Mercurial Repository: p/roundup/code: roundup/cgi/client.py comparison

allow blank passwords again [SF#619714]

author	Richard Jones <richard@users.sourceforge.net>
date	Tue, 08 Oct 2002 04:11:17 +0000
parents	6c24a86a12ae
children	77920c42aeb9

comparison

equal deleted inserted replaced

-:347657425a10
+:209a47ede743
-# $Id: client.py,v 1.50 2002-10-07 00:52:51 richard Exp $
+# $Id: client.py,v 1.51 2002-10-08 04:11:17 richard Exp $
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
 """
 return
 # make sure we're allowed to be here
 if not self.loginPermission():
 self.make_user_anonymous()
-raise Unauthorised, _("You do not have permission to login")
+self.error_message.append(_("You do not have permission to login"))
+return
 # now we're OK, re-open the database for real, using the user
 self.opendb(self.user)
 # set the session cookie
 self.set_cookie(self.user)
 def verifyPassword(self, userid, password):
 ''' Verify the password that the user has supplied
 '''
-return password == self.db.user.get(self.userid, 'password')
+stored = self.db.user.get(self.userid, 'password')
+if password == stored:
+return 1
+if not password and not stored:
+return 1
+return 0
 def loginPermission(self):
 ''' Determine whether the user has permission to log in.
 Base behaviour is to check the user has "Web Access".

Mercurial > p > roundup > code