env MAILRC=/dev/null from=scriptreply@domain smtp=host \
-# smtp-auth-user=login smtp-auth-password=secret \
-# smtp-auth=login mailx -n -s "subject" \
-# -a attachment_file recipient@domain new();
@@ -434,9 +424,10 @@ sub authenticate{
# you can log into any account with adminpassword
my ($adminpwd) = $self->single_select("SELECT PASSWORD FROM PLAYER ".
"WHERE LOGIN=$admin");
+ $pwd = crypt($pwd,'5g');
+ $adminpwd = crypt($adminpwd,'5g');
($user,$pwd,$adminpwd) = $self->quote_all($user,$pwd,$adminpwd);
-
# Util::log("Adminpassword: $adminpwd, password: $pwd",2);
my ($player, $sec);
@@ -452,12 +443,14 @@ sub authenticate{
if($player){
if($pwd2 and $pwd3 and $pwd2 eq $pwd3){
- # change password!
- $self->update_hash('PLAYER',
+ # change password!
+ $pwd2 = crypt($pwd2,'5g');
+ $self->update_hash('PLAYER',
"LOGIN=$user",
{'PASSWORD' => $pwd2});
- Util::log("password changed!",0); # todo: localize and aufhübschen
+ Util::log("password changed for player $player!",0);
}
+ # TODO? error if passwords did not match
# TODO: write last_login
return $player;
}