X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap-cgi.git;a=blobdiff_plain;f=login.cgi;h=71536040f0df7e44a7fedb4327ae9379792157fa;hp=cfe73805b764be522ec49c38627cfd253b53d69d;hb=HEAD;hpb=532616d83a8d807b9315d88d9afb47f842577382 diff --git a/login.cgi b/login.cgi index cfe7380..7153604 100755 --- a/login.cgi +++ b/login.cgi @@ -3,6 +3,7 @@ # $Id: login.cgi,v 1.10 2006/12/22 08:58:50 rmurray Exp $ # (c) 1999 Randolph Chung. Licensed under the GPL. # (c) 2006 Ryan Murray. Licensed under the GPL. +# Copyright (c) 2008, 2011, 2015 Peter Palfrader use lib '.'; use strict; @@ -10,8 +11,7 @@ use strict; use CGI; use Util; use URI::Escape; -use Crypt::Blowfish; -use Net::LDAP qw(:all); +use Net::LDAP qw(LDAP_SUCCESS LDAP_PROTOCOL_ERROR); my %config = &Util::ReadConfigFile; @@ -23,10 +23,6 @@ if ($proto eq "http" || !($query->param('username')) || !($query->param('passwor exit; } -my $key = &Util::CreateKey($config{blowfishkeylen}); # human-readable version of the key -my $hrkey = unpack("H".($config{blowfishkeylen}*2), $key); -my $cipher = new Crypt::Blowfish $key; - my $ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!); &Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False'; @@ -57,14 +53,13 @@ if ($mesg->code == LDAP_SUCCESS) { } ## END HACK HACK HACK - my $cryptid = &Util::SavePasswordToFile($username, $password, $cipher); + my $authtoken = &Util::SavePasswordToFile($username, $password); if ($query->param('update')) { - my $url = "$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$username&authtoken=$cryptid,$hrkey&editdn="; - $url .= uri_escape("uid=$username,$config{basedn}", "\x00-\x40\x7f-\xff"); + my $url = "$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$username;authtoken=$authtoken"; print "Location: $url\n\n"; } else { - my $url = "$proto://$ENV{SERVER_NAME}/$config{websearchurl}?id=$username&authtoken=$cryptid,$hrkey"; + my $url = "$proto://$ENV{SERVER_NAME}/$config{websearchurl}?id=$username;authtoken=$authtoken"; print "Location: $url\n\n"; }