aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src
diff options
context:
space:
mode:
authoronefang2022-06-07 15:38:02 +1000
committeronefang2022-06-07 15:38:02 +1000
commiteac73d03bc75c95fbc16ff2fbde72cf6a5fc2709 (patch)
tree9df9a180c678cf2e7a629cf1ce213999ba802de9 /src
parentMove SledjChisl header and footer to external SSI files. (diff)
downloadopensim-SC-eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709.zip
opensim-SC-eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709.tar.gz
opensim-SC-eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709.tar.bz2
opensim-SC-eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709.tar.xz
Check user level when authenticating for chat thingy.
Diffstat (limited to 'src')
-rw-r--r--src/sledjchisl/sledjchisl.c34
1 files changed, 20 insertions, 14 deletions
diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c
index ec24b22..0710063 100644
--- a/src/sledjchisl/sledjchisl.c
+++ b/src/sledjchisl/sledjchisl.c
@@ -8413,26 +8413,32 @@ void prosody_mod_auth_custom_http_json(char *file, reqData *Rd, HTMLfile *thisFi
8413 else 8413 else
8414 { 8414 {
8415 char *salt = getStrH(Rd->database, "auth.passwordSalt"), *hash = getStrH(Rd->database, "auth.passwordHash"); 8415 char *salt = getStrH(Rd->database, "auth.passwordSalt"), *hash = getStrH(Rd->database, "auth.passwordHash");
8416 int level = atoi(getStrH(Rd->database, "UserAccounts.UserLevel"));
8416 8417
8417 c = 0; 8418 c = 0;
8418 if ((NULL == password) || ('\0' == password[0])) 8419 if (0 > level)
8419 bitch(Rd, "Cannot validate account.", "No password supplied."); 8420 bitch(Rd, "Cannot validate account.", "User level too low.");
8420 else if (('\0' != salt[0]) && ('\0' != hash[0])) 8421 else
8421 { 8422 {
8422 D("Comparing passwords. %s %s %s", password, salt, hash); 8423 if ((NULL == password) || ('\0' == password[0]))
8423 char *h = checkSLOSpassword(Rd, salt, password, hash, "Passwords are not the same."); 8424 bitch(Rd, "Cannot validate account.", "No password supplied.");
8424 8425 else if (('\0' != salt[0]) && ('\0' != hash[0]))
8425 if (NULL == h)
8426 bitch(Rd, "Cannot validate account.", "Passwords are not the same.");
8427 else
8428 { 8426 {
8429 I("Authenticated XMPP user %s@%s", user, Rd->Host); 8427 D("Comparing passwords. %s %s %s", password, salt, hash);
8430 c = 1; 8428 char *h = checkSLOSpassword(Rd, salt, password, hash, "Passwords are not the same.");
8431 free(h); 8429
8430 if (NULL == h)
8431 bitch(Rd, "Cannot validate account.", "Passwords are not the same.");
8432 else
8433 {
8434 I("Authenticated XMPP user %s@%s", user, Rd->Host);
8435 c = 1;
8436 free(h);
8437 }
8432 } 8438 }
8439 else
8440 bitch(Rd, "Cannot validate account.", "No salted hash.");
8433 } 8441 }
8434 else
8435 bitch(Rd, "Cannot validate account.", "No salted hash.");
8436 } 8442 }
8437 8443
8438 Rd->reply->addstrf(Rd->reply, (1 == c) ? "true" : "false"); 8444 Rd->reply->addstrf(Rd->reply, (1 == c) ? "true" : "false");