From fb97941aad40d5c1c59db029d0e2c529d30ac63e Mon Sep 17 00:00:00 2001 From: onefang Date: Tue, 17 Mar 2020 12:37:34 +1000 Subject: Don't pass around psswrd anymore. Coz we do the old hash, salt, and store trick now. And I mean tho OLD one, we are still compatible with SL's 2006 insecure password tech. --- src/sledjchisl/sledjchisl.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'src/sledjchisl/sledjchisl.c') diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c index 36ba0dc..b5ee0f8 100644 --- a/src/sledjchisl/sledjchisl.c +++ b/src/sledjchisl/sledjchisl.c @@ -3625,7 +3625,6 @@ static int validatePassword(reqData *Rd, qhashtbl_t *data) boolean create = strcmp("create", Rd->doit) == 0; int ret = 0; char *password = getStrH(data, "password"); - char *psswrd = getStrH(data, "psswrd"); char *psswrdH = getStrH(Rd->stuff, "passwordHash"); char *psswrdS = getStrH(Rd->stuff, "passwordSalt"); @@ -3804,13 +3803,11 @@ static int validatePassword(reqData *Rd, qhashtbl_t *data) // explicit_bzero() is the magic to properly wipe things, and it exists, but the damn thing manages to hide itself. // So gotta make sure it's actually used, to avoid the compiler optimizing bzero() away. // explicit_bzero(password, strlen(password)); -// explicit_bzero(psswrd, strlen(psswrd)); bzero(password, strlen(password)); - bzero(psswrd, strlen(psswrd)); if (login) - D("User logged in with %s or %s.", password, psswrd); + D("User logged in%s.", password); else - D("Account created with %s or %s.", password, psswrd); + D("Account created%s.", password); return ret; } @@ -4000,7 +3997,6 @@ void accountCreationPage(reqData *Rd, char *message) HTMLform(Rd->reply, "", Rd->shs.munchie); HTMLhidden(Rd->reply, "name", name); HTMLhidden(Rd->reply, "UUID", getStrH(Rd->stuff, "UUID")); - HTMLhidden(Rd->reply, "psswrd", getStrH(Rd->body, "password")); HTMLtext(Rd->reply, "email", "email", "email", getStrH(Rd->stuff, "email"), 42, 254, FALSE); HTMLtext(Rd->reply, "email", "Repeat your email, to be sure you got it correct", "emayl", getStrH(Rd->stuff, "emayl"), 42, 254, FALSE); Rd->reply->addstr(Rd->reply, "
A validation email will be sent to this email address, you will need to click on the link in it to continue your account creation.
\n"); @@ -4136,7 +4132,6 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile) newValidFunc("UUID", (fieldValidFunc) validateUUID); newValidFunc("name", (fieldValidFunc) validateName); newValidFunc("password", (fieldValidFunc) validatePassword); - newValidFunc("psswrd", (fieldValidFunc) validatePassword); newValidFunc("email", (fieldValidFunc) validateEmail); newValidFunc("emayl", (fieldValidFunc) validateEmail); newValidFunc("year", (fieldValidFunc) validateDoB); -- cgit v1.1