From: Mariusz Mazur <mmazur@pld-linux.org>
Date: Sun, 16 Jan 2005 18:18:32 +0000 (+0000)
Subject: - (almost) uniqe cookies
X-Git-Url: https://git.pld-linux.org/?p=projects%2Fpld-ftp-admin.git;a=commitdiff_plain;h=38492fee90e72afa8d389e345f24ce1770080ac0

- (almost) uniqe cookies

Changed files:
    modules/cmds.py -> 1.7
---

diff --git a/modules/cmds.py b/modules/cmds.py
index 424cc3e..10e3072 100644
--- a/modules/cmds.py
+++ b/modules/cmds.py
@@ -100,8 +100,9 @@ def cmd_login_passwd(con, data):
         raise BailOut
     login=tmp[0]
     passwd=tmp[1]
-    if login in users and users[login]==md5.new(passwd).hexdigest():
-        cookie=md5.new(login+passwd+`time.time()`).hexdigest()
+    md5pass=md5.new(passwd).hexdigest()
+    if login in users and users[login]==md5pass:
+        cookie=`time.time()`.split('.')[0]+'_'+md5.new(md5pass+salt).hexdigest()
         cookies[cookie]=login
         write_cookies()
         con.authorized=True
@@ -138,4 +139,5 @@ BailOut="BailOut"
 locks={}
 logfile=open(common.ftpadmdir+'var/log', 'a')
 load_creds()
+salt=md5.new(`time.time()`).hexdigest()