diff options
author | onefang | 2020-03-17 12:37:34 +1000 |
---|---|---|
committer | onefang | 2020-03-17 12:37:34 +1000 |
commit | fb97941aad40d5c1c59db029d0e2c529d30ac63e (patch) | |
tree | 0743da504b3aec0dec616a9ef28068c876bc6d46 | |
parent | Oops, part of last commit. (diff) | |
download | opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.zip opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.gz opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.bz2 opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.xz |
Don't pass around psswrd anymore.
Coz we do the old hash, salt, and store trick now.
And I mean tho OLD one, we are still compatible with SL's 2006 insecure
password tech.
Diffstat (limited to '')
-rw-r--r-- | src/sledjchisl/sledjchisl.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c index 36ba0dc..b5ee0f8 100644 --- a/src/sledjchisl/sledjchisl.c +++ b/src/sledjchisl/sledjchisl.c | |||
@@ -3625,7 +3625,6 @@ static int validatePassword(reqData *Rd, qhashtbl_t *data) | |||
3625 | boolean create = strcmp("create", Rd->doit) == 0; | 3625 | boolean create = strcmp("create", Rd->doit) == 0; |
3626 | int ret = 0; | 3626 | int ret = 0; |
3627 | char *password = getStrH(data, "password"); | 3627 | char *password = getStrH(data, "password"); |
3628 | char *psswrd = getStrH(data, "psswrd"); | ||
3629 | char *psswrdH = getStrH(Rd->stuff, "passwordHash"); | 3628 | char *psswrdH = getStrH(Rd->stuff, "passwordHash"); |
3630 | char *psswrdS = getStrH(Rd->stuff, "passwordSalt"); | 3629 | char *psswrdS = getStrH(Rd->stuff, "passwordSalt"); |
3631 | 3630 | ||
@@ -3804,13 +3803,11 @@ static int validatePassword(reqData *Rd, qhashtbl_t *data) | |||
3804 | // explicit_bzero() is the magic to properly wipe things, and it exists, but the damn thing manages to hide itself. | 3803 | // explicit_bzero() is the magic to properly wipe things, and it exists, but the damn thing manages to hide itself. |
3805 | // So gotta make sure it's actually used, to avoid the compiler optimizing bzero() away. | 3804 | // So gotta make sure it's actually used, to avoid the compiler optimizing bzero() away. |
3806 | // explicit_bzero(password, strlen(password)); | 3805 | // explicit_bzero(password, strlen(password)); |
3807 | // explicit_bzero(psswrd, strlen(psswrd)); | ||
3808 | bzero(password, strlen(password)); | 3806 | bzero(password, strlen(password)); |
3809 | bzero(psswrd, strlen(psswrd)); | ||
3810 | if (login) | 3807 | if (login) |
3811 | D("User logged in with %s or %s.", password, psswrd); | 3808 | D("User logged in%s.", password); |
3812 | else | 3809 | else |
3813 | D("Account created with %s or %s.", password, psswrd); | 3810 | D("Account created%s.", password); |
3814 | 3811 | ||
3815 | return ret; | 3812 | return ret; |
3816 | } | 3813 | } |
@@ -4000,7 +3997,6 @@ void accountCreationPage(reqData *Rd, char *message) | |||
4000 | HTMLform(Rd->reply, "", Rd->shs.munchie); | 3997 | HTMLform(Rd->reply, "", Rd->shs.munchie); |
4001 | HTMLhidden(Rd->reply, "name", name); | 3998 | HTMLhidden(Rd->reply, "name", name); |
4002 | HTMLhidden(Rd->reply, "UUID", getStrH(Rd->stuff, "UUID")); | 3999 | HTMLhidden(Rd->reply, "UUID", getStrH(Rd->stuff, "UUID")); |
4003 | HTMLhidden(Rd->reply, "psswrd", getStrH(Rd->body, "password")); | ||
4004 | HTMLtext(Rd->reply, "email", "email", "email", getStrH(Rd->stuff, "email"), 42, 254, FALSE); | 4000 | HTMLtext(Rd->reply, "email", "email", "email", getStrH(Rd->stuff, "email"), 42, 254, FALSE); |
4005 | HTMLtext(Rd->reply, "email", "Repeat your email, to be sure you got it correct", "emayl", getStrH(Rd->stuff, "emayl"), 42, 254, FALSE); | 4001 | HTMLtext(Rd->reply, "email", "Repeat your email, to be sure you got it correct", "emayl", getStrH(Rd->stuff, "emayl"), 42, 254, FALSE); |
4006 | Rd->reply->addstr(Rd->reply, "<p>A validation email will be sent to this email address, you will need to click on the link in it to continue your account creation.</p>\n"); | 4002 | Rd->reply->addstr(Rd->reply, "<p>A validation email will be sent to this email address, you will need to click on the link in it to continue your account creation.</p>\n"); |
@@ -4136,7 +4132,6 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile) | |||
4136 | newValidFunc("UUID", (fieldValidFunc) validateUUID); | 4132 | newValidFunc("UUID", (fieldValidFunc) validateUUID); |
4137 | newValidFunc("name", (fieldValidFunc) validateName); | 4133 | newValidFunc("name", (fieldValidFunc) validateName); |
4138 | newValidFunc("password", (fieldValidFunc) validatePassword); | 4134 | newValidFunc("password", (fieldValidFunc) validatePassword); |
4139 | newValidFunc("psswrd", (fieldValidFunc) validatePassword); | ||
4140 | newValidFunc("email", (fieldValidFunc) validateEmail); | 4135 | newValidFunc("email", (fieldValidFunc) validateEmail); |
4141 | newValidFunc("emayl", (fieldValidFunc) validateEmail); | 4136 | newValidFunc("emayl", (fieldValidFunc) validateEmail); |
4142 | newValidFunc("year", (fieldValidFunc) validateDoB); | 4137 | newValidFunc("year", (fieldValidFunc) validateDoB); |