aly/servatrice
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'upstream/master' into translation

Browse source
This commit is contained in:
Daenyth 2012-01-01 12:20:05 -05:00
commit 9586212f60
2 changed files with 23 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
common/server_protocolhandler.cpp
View file

@ -147,6 +147,8 @@ ResponseCode Server_ProtocolHandler::processCommandHelper(Command *command, Comm
ModeratorCommand *moderatorCommand = qobject_cast<ModeratorCommand *>(command); ModeratorCommand *moderatorCommand = qobject_cast<ModeratorCommand *>(command);
if (moderatorCommand) { if (moderatorCommand) {
qDebug() << "received ModeratorCommand"; qDebug() << "received ModeratorCommand";
if (!userInfo)
return RespLoginNeeded;
if (!(userInfo->getUserLevel() & ServerInfo_User::IsModerator)) if (!(userInfo->getUserLevel() & ServerInfo_User::IsModerator))
return RespLoginNeeded; return RespLoginNeeded;
@ -158,6 +160,8 @@ ResponseCode Server_ProtocolHandler::processCommandHelper(Command *command, Comm
AdminCommand *adminCommand = qobject_cast<AdminCommand *>(command); AdminCommand *adminCommand = qobject_cast<AdminCommand *>(command);
if (adminCommand) { if (adminCommand) {
qDebug() << "received AdminCommand"; qDebug() << "received AdminCommand";
if (!userInfo)
return RespLoginNeeded;
if (!(userInfo->getUserLevel() & ServerInfo_User::IsAdmin)) if (!(userInfo->getUserLevel() & ServerInfo_User::IsAdmin))
return RespLoginNeeded; return RespLoginNeeded;

26
servatrice/src/servatrice.cpp
View file

@ -189,20 +189,32 @@ AuthenticationResult Servatrice::checkUserPassword(Server_ProtocolHandler *handl
return PasswordWrong; return PasswordWrong;
} }
QSqlQuery query; QSqlQuery nameBanQuery;
query.prepare("select a.password_sha512, time_to_sec(timediff(now(), date_add(b.time_from, interval b.minutes minute))) < 0, b.minutes <=> 0 from " + dbPrefix + "_users a left join " + dbPrefix + "_bans b on b.user_name = a.name and b.time_from = (select max(c.time_from) from " + dbPrefix + "_bans c where c.user_name = a.name) where a.name = :name and a.active = 1"); nameBanQuery.prepare("select time_to_sec(timediff(now(), date_add(b.time_from, interval b.minutes minute))) < 0, b.minutes <=> 0 from " + dbPrefix + "_bans b where b.time_from = (select max(c.time_from) from " + dbPrefix + "_bans c where c.user_name = :name2) and b.user_name = :name1");
query.bindValue(":name", user); nameBanQuery.bindValue(":name1", user);
if (!execSqlQuery(query)) { nameBanQuery.bindValue(":name2", user);
if (!execSqlQuery(nameBanQuery)) {
qDebug("Login denied: SQL error"); qDebug("Login denied: SQL error");
return PasswordWrong; return PasswordWrong;
} }
if (query.next()) { if (nameBanQuery.next())
if (query.value(1).toInt() || query.value(2).toInt()) { if (nameBanQuery.value(0).toInt() || nameBanQuery.value(1).toInt()) {
qDebug("Login denied: banned by name"); qDebug("Login denied: banned by name");
return PasswordWrong; return PasswordWrong;
} }
if (query.value(0).toString() == PasswordHasher::computeHash(password, query.value(0).toString().left(16))) {
QSqlQuery passwordQuery;
passwordQuery.prepare("select password_sha512 from " + dbPrefix + "_users where name = :name and active = 1");
passwordQuery.bindValue(":name", user);
if (!execSqlQuery(passwordQuery)) {
qDebug("Login denied: SQL error");
return PasswordWrong;
}
if (passwordQuery.next()) {
const QString correctPassword = passwordQuery.value(0).toString();
if (correctPassword == PasswordHasher::computeHash(password, correctPassword.left(16))) {
qDebug("Login accepted: password right"); qDebug("Login accepted: password right");
return PasswordRight; return PasswordRight;
} else { } else {