Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add salted md5 password support to UserDB.

The specific format used here is to store the password and salt in a single
field, separated by a colon. I used it to convert a Zen Cart store to
Interchange.

To use this feature, set the following catalog configuration parameters:

UserDB    default    md5_salted    1
UserDB    default    crypt         1
  • Loading branch information...
commit eb8f7db03fcbf74654ab71fcaadfb231b2415ac9 1 parent 1c11564
@danielbr danielbr authored
Showing with 29 additions and 0 deletions.
  1. +29 −0 lib/Vend/UserDB.pm
View
29 lib/Vend/UserDB.pm
@@ -61,6 +61,34 @@ my %enc_subs = (
my $obj = shift;
return Digest::MD5::md5_hex(shift);
},
+ # This particular md5_salted encryption stores the salt with the password
+ # in colon-separated format: /.+:(..)/. It is compatible with Zen Cart.
+ # Detecting context based on the length of the mystery meat is a little
+ # hokey; it would be more ideal to specify or detect the context
+ # explicitly in/from the object itself (or as a named/separate parameter).
+ md5_salted => sub {
+ my ($obj, $password, $mystery_meat) = @_;
+
+ my $encrypted;
+ my $return_salt;
+ my $mystery_meat_length = length $mystery_meat;
+ if ($mystery_meat_length == 35) {
+ # Extract only the salt; we don't need the database password here.
+ my (undef, $db_salt) = split(':', $mystery_meat);
+ $encrypted = Digest::MD5::md5_hex($db_salt . $password);
+ $return_salt = $db_salt;
+ }
+ else {
+ if ($mystery_meat_length != 2) {
+ # Assume the mystery meat is a salt and soldier on anyway.
+ ::logError("Unrecognized salt for md5_salted encryption.");
+ }
+ $return_salt = $mystery_meat;
+ $encrypted = Digest::MD5::md5_hex($return_salt . $password);
+ }
+
+ return "$encrypted:$return_salt";
+ },
sha1 => sub {
my $obj = shift;
unless ($HAVE_SHA1) {
@@ -77,6 +105,7 @@ my %enc_subs = (
my %enc_id = qw/
13 default
32 md5
+ 35 md5_salted
40 sha1
/;
Please sign in to comment.
Something went wrong with that request. Please try again.