Bug 14059: Deleting 'issues' table before processing the tests

[koha.git] / opac / opac-passwd.pl

diff --git a/opac/opac-passwd.pl b/opac/opac-passwd.pl
index 19425f7..ac4484f 100755 (executable)
--- a/opac/opac-passwd.pl
+++ b/opac/opac-passwd.pl
@@ -5,23 +5,23 @@
 #
 # This file is part of the extensions and enhacments made to koha by Universidad ORT Uruguay
 #
-# Koha is free software; you can redistribute it and/or modify it under the
-# terms of the GNU General Public License as published by the Free Software
-# Foundation; either version 2 of the License, or (at your option) any later
-# version.
+# Koha is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
 #
-# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
-# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-# A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+# Koha is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
 #
-# You should have received a copy of the GNU General Public License along
-# with Koha; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# You should have received a copy of the GNU General Public License
+# along with Koha; if not, see <http://www.gnu.org/licenses>.
 
 use strict;
 use warnings;
 
-use CGI;
+use CGI qw ( -utf8 );
 
 use C4::Auth;    # checkauth, getborrowernumber.
 use C4::Context;
@@ -29,13 +29,14 @@ use Digest::MD5 qw(md5_base64);
 use C4::Circulation;
 use C4::Members;
 use C4::Output;
+use Koha::AuthUtils qw(hash_password);
 
 my $query = new CGI;
 my $dbh   = C4::Context->dbh;
 
 my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
     {
-        template_name   => "opac-passwd.tmpl",
+        template_name   => "opac-passwd.tt",
         query           => $query,
         type            => "opac",
         authnotrequired => 0,
@@ -57,7 +58,7 @@ if ( C4::Context->preference("OpacPasswordChange") ) {
             if ( $query->param('Newkey') eq $query->param('Confirm')
                 && length( $query->param('Confirm') ) >= $minpasslen )
             {    # Record password
-                my $clave = md5_base64( $query->param('Newkey') );
+                my $clave = hash_password( $query->param('Newkey') );
                 $sth->execute( $clave, $borrowernumber );
                 $template->param( 'password_updated' => '1' );
                 $template->param( 'borrowernumber'   => $borrowernumber );
@@ -113,8 +114,14 @@ sub goodkey {
       $dbh->prepare("SELECT password FROM borrowers WHERE borrowernumber=?");
     $sth->execute($borrowernumber);
     if ( $sth->rows ) {
-        my ($md5password) = $sth->fetchrow;
-        if ( md5_base64($key) eq $md5password ) { return 1; }
+        my $hash;
+        my ($stored_hash) = $sth->fetchrow;
+        if ( substr($stored_hash,0,2) eq '$2') {
+            $hash = hash_password($key, $stored_hash);
+        } else {
+            $hash = md5_base64($key);
+        }
+        if ( $hash eq $stored_hash ) { return 1; }
         else { return 0; }
     }
     else { return 0; }