MV_NO_CRYPT — disable the use of password encryption server-wide
If configured, this variable disables the use
of crypt()
function and/or MD5 password hashing server-wide.
Example: Enabling the MV_NO_CRYPT feature
Add the following to interchange.cfg
:
Variable MV_NO_CRYPT 1
Interchange 5.9.0:
Source: lib/Vend/UserDB.pm
Line 624 (context shows lines 614-628 in new():568)
PASSWORD => $options{password} || $CGI::values{mv_password} || '', VERIFY => $options{verify} || $CGI::values{mv_verify} || '', NICKNAME => $options{nickname} || '', PROFILE => $options{profile} || '', LAST => '', USERMINLEN => $options{userminlen} || 2, PASSMINLEN => $options{passminlen} || 4, VALIDCHARS => $options{validchars} ? ('[' . $options{validchars} \ . ']') : $USERNAME_GOOD_CHARS, CRYPT => defined $options{'crypt'} ? $options{'crypt'} : ! $::Variable->{MV_NO_CRYPT}, CGI => ( defined $options{cgi} ? is_yes($options{cgi}) : 1), PRESENT => { }, DB_ID => $options{database} || 'userdb', OPTIONS => \%options,
Source: lib/Vend/Util.pm
Line 1531 (context shows lines 1521-1535 in check_authorization():1516)
":", MIME::Base64::decode_base64($auth), 2, ); my $cmp_pw; my $use_crypt = 1; if( $user eq $Vend::Cfg->{RemoteUser} and $Vend::Cfg->{Password} ) { $cmp_pw = $Vend::Cfg->{Password}; undef $use_crypt if $::Variable->{MV_NO_CRYPT}; } else { $pwinfo = $Vend::Cfg->{UserDatabase} unless $pwinfo; undef $use_crypt if $::Variable->{MV_NO_CRYPT};
Source: lib/Vend/Util.pm
Line 1535 (context shows lines 1525-1539 in check_authorization():1516)
my $cmp_pw; my $use_crypt = 1; if( $user eq $Vend::Cfg->{RemoteUser} and $Vend::Cfg->{Password} ) { $cmp_pw = $Vend::Cfg->{Password}; undef $use_crypt if $::Variable->{MV_NO_CRYPT}; } else { $pwinfo = $Vend::Cfg->{UserDatabase} unless $pwinfo; undef $use_crypt if $::Variable->{MV_NO_CRYPT}; $cmp_pw = Vend::Interpolate::tag_data($pwinfo, 'password', $user) if defined $Vend::Cfg->{Database}{$pwinfo}; }