summaryrefslogtreecommitdiffstats
path: root/module/database
diff options
context:
space:
mode:
Diffstat (limited to 'module/database')
-rw-r--r--module/database/DatabaseBackend.py15
-rw-r--r--module/database/UserDatabase.py22
2 files changed, 22 insertions, 15 deletions
diff --git a/module/database/DatabaseBackend.py b/module/database/DatabaseBackend.py
index 9e9e73e43..0ce01cdc5 100644
--- a/module/database/DatabaseBackend.py
+++ b/module/database/DatabaseBackend.py
@@ -233,22 +233,7 @@ class DatabaseBackend(Thread):
self.c.executemany("INSERT INTO users(name, password, email) VALUES (?, ?, ?)", users)
move("pyload.db", "pyload.old.db")
- if exists("web.db"):
- try:
- self.core.log.info(_("Moving users"))
- except:
- print "Moving users"
- conn = sqlite3.connect('web.db')
- c = conn.cursor()
- c.execute("SELECT name, password, email, role, permission FROM users")
- for r in c:
- self.c.execute('SELECT name FROM users WHERE name=?', (r[0], ))
- if self.c.fetchone() is None:
- self.c.executemany("INSERT INTO users (name, password, email, role, permission) VALUES (?, ?, ?, ?, ?)", r)
- c.close()
- conn.close()
- move("web.db", "web.old.db")
self.c.execute('VACUUM')
def createCursor(self):
diff --git a/module/database/UserDatabase.py b/module/database/UserDatabase.py
index 6e04fa249..4367b1292 100644
--- a/module/database/UserDatabase.py
+++ b/module/database/UserDatabase.py
@@ -69,6 +69,28 @@ class UserMethods():
c.execute('INSERT INTO users (name, password) VALUES (?, ?)', (user, password))
+ @style.queue
+ def changePw(db, user, oldpw, newpw):
+
+ db.c.execute('SELECT id, name, password, role, permission, template FROM "users" WHERE name=?', (user, ))
+ r = db.c.fetchone()
+ if not r:
+ return False
+
+ salt = r[2][:5]
+ pw = r[2][5:]
+ h = sha1(salt + oldpw)
+ if h.hexdigest() == pw:
+ salt = reduce(lambda x, y: x + y, [str(random.randint(0, 9)) for i in range(0, 5)])
+ h = sha1(salt + newpw)
+ password = salt + h.hexdigest()
+
+ db.c.execute("UPDATE users SET password=? WHERE name=?", (password, user))
+ return True
+
+ return False
+
+
@style.async
def setPermission(db, user, perms):
db.c.execute("UPDATE users SET permission=? WHERE name=?", (perms, user))