aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/sledjchisl/sledjchisl.c
diff options
context:
space:
mode:
authoronefang2020-03-17 12:37:34 +1000
committeronefang2020-03-17 12:37:34 +1000
commitfb97941aad40d5c1c59db029d0e2c529d30ac63e (patch)
tree0743da504b3aec0dec616a9ef28068c876bc6d46 /src/sledjchisl/sledjchisl.c
parentOops, part of last commit. (diff)
downloadopensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.zip
opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.gz
opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.bz2
opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.xz
Don't pass around psswrd anymore.
Coz we do the old hash, salt, and store trick now. And I mean tho OLD one, we are still compatible with SL's 2006 insecure password tech.
Diffstat (limited to '')
-rw-r--r--src/sledjchisl/sledjchisl.c9
1 files changed, 2 insertions, 7 deletions
diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c
index 36ba0dc..b5ee0f8 100644
--- a/src/sledjchisl/sledjchisl.c
+++ b/src/sledjchisl/sledjchisl.c
@@ -3625,7 +3625,6 @@ static int validatePassword(reqData *Rd, qhashtbl_t *data)
3625 boolean create = strcmp("create", Rd->doit) == 0; 3625 boolean create = strcmp("create", Rd->doit) == 0;
3626 int ret = 0; 3626 int ret = 0;
3627 char *password = getStrH(data, "password"); 3627 char *password = getStrH(data, "password");
3628 char *psswrd = getStrH(data, "psswrd");
3629 char *psswrdH = getStrH(Rd->stuff, "passwordHash"); 3628 char *psswrdH = getStrH(Rd->stuff, "passwordHash");
3630 char *psswrdS = getStrH(Rd->stuff, "passwordSalt"); 3629 char *psswrdS = getStrH(Rd->stuff, "passwordSalt");
3631 3630
@@ -3804,13 +3803,11 @@ static int validatePassword(reqData *Rd, qhashtbl_t *data)
3804 // explicit_bzero() is the magic to properly wipe things, and it exists, but the damn thing manages to hide itself. 3803 // explicit_bzero() is the magic to properly wipe things, and it exists, but the damn thing manages to hide itself.
3805 // So gotta make sure it's actually used, to avoid the compiler optimizing bzero() away. 3804 // So gotta make sure it's actually used, to avoid the compiler optimizing bzero() away.
3806// explicit_bzero(password, strlen(password)); 3805// explicit_bzero(password, strlen(password));
3807// explicit_bzero(psswrd, strlen(psswrd));
3808 bzero(password, strlen(password)); 3806 bzero(password, strlen(password));
3809 bzero(psswrd, strlen(psswrd));
3810 if (login) 3807 if (login)
3811 D("User logged in with %s or %s.", password, psswrd); 3808 D("User logged in%s.", password);
3812 else 3809 else
3813 D("Account created with %s or %s.", password, psswrd); 3810 D("Account created%s.", password);
3814 3811
3815 return ret; 3812 return ret;
3816} 3813}
@@ -4000,7 +3997,6 @@ void accountCreationPage(reqData *Rd, char *message)
4000 HTMLform(Rd->reply, "", Rd->shs.munchie); 3997 HTMLform(Rd->reply, "", Rd->shs.munchie);
4001 HTMLhidden(Rd->reply, "name", name); 3998 HTMLhidden(Rd->reply, "name", name);
4002 HTMLhidden(Rd->reply, "UUID", getStrH(Rd->stuff, "UUID")); 3999 HTMLhidden(Rd->reply, "UUID", getStrH(Rd->stuff, "UUID"));
4003 HTMLhidden(Rd->reply, "psswrd", getStrH(Rd->body, "password"));
4004 HTMLtext(Rd->reply, "email", "email", "email", getStrH(Rd->stuff, "email"), 42, 254, FALSE); 4000 HTMLtext(Rd->reply, "email", "email", "email", getStrH(Rd->stuff, "email"), 42, 254, FALSE);
4005 HTMLtext(Rd->reply, "email", "Repeat your email, to be sure you got it correct", "emayl", getStrH(Rd->stuff, "emayl"), 42, 254, FALSE); 4001 HTMLtext(Rd->reply, "email", "Repeat your email, to be sure you got it correct", "emayl", getStrH(Rd->stuff, "emayl"), 42, 254, FALSE);
4006 Rd->reply->addstr(Rd->reply, "<p>A validation email will be sent to this email address, you will need to click on the link in it to continue your account creation.</p>\n"); 4002 Rd->reply->addstr(Rd->reply, "<p>A validation email will be sent to this email address, you will need to click on the link in it to continue your account creation.</p>\n");
@@ -4136,7 +4132,6 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile)
4136 newValidFunc("UUID", (fieldValidFunc) validateUUID); 4132 newValidFunc("UUID", (fieldValidFunc) validateUUID);
4137 newValidFunc("name", (fieldValidFunc) validateName); 4133 newValidFunc("name", (fieldValidFunc) validateName);
4138 newValidFunc("password", (fieldValidFunc) validatePassword); 4134 newValidFunc("password", (fieldValidFunc) validatePassword);
4139 newValidFunc("psswrd", (fieldValidFunc) validatePassword);
4140 newValidFunc("email", (fieldValidFunc) validateEmail); 4135 newValidFunc("email", (fieldValidFunc) validateEmail);
4141 newValidFunc("emayl", (fieldValidFunc) validateEmail); 4136 newValidFunc("emayl", (fieldValidFunc) validateEmail);
4142 newValidFunc("year", (fieldValidFunc) validateDoB); 4137 newValidFunc("year", (fieldValidFunc) validateDoB);