diff options
author | Andrew Dolgov <[email protected]> | 2006-03-07 12:25:44 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2006-03-07 12:25:44 +0100 |
commit | 7f16656eb7aea169fca6732ccd74ceffd13a1984 (patch) | |
tree | 2f3f12f9e8a4c70e0e4b319a3f2f6e64c0563a63 | |
parent | 68511f86ac18cac0a8484b2c34f625fb4f2f3b99 (diff) |
remove support for plain-text passwords
-rw-r--r-- | functions.php | 3 | ||||
-rw-r--r-- | schema/ttrss_schema_mysql.sql | 3 | ||||
-rw-r--r-- | schema/ttrss_schema_pgsql.sql | 3 |
3 files changed, 5 insertions, 4 deletions
diff --git a/functions.php b/functions.php index 931774cfd..a7a17f9b5 100644 --- a/functions.php +++ b/functions.php @@ -740,8 +740,7 @@ $pwd_hash = 'SHA1:' . sha1($password); $result = db_query($link, "SELECT id,login,access_level FROM ttrss_users WHERE - login = '$login' AND ((pwd_hash = '$password' AND '$password' = 'password') - OR pwd_hash = '$pwd_hash')"); + login = '$login' AND pwd_hash = '$pwd_hash'"); if (db_num_rows($result) == 1) { $_SESSION["uid"] = db_fetch_result($result, 0, "id"); diff --git a/schema/ttrss_schema_mysql.sql b/schema/ttrss_schema_mysql.sql index c2357f5b5..a5a6f1db4 100644 --- a/schema/ttrss_schema_mysql.sql +++ b/schema/ttrss_schema_mysql.sql @@ -34,7 +34,8 @@ create table ttrss_users (id integer primary key not null auto_increment, index (theme_id), foreign key (theme_id) references ttrss_themes(id)) TYPE=InnoDB; -insert into ttrss_users (login,pwd_hash,access_level) values ('admin', 'password', 10); +insert into ttrss_users (login,pwd_hash,access_level) values ('admin', + 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', 10); create table ttrss_feed_categories(id integer not null primary key auto_increment, owner_uid integer not null, diff --git a/schema/ttrss_schema_pgsql.sql b/schema/ttrss_schema_pgsql.sql index 2ac43fd6d..4c064bed6 100644 --- a/schema/ttrss_schema_pgsql.sql +++ b/schema/ttrss_schema_pgsql.sql @@ -32,7 +32,8 @@ create table ttrss_users (id serial not null primary key, email varchar(250) not null default '', theme_id integer references ttrss_themes(id) default null); -insert into ttrss_users (login,pwd_hash,access_level) values ('admin', 'password', 10); +insert into ttrss_users (login,pwd_hash,access_level) values ('admin', + 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', 10); create table ttrss_feed_categories(id serial not null primary key, owner_uid integer not null references ttrss_users(id) on delete cascade, |