Check user level when authenticating for chat thingy.

author: onefang 2022-06-07 15:38:02 +1000
committer: onefang 2022-06-07 15:38:02 +1000
commit: eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709 (patch)
tree: 9df9a180c678cf2e7a629cf1ce213999ba802de9
parent: Move SledjChisl header and footer to external SSI files. (diff)
download: opensim-SC-eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709.zip
opensim-SC-eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709.tar.gz
opensim-SC-eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709.tar.bz2
opensim-SC-eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709.tar.xz
1 files changed, 20 insertions, 14 deletions
diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c
index ec24b22..0710063 100644
--- a/src/sledjchisl/sledjchisl.c
+++ b/src/sledjchisl/sledjchisl.c
@@ -8413,26 +8413,32 @@ void prosody_mod_auth_custom_http_json(char *file, reqData *Rd, HTMLfile *thisFi
  else
  {
    char *salt = getStrH(Rd->database, "auth.passwordSalt"), *hash = getStrH(Rd->database, "auth.passwordHash");
+    int level = atoi(getStrH(Rd->database, "UserAccounts.UserLevel"));
    c = 0;
-    if ((NULL == password) || ('\0' == password[0]))
+    if (0 > level)
-      bitch(Rd, "Cannot validate account.", "No password supplied.");
+        bitch(Rd, "Cannot validate account.", "User level too low.");
-    else if (('\0' != salt[0]) && ('\0' != hash[0]))
+    else
    {
-      D("Comparing passwords. %s  %s  %s", password, salt, hash);
+      if ((NULL == password) || ('\0' == password[0]))
-      char *h = checkSLOSpassword(Rd, salt, password, hash, "Passwords are not the same.");
+        bitch(Rd, "Cannot validate account.", "No password supplied.");
+      else if (('\0' != salt[0]) && ('\0' != hash[0]))
-      if (NULL == h)
-        bitch(Rd, "Cannot validate account.", "Passwords are not the same.");
-      else
      {
-        I("Authenticated XMPP user %s@%s", user, Rd->Host);
+        D("Comparing passwords. %s  %s  %s", password, salt, hash);
-        c = 1;
+        char *h = checkSLOSpassword(Rd, salt, password, hash, "Passwords are not the same.");
-        free(h);
+        if (NULL == h)
+          bitch(Rd, "Cannot validate account.", "Passwords are not the same.");
+        else
+        {
+          I("Authenticated XMPP user %s@%s", user, Rd->Host);
+          c = 1;
+          free(h);
+        }
      }
+      else
+        bitch(Rd, "Cannot validate account.", "No salted hash.");
    }
-    else
-      bitch(Rd, "Cannot validate account.", "No salted hash.");
  }
  Rd->reply->addstrf(Rd->reply, (1 == c) ? "true" : "false");
author	onefang	2022-06-07 15:38:02 +1000
committer	onefang	2022-06-07 15:38:02 +1000
commit	eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709 (patch)
tree	9df9a180c678cf2e7a629cf1ce213999ba802de9
parent	Move SledjChisl header and footer to external SSI files. (diff)
download	opensim-SC-eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709.zip opensim-SC-eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709.tar.gz opensim-SC-eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709.tar.bz2 opensim-SC-eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709.tar.xz

diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c index ec24b22..0710063 100644 --- a/src/sledjchisl/sledjchisl.c +++ b/src/sledjchisl/sledjchisl.c
@@ -8413,26 +8413,32 @@ void prosody_mod_auth_custom_http_json(char file, reqData Rd, HTMLfile *thisFi
8413	else	8413	else
8414	{	8414	{
8415	char salt = getStrH(Rd->database, "auth.passwordSalt"), hash = getStrH(Rd->database, "auth.passwordHash");	8415	char salt = getStrH(Rd->database, "auth.passwordSalt"), hash = getStrH(Rd->database, "auth.passwordHash");
		8416	int level = atoi(getStrH(Rd->database, "UserAccounts.UserLevel"));
8416		8417
8417	c = 0;	8418	c = 0;
8418	if ((NULL == password) \|\| ('\0' == password[0]))	8419	if (0 > level)
8419	bitch(Rd, "Cannot validate account.", "No password supplied.");	8420	bitch(Rd, "Cannot validate account.", "User level too low.");
8420	else if (('\0' != salt[0]) && ('\0' != hash[0]))	8421	else
8421	{	8422	{
8422	D("Comparing passwords. %s %s %s", password, salt, hash);	8423	if ((NULL == password) \|\| ('\0' == password[0]))
8423	char *h = checkSLOSpassword(Rd, salt, password, hash, "Passwords are not the same.");	8424	bitch(Rd, "Cannot validate account.", "No password supplied.");
8424		8425	else if (('\0' != salt[0]) && ('\0' != hash[0]))
8425	if (NULL == h)
8426	bitch(Rd, "Cannot validate account.", "Passwords are not the same.");
8427	else
8428	{	8426	{
8429	I("Authenticated XMPP user %s@%s", user, Rd->Host);	8427	D("Comparing passwords. %s %s %s", password, salt, hash);
8430	c = 1;	8428	char *h = checkSLOSpassword(Rd, salt, password, hash, "Passwords are not the same.");
8431	free(h);	8429
		8430	if (NULL == h)
		8431	bitch(Rd, "Cannot validate account.", "Passwords are not the same.");
		8432	else
		8433	{
		8434	I("Authenticated XMPP user %s@%s", user, Rd->Host);
		8435	c = 1;
		8436	free(h);
		8437	}
8432	}	8438	}
		8439	else
		8440	bitch(Rd, "Cannot validate account.", "No salted hash.");
8433	}	8441	}
8434	else
8435	bitch(Rd, "Cannot validate account.", "No salted hash.");
8436	}	8442	}
8437		8443
8438	Rd->reply->addstrf(Rd->reply, (1 == c) ? "true" : "false");	8444	Rd->reply->addstrf(Rd->reply, (1 == c) ? "true" : "false");