src/hg/hgLogin/hgLogin.c 912cb8ee007e9b69cd43392946eef12e18ee81dd

912cb8ee007e9b69cd43392946eef12e18ee81dd
chinhli
  Fri Apr 13 09:40:11 2012 -0700
Finished MD5 hashing pare as mediawiki does.
diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c
index bd3e24f..2a26803 100644
--- src/hg/hgLogin/hgLogin.c
+++ src/hg/hgLogin/hgLogin.c
@@ -4,64 +4,122 @@
 #include "hash.h"
 #include "obscure.h"
 #include "hgConfig.h"
 #include "cheapcgi.h"
 #include "memalloc.h"
 #include "jksql.h"
 #include "htmshell.h"
 #include "cart.h"
 #include "hPrint.h"
 #include "hdb.h"
 #include "hui.h"
 #include "web.h"
 #include "ra.h"
 #include "hgColors.h"
 #include <crypt.h>
-
+#include <openssl/md5.h>
 #include "net.h"
 
 #include "hgLogin.h"
 #include "hgLoginLink.h"
 #include "gbMembers.h"
 
 #include "versionInfo.h"
 char msg[2048] = "";
 
 
 char *excludeVars[] = { "submit", "Submit", "debug", "fixMembers", "update", "hgLogin_password","hgLogin_confirmPW", NULL };
 /* The excludeVars are not saved to the cart. (We also exclude
  * any variables that start "near.do.") */
 
 /* ---- Global variables. ---- */
 struct cart *cart;	/* This holds cgi and other variables between clicks. */
 char *database;		/* Name of genome database - hg15, mm3, or the like. */
 struct hash *oldCart;	/* Old cart hash. */
 char *errMsg;           /* Error message to show user when form data rejected */
 
 /* -------- password functions ---- */
 
+void cryptWikiWay(char *password, char *salt, char* result)
+// encrypt password as mediawiki does:  ':B:'.$salt.':'. md5($salt.'-'.md5($password )
+{
+int i;
+  unsigned char result1[MD5_DIGEST_LENGTH];
+  unsigned char result2[MD5_DIGEST_LENGTH];
+  char firstMD5[MD5_DIGEST_LENGTH*2 + 1];
+  char secondMD5[MD5_DIGEST_LENGTH*2 + 1];
+  i = MD5_DIGEST_LENGTH;
+  printf("MD5_DIGEST_LENGT is -- %d\n",i);
+  MD5((unsigned char *) password, strlen(password), result1);
+  // output
+  printf("result1 array:\n");
+  for(i = 0; i < MD5_DIGEST_LENGTH; i++)
+    printf("%02x", result1[i]);
+  printf("\n");
+  // Convert the first MD5 value to string
+  printf("Convert result1 to firstMD5 .......\n");
+  for(i = 0; i < MD5_DIGEST_LENGTH; i++)
+    {
+    sprintf(&firstMD5[i*2], "%02x", result1[i]);
+    }
+  printf("\n");
+  printf("firstMD5 string\n");
+  printf("firstMD5 is: %s \n",firstMD5);
+  printf("\n");
+
+  // add the salt with "-" 
+  char saltDashMD5[256];
+  strcpy(saltDashMD5,salt);
+ printf("String3  is: %s \n",saltDashMD5);
+  strcat(saltDashMD5,"-");
+ printf("String3  is: %s \n",saltDashMD5);
+  strcat(saltDashMD5,firstMD5);
+  printf("firstMD5 is: %s \n",firstMD5);
+  printf("saltDashMD5  is: %s \n",saltDashMD5);
+  MD5((unsigned char *) saltDashMD5, strlen(saltDashMD5), result2);
+ // output
+  for(i = 0; i < MD5_DIGEST_LENGTH; i++)
+    printf("%02x", result2[i]);
+  printf("\n");
+ printf("Convert result2 to secondMD5 .......\n");
+  for(i = 0; i < MD5_DIGEST_LENGTH; i++)
+    {
+    sprintf(&secondMD5[i*2], "%02x", result2[i]);
+    }
+  printf("\n");
+
+  i = MD5_DIGEST_LENGTH;
+  printf("MD5_DIGEST_LENGTH is %d\nLength of secondMD5 is %d\n",i, strlen(secondMD5));
+  printf("secondMD5 before return is: \n%s\n", secondMD5);
+
+  strcpy(result, secondMD5);
+
+}
 void encryptPWD(char *password, char *salt, char *buf, int bufsize)
 /* encrypt a password */
 {
 /* encrypt user's password. */
-safef(buf,bufsize,crypt(password, salt));
+// safef(buf,bufsize,crypt(password, salt));
+char md5Returned[100];
+cryptWikiWay(password, salt, md5Returned);
+safef(buf,bufsize,md5Returned);
+printf("After encrypt, buf isL K\n%s\n bufsize is %d\n", buf, bufsize); 
 }
 
-
 void encryptNewPwd(char *password, char *buf, int bufsize)
 /* encrypt a new password */
-/* XXXX TODO: use md5 in linked SSL */
+/* XXXX TODO: use MD5 in linked SSL */
 {
 unsigned long seed[2];
 char salt[] = "$1$........";
 const char *const seedchars =
 "./0123456789ABCDEFGHIJKLMNOPQRST"
 "UVWXYZabcdefghijklmnopqrstuvwxyz";
 int i;
 /* Generate a (not very) random seed. */
 seed[0] = time(NULL);
 seed[1] = getpid() ^ (seed[0] >> 14 & 0x30000);
 /* Turn it into printable characters from `seedchars'. */
 for (i = 0; i < 8; i++)
     salt[3+i] = seedchars[(seed[i/5] >> (i%5)*6) & 0x3f];
 encryptPWD(password, salt, buf, bufsize);
 }
@@ -589,31 +647,31 @@
 safef(query,sizeof(query), "insert into gbMembers set "
     "userName='%s',realName='%s',password='%s',email='%s', "
     "lastUse=NOW(),activated='N',dateAuthenticated='9999-12-31 23:59:59'",
     sqlEscapeString(user),sqlEscapeString(realName),sqlEscapeString(encPwd),sqlEscapeString(email));
 sqlUpdate(conn, query);
 
 
 hPrintf(
 "<h2>UCSC Genome Browser</h2>\n"
 "<p align=\"left\">\n"
 "</p>\n"
 "<h3>User %s successfully added.</h3>\n"
 , user
 );
 
-backToHgSession(2);
+backToHgSession(15);
 /*
 char *hgLoginHost = hgLoginLinkHost();
 
 hPrintf(
 "<script  language=\"JavaScript\">\n"
 "<!-- "
 "\n"
 "window.setTimeout(afterDelay, 1000);\n"
 "function afterDelay() {\n"
 "window.location =\"http://%s/cgi-bin/hgSession?hgS_doMainPage=1\";"
 "\n}"
 "\n"
 "//-->"
 "\n"
 "</script>"