diff options
-rw-r--r-- | src/sledjchisl/sledjchisl.c | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c index ec24b22..0710063 100644 --- a/src/sledjchisl/sledjchisl.c +++ b/src/sledjchisl/sledjchisl.c | |||
@@ -8413,26 +8413,32 @@ void prosody_mod_auth_custom_http_json(char *file, reqData *Rd, HTMLfile *thisFi | |||
8413 | else | 8413 | else |
8414 | { | 8414 | { |
8415 | char *salt = getStrH(Rd->database, "auth.passwordSalt"), *hash = getStrH(Rd->database, "auth.passwordHash"); | 8415 | char *salt = getStrH(Rd->database, "auth.passwordSalt"), *hash = getStrH(Rd->database, "auth.passwordHash"); |
8416 | int level = atoi(getStrH(Rd->database, "UserAccounts.UserLevel")); | ||
8416 | 8417 | ||
8417 | c = 0; | 8418 | c = 0; |
8418 | if ((NULL == password) || ('\0' == password[0])) | 8419 | if (0 > level) |
8419 | bitch(Rd, "Cannot validate account.", "No password supplied."); | 8420 | bitch(Rd, "Cannot validate account.", "User level too low."); |
8420 | else if (('\0' != salt[0]) && ('\0' != hash[0])) | 8421 | else |
8421 | { | 8422 | { |
8422 | D("Comparing passwords. %s %s %s", password, salt, hash); | 8423 | if ((NULL == password) || ('\0' == password[0])) |
8423 | char *h = checkSLOSpassword(Rd, salt, password, hash, "Passwords are not the same."); | 8424 | bitch(Rd, "Cannot validate account.", "No password supplied."); |
8424 | 8425 | else if (('\0' != salt[0]) && ('\0' != hash[0])) | |
8425 | if (NULL == h) | ||
8426 | bitch(Rd, "Cannot validate account.", "Passwords are not the same."); | ||
8427 | else | ||
8428 | { | 8426 | { |
8429 | I("Authenticated XMPP user %s@%s", user, Rd->Host); | 8427 | D("Comparing passwords. %s %s %s", password, salt, hash); |
8430 | c = 1; | 8428 | char *h = checkSLOSpassword(Rd, salt, password, hash, "Passwords are not the same."); |
8431 | free(h); | 8429 | |
8430 | if (NULL == h) | ||
8431 | bitch(Rd, "Cannot validate account.", "Passwords are not the same."); | ||
8432 | else | ||
8433 | { | ||
8434 | I("Authenticated XMPP user %s@%s", user, Rd->Host); | ||
8435 | c = 1; | ||
8436 | free(h); | ||
8437 | } | ||
8432 | } | 8438 | } |
8439 | else | ||
8440 | bitch(Rd, "Cannot validate account.", "No salted hash."); | ||
8433 | } | 8441 | } |
8434 | else | ||
8435 | bitch(Rd, "Cannot validate account.", "No salted hash."); | ||
8436 | } | 8442 | } |
8437 | 8443 | ||
8438 | Rd->reply->addstrf(Rd->reply, (1 == c) ? "true" : "false"); | 8444 | Rd->reply->addstrf(Rd->reply, (1 == c) ? "true" : "false"); |