From addf7da2493908e8564a394b831760f5c953bb76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Trigo=20Soares?= Date: Mon, 28 Oct 2019 17:54:41 +0000 Subject: [PATCH] LDAP password cannot be sent hashed --- app/login.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/app/login.py b/app/login.py index 04520285..7e9b6eb2 100644 --- a/app/login.py +++ b/app/login.py @@ -129,10 +129,8 @@ if form.getvalue('logout'): sys.exit() if login is not None and password is not None: - USERS = sql.select_users(user=login) - password = funct.get_hash(password) - + for users in USERS: if users[7] == 0: print("Content-type: text/html\n") @@ -142,7 +140,8 @@ if login is not None and password is not None: if login in users[1]: check_in_ldap(login, password) else: - if login in users[1] and password == users[3]: + passwordHashed = funct.get_hash(password) + if login in users[1] and passwordHashed == users[3]: send_cookie(login) break else: