From fb97941aad40d5c1c59db029d0e2c529d30ac63e Mon Sep 17 00:00:00 2001
From: onefang
Date: Tue, 17 Mar 2020 12:37:34 +1000
Subject: Don't pass around psswrd anymore.

Coz we do the old hash, salt, and store trick now.

And I mean tho OLD one, we are still compatible with SL's 2006 insecure
password tech.
---
 src/sledjchisl/sledjchisl.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c
index 36ba0dc..b5ee0f8 100644
--- a/src/sledjchisl/sledjchisl.c
+++ b/src/sledjchisl/sledjchisl.c
@@ -3625,7 +3625,6 @@ static int validatePassword(reqData *Rd, qhashtbl_t *data)
   boolean create = strcmp("create", Rd->doit) == 0;
   int ret = 0;
   char *password = getStrH(data, "password");
-  char *psswrd   = getStrH(data, "psswrd");
   char *psswrdH  = getStrH(Rd->stuff, "passwordHash");
   char *psswrdS  = getStrH(Rd->stuff, "passwordSalt");
 
@@ -3804,13 +3803,11 @@ static int validatePassword(reqData *Rd, qhashtbl_t *data)
   // explicit_bzero() is the magic to properly wipe things, and it exists, but the damn thing manages to hide itself.
   // So gotta make sure it's actually used, to avoid the compiler optimizing bzero() away.
 //  explicit_bzero(password, strlen(password));
-//  explicit_bzero(psswrd, strlen(psswrd));
   bzero(password, strlen(password));
-  bzero(psswrd, strlen(psswrd));
   if (login)
-    D("User logged in with %s or %s.", password, psswrd);
+    D("User logged in%s.", password);
   else
-    D("Account created with %s or %s.", password, psswrd);
+    D("Account created%s.", password);
 
   return ret;
 }
@@ -4000,7 +3997,6 @@ void accountCreationPage(reqData *Rd, char *message)
   HTMLform(Rd->reply, "", Rd->shs.munchie);
     HTMLhidden(Rd->reply, "name", name);
     HTMLhidden(Rd->reply, "UUID", getStrH(Rd->stuff, "UUID"));
-    HTMLhidden(Rd->reply, "psswrd", getStrH(Rd->body, "password"));
     HTMLtext(Rd->reply, "email", "email", "email", getStrH(Rd->stuff, "email"), 42, 254, FALSE);
     HTMLtext(Rd->reply, "email", "Repeat your email, to be sure you got it correct", "emayl", getStrH(Rd->stuff, "emayl"), 42, 254, FALSE);
     Rd->reply->addstr(Rd->reply, "<p>A validation email will be sent to this email address, you will need to click on the link in it to continue your account creation.</p>\n");
@@ -4136,7 +4132,6 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile)
     newValidFunc("UUID",		(fieldValidFunc) validateUUID);
     newValidFunc("name",		(fieldValidFunc) validateName);
     newValidFunc("password",		(fieldValidFunc) validatePassword);
-    newValidFunc("psswrd",		(fieldValidFunc) validatePassword);
     newValidFunc("email",		(fieldValidFunc) validateEmail);
     newValidFunc("emayl",		(fieldValidFunc) validateEmail);
     newValidFunc("year",		(fieldValidFunc) validateDoB);
-- 
cgit v1.1