Skip to content
Browse files

Add salted md5 password support to UserDB.

The specific format used here is to store the password and salt in a single
field, separated by a colon. I used it to convert a Zen Cart store to
Interchange.

To use this feature, set the following catalog configuration parameters:

UserDB    default    md5_salted    1
UserDB    default    crypt         1
  • Loading branch information...
1 parent 1c11564 commit eb8f7db03fcbf74654ab71fcaadfb231b2415ac9 @danielbr danielbr committed
Showing with 29 additions and 0 deletions.
  1. +29 −0 lib/Vend/UserDB.pm
View
29 lib/Vend/UserDB.pm
@@ -61,6 +61,34 @@ my %enc_subs = (
my $obj = shift;
return Digest::MD5::md5_hex(shift);
},
+ # This particular md5_salted encryption stores the salt with the password
+ # in colon-separated format: /.+:(..)/. It is compatible with Zen Cart.
+ # Detecting context based on the length of the mystery meat is a little
+ # hokey; it would be more ideal to specify or detect the context
+ # explicitly in/from the object itself (or as a named/separate parameter).
+ md5_salted => sub {
+ my ($obj, $password, $mystery_meat) = @_;
+
+ my $encrypted;
+ my $return_salt;
+ my $mystery_meat_length = length $mystery_meat;
+ if ($mystery_meat_length == 35) {
+ # Extract only the salt; we don't need the database password here.
+ my (undef, $db_salt) = split(':', $mystery_meat);
+ $encrypted = Digest::MD5::md5_hex($db_salt . $password);
+ $return_salt = $db_salt;
+ }
+ else {
+ if ($mystery_meat_length != 2) {
+ # Assume the mystery meat is a salt and soldier on anyway.
+ ::logError("Unrecognized salt for md5_salted encryption.");
+ }
+ $return_salt = $mystery_meat;
+ $encrypted = Digest::MD5::md5_hex($return_salt . $password);
+ }
+
+ return "$encrypted:$return_salt";
+ },
sha1 => sub {
my $obj = shift;
unless ($HAVE_SHA1) {
@@ -77,6 +105,7 @@ my %enc_subs = (
my %enc_id = qw/
13 default
32 md5
+ 35 md5_salted
40 sha1
/;

0 comments on commit eb8f7db

Please sign in to comment.
Something went wrong with that request. Please try again.