From eac73d03bc75c95fbc16ff2fbde72cf6a5fc2709 Mon Sep 17 00:00:00 2001
From: onefang
Date: Tue, 7 Jun 2022 15:38:02 +1000
Subject: Check user level when authenticating for chat thingy.

---
 src/sledjchisl/sledjchisl.c | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c
index ec24b22..0710063 100644
--- a/src/sledjchisl/sledjchisl.c
+++ b/src/sledjchisl/sledjchisl.c
@@ -8413,26 +8413,32 @@ void prosody_mod_auth_custom_http_json(char *file, reqData *Rd, HTMLfile *thisFi
   else
   {
     char *salt = getStrH(Rd->database, "auth.passwordSalt"), *hash = getStrH(Rd->database, "auth.passwordHash");
+    int level = atoi(getStrH(Rd->database, "UserAccounts.UserLevel"));
 
     c = 0;
-    if ((NULL == password) || ('\0' == password[0]))
-      bitch(Rd, "Cannot validate account.", "No password supplied.");
-    else if (('\0' != salt[0]) && ('\0' != hash[0]))
+    if (0 > level)
+        bitch(Rd, "Cannot validate account.", "User level too low.");
+    else
     {
-      D("Comparing passwords. %s  %s  %s", password, salt, hash);
-      char *h = checkSLOSpassword(Rd, salt, password, hash, "Passwords are not the same.");
-
-      if (NULL == h)
-	bitch(Rd, "Cannot validate account.", "Passwords are not the same.");
-      else
+      if ((NULL == password) || ('\0' == password[0]))
+	bitch(Rd, "Cannot validate account.", "No password supplied.");
+      else if (('\0' != salt[0]) && ('\0' != hash[0]))
       {
-        I("Authenticated XMPP user %s@%s", user, Rd->Host);
-        c = 1;
-	free(h);
+	D("Comparing passwords. %s  %s  %s", password, salt, hash);
+	char *h = checkSLOSpassword(Rd, salt, password, hash, "Passwords are not the same.");
+
+	if (NULL == h)
+	  bitch(Rd, "Cannot validate account.", "Passwords are not the same.");
+	else
+	{
+	  I("Authenticated XMPP user %s@%s", user, Rd->Host);
+	  c = 1;
+	  free(h);
+	}
       }
+      else
+        bitch(Rd, "Cannot validate account.", "No salted hash.");
     }
-    else
-      bitch(Rd, "Cannot validate account.", "No salted hash.");
   }
 
   Rd->reply->addstrf(Rd->reply, (1 == c) ? "true" : "false");
-- 
cgit v1.1