Don't pass around psswrd anymore.

Coz we do the old hash, salt, and store trick now. And I mean tho OLD one, we are still compatible with SL's 2006 insecure password tech.
author: onefang 2020-03-17 12:37:34 +1000
committer: onefang 2020-03-17 12:37:34 +1000
commit: fb97941aad40d5c1c59db029d0e2c529d30ac63e (patch)
tree: 0743da504b3aec0dec616a9ef28068c876bc6d46 /src
parent: Oops, part of last commit. (diff)
download: opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.zip
opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.gz
opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.bz2
opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.xz
1 files changed, 2 insertions, 7 deletions
diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c
index 36ba0dc..b5ee0f8 100644
--- a/src/sledjchisl/sledjchisl.c
+++ b/src/sledjchisl/sledjchisl.c
@@ -3625,7 +3625,6 @@ static int validatePassword(reqData *Rd, qhashtbl_t *data)
  boolean create = strcmp("create", Rd->doit) == 0;
  int ret = 0;
  char *password = getStrH(data, "password");
-  char *psswrd   = getStrH(data, "psswrd");
  char *psswrdH  = getStrH(Rd->stuff, "passwordHash");
  char *psswrdS  = getStrH(Rd->stuff, "passwordSalt");
@@ -3804,13 +3803,11 @@ static int validatePassword(reqData *Rd, qhashtbl_t *data)
  // explicit_bzero() is the magic to properly wipe things, and it exists, but the damn thing manages to hide itself.
  // So gotta make sure it's actually used, to avoid the compiler optimizing bzero() away.
 //  explicit_bzero(password, strlen(password));
-//  explicit_bzero(psswrd, strlen(psswrd));
  bzero(password, strlen(password));
-  bzero(psswrd, strlen(psswrd));
  if (login)
-    D("User logged in with %s or %s.", password, psswrd);
+    D("User logged in%s.", password);
  else
-    D("Account created with %s or %s.", password, psswrd);
+    D("Account created%s.", password);
  return ret;
 }
@@ -4000,7 +3997,6 @@ void accountCreationPage(reqData *Rd, char *message)
  HTMLform(Rd->reply, "", Rd->shs.munchie);
    HTMLhidden(Rd->reply, "name", name);
    HTMLhidden(Rd->reply, "UUID", getStrH(Rd->stuff, "UUID"));
-    HTMLhidden(Rd->reply, "psswrd", getStrH(Rd->body, "password"));
    HTMLtext(Rd->reply, "email", "email", "email", getStrH(Rd->stuff, "email"), 42, 254, FALSE);
    HTMLtext(Rd->reply, "email", "Repeat your email, to be sure you got it correct", "emayl", getStrH(Rd->stuff, "emayl"), 42, 254, FALSE);
    Rd->reply->addstr(Rd->reply, "<p>A validation email will be sent to this email address, you will need to click on the link in it to continue your account creation.</p>\n");
@@ -4136,7 +4132,6 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile)
    newValidFunc("UUID",                (fieldValidFunc) validateUUID);
    newValidFunc("name",                (fieldValidFunc) validateName);
    newValidFunc("password",            (fieldValidFunc) validatePassword);
-    newValidFunc("psswrd",              (fieldValidFunc) validatePassword);
    newValidFunc("email",               (fieldValidFunc) validateEmail);
    newValidFunc("emayl",               (fieldValidFunc) validateEmail);
    newValidFunc("year",                (fieldValidFunc) validateDoB);
author	onefang	2020-03-17 12:37:34 +1000
committer	onefang	2020-03-17 12:37:34 +1000
commit	fb97941aad40d5c1c59db029d0e2c529d30ac63e (patch)
tree	0743da504b3aec0dec616a9ef28068c876bc6d46 /src
parent	Oops, part of last commit. (diff)
download	opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.zip opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.gz opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.bz2 opensim-SC-fb97941aad40d5c1c59db029d0e2c529d30ac63e.tar.xz