X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=web%2Flogin.cgi;h=55d4d31bf0e4e75321054cfc88081758af16ac96;hb=ae1e5a947fad4c2a450281a1a1d6ec3ca768101b;hp=351495367d926727077b5e0a0173097df6591882;hpb=c50d88536a4feb3087d1aa802e110250cb2861fc;p=mirror%2Fuserdir-ldap.git

diff --git a/web/login.cgi b/web/login.cgi
index 3514953..55d4d31 100755
--- a/web/login.cgi
+++ b/web/login.cgi
@@ -1,6 +1,7 @@
 #!/usr/bin/perl
 
-# (c) 1999 Debian and Randolph Chung. Licensed under the GPL. <tausq@debian.org>
+# $Id: login.cgi,v 1.7 2000/05/10 05:01:55 tausq Exp $
+# (c) 1999 Randolph Chung. Licensed under the GPL. <tausq@debian.org>
 
 use lib '.';
 use strict;
@@ -35,14 +36,34 @@ my $mesg = $ldap->bind($binddn, password => $password);
 $mesg->sync;
 
 if ($mesg->code == LDAP_SUCCESS) {
+  # HACK HACK HACK
+  # Check for md5 password, and update as necessary
+  $mesg = $ldap->search(base   => $config{basedn}, 
+                        filter => "(uid=$username)");
+  $mesg->code && &Util::HTMLError($mesg->error);
+  my $entries = $mesg->as_struct;
+  my $dn = (keys %$entries)[0];
+  my $oldpassword = $entries->{$dn}->{userpassword}->[0];
+  if ($oldpassword !~ /^{crypt}\$1\$/) {
+    # Update their password to md5
+    open (LOG, ">>$config{weblogfile}");
+    print LOG scalar(localtime);
+    print LOG ": Updating MD5 password for $dn\n";
+    close LOG;
+    my $newpassword = '{crypt}'.crypt($password, &Util::CreateCryptSalt(1));
+    &Util::LDAPUpdate($ldap, $dn, 'userPassword', $newpassword);
+  }
+  ## END HACK HACK HACK
+  
   my $cryptid = &Util::SavePasswordToFile($username, $password, $cipher);
 
   if ($query->param('update')) {
-    my $url = "$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$username&authtoken=$cryptid:$hrkey&editdn=";
+    my $url = "$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$username&authtoken=$cryptid,$hrkey&editdn=";
     $url .= uri_escape("uid=$username,$config{basedn}", "\x00-\x40\x7f-\xff");
     print "Location: $url\n\n";
   } else {
-    print "Location: $proto://$ENV{SERVER_NAME}/$config{websearchurl}?id=$username&authtoken=$cryptid:$hrkey\n\n";
+    my $url = "$proto://$ENV{SERVER_NAME}/$config{websearchurl}?id=$username&authtoken=$cryptid,$hrkey";
+    print "Location: $url\n\n";
   }
 
   $ldap->unbind;
@@ -50,3 +71,4 @@ if ($mesg->code == LDAP_SUCCESS) {
   print "Content-type: text/html\n\n";
   print "<html><body><h1>Not authenticated</h1></body></html>\n";
 }
+