3 files changed, 11 insertions, 14 deletions

diff --git a/Mailman/Cgi/admin.py b/Mailman/Cgi/admin.py
index 9e875d1f0..73a7b2cd9 100644
--- a/Mailman/Cgi/admin.py
+++ b/Mailman/Cgi/admin.py
@@ -50,7 +50,7 @@ def isAuthenticated(list, password=None, SECRET="SECRET"):
             AddErrorMessage(doc, 'Error: Incorrect admin password.')
             return 0
 
-        token = `hash(list_name)`
+        token = list.MakeCookie()
         c = Cookie.Cookie()
         cookie_key = list_name + "-admin"
         c[cookie_key] = token
@@ -60,7 +60,7 @@ def isAuthenticated(list, password=None, SECRET="SECRET"):
     if os.environ.has_key('HTTP_COOKIE'):
         c = Cookie.Cookie( os.environ['HTTP_COOKIE'] )
         if c.has_key(list_name + "-admin"):
-	    if c[list_name + "-admin"].value == `hash(list_name)`:
+            if list.CheckCookie(c[list_name + "-admin"].value):
 		return 1
 	    else:
 		AddErrorMessage(doc, "error decoding authorization cookie")
diff --git a/Mailman/Cgi/admindb.py b/Mailman/Cgi/admindb.py
index 3f3e20a2e..0f76c032c 100644
--- a/Mailman/Cgi/admindb.py
+++ b/Mailman/Cgi/admindb.py
@@ -34,7 +34,7 @@ def isAuthenticated(mlist, password=None, SECRET="SECRET"):
             AddErrorMessage(doc, 'Error: Incorrect admin password.')
             return 0
 
-        token = `hash(list_name)`
+        token = list.MakeCookie()
         c = Cookie.Cookie()
         cookie_key = list_name + "-admin"
         c[cookie_key] = token
@@ -44,7 +44,7 @@ def isAuthenticated(mlist, password=None, SECRET="SECRET"):
     if os.environ.has_key('HTTP_COOKIE'):
         c = Cookie.Cookie( os.environ['HTTP_COOKIE'] )
         if c.has_key(list_name + "-admin"):
-	    if c[list_name + "-admin"].value == `hash(list_name)`:
+	    if list.CheckCookie(c[list_name + "-admin"].value):
 		return 1
 	    else:
 		AddErrorMessage(doc, "error decoding authorization cookie")
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index 0fbdcede0..e46879371 100644
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -32,9 +32,6 @@ import Mailman.mm_cfg
 LogStdErr("error", "private")
 
 
-
-SECRET = "secret"  # XXX used for hashing
-
 PAGE = '''
 <html>
 <head>
@@ -82,10 +79,15 @@ def GetListobj(list_name):
     return _list
 
 def isAuthenticated(list_name):
+    try:
+        listobj = GetListobj(list_name)
+    except Errors.MMUnknownListError:
+        print "\n<H3>List", repr(list_name), "not found.</h3>"
+        raise SystemExit
     if os.environ.has_key('HTTP_COOKIE'):
 	c = Cookie.Cookie( os.environ['HTTP_COOKIE'] )
 	if c.has_key(list_name):
-            if c[list_name].value == `hash(list_name)`:
+            if listobj.CheckCookie(c[list_name].value):
                 return 1
     # No corresponding cookie.  OK, then check for username, password
     # CGI variables 
@@ -108,17 +110,12 @@ def isAuthenticated(list_name):
     global login_attempted
     login_attempted=1
     try:
-        listobj = GetListobj(list_name)
-    except Errors.MMUnknownListError:
-        print "\n<H3>List", repr(list_name), "not found.</h3>"
-        raise SystemExit
-    try:
 	listobj.ConfirmUserPassword( username, password)
     except (Errors.MMBadUserError, Errors.MMBadPasswordError,
             Errors.MMNotAMemberError): 
 	return 0
 
-    token = `hash(list_name)`
+    token = listobj.MakeCookie()
     c = Cookie.Cookie()
     c[list_name] = token
     print c				# Output the cookie