X-Git-Url: https://mudpy.org/gitweb?a=blobdiff_plain;f=lib%2Fmudpy%2Fmisc.py;h=609e155990f176c5c8bd5e6023ceec943586c06b;hb=520cbd3c71a1c3a90fc4425c400f4bb4572890a8;hp=3b11a12e1466d9f3aec1c20335fd35b7845082d6;hpb=0fca7fa3d5ac08111c8850555813d341d699797f;p=mudpy.git

diff --git a/lib/mudpy/misc.py b/lib/mudpy/misc.py
index 3b11a12..609e155 100644
--- a/lib/mudpy/misc.py
+++ b/lib/mudpy/misc.py
@@ -1783,17 +1783,13 @@ def handler_entering_account_name(user):
 
 def handler_checking_password(user):
    u"""Handle the login account password."""
-   import md5
+   import password
 
    # get the next waiting line of input
    input_data = user.input_queue.pop(0)
 
    # does the hashed input equal the stored hash?
-   if unicode(
-      md5.new(
-         ( user.account.get(u"name") + input_data ).encode(u"utf-8")
-      ).hexdigest()
-   ) == user.account.get(u"passhash"):
+   if password.verify( input_data, user.account.get(u"passhash") ):
 
       # if so, set the username and load from cold storage
       if not user.replace_old_connections():
@@ -1820,7 +1816,7 @@ def handler_checking_password(user):
 
 def handler_entering_new_password(user):
    u"""Handle a new password entry."""
-   import md5
+   import password
 
    # get the next waiting line of input
    input_data = user.input_queue.pop(0)
@@ -1836,14 +1832,7 @@ def handler_entering_new_password(user):
    ):
 
       # hash and store it, then move on to verification
-      user.account.set(
-         u"passhash",
-         unicode(
-            md5.new(
-               ( user.account.get(u"name") + input_data ).encode(u"utf-8")
-            ).hexdigest()
-         )
-      )
+      user.account.set( u"passhash", password.create(input_data) )
       user.state = u"verifying_new_password"
 
    # the password was weak, try again if you haven't tried too many times
@@ -1867,17 +1856,13 @@ def handler_entering_new_password(user):
 
 def handler_verifying_new_password(user):
    u"""Handle the re-entered new password for verification."""
-   import md5
+   import password
 
    # get the next waiting line of input
    input_data = user.input_queue.pop(0)
 
    # hash the input and match it to storage
-   if unicode(
-      md5.new(
-         ( user.account.get(u"name") + input_data ).encode(u"utf-8")
-      ).hexdigest()
-   ) == user.account.get(u"passhash"):
+   if password.verify( input_data, user.account.get(u"passhash") ):
       user.authenticate()
 
       # the hashes matched, so go active