bool Password::operator==(const Password &other) const { // make sure we are comparing the same levels of hashing if (getLevel() == other.getLevel()) { return password == other.password; } else if (getLevel() < other.getLevel()) { Password hashedPassword(*this); hashedPassword.increaseLevel(other.getLevel()); return hashedPassword == other; } else { Password hashedPassword(other); hashedPassword.increaseLevel(getLevel()); return hashedPassword == *this; } }
bool Database::checkAccountPassword(const std::string& username, const std::string& password) { // Prepare statement. std::string statementString("SELECT id FROM `players` WHERE username=:username AND hashedPassword=:hashedPassword"); sqlite3_stmt* statement; m_lastError = sqlite3_prepare(m_db, statementString.c_str(), statementString.size(), &statement, nullptr); if(m_lastError != SQLITE_OK) return false; std::string hashedPassword(""); /// /!\ Hash the password. // Bind parameters. int usernameParameterIndex = sqlite3_bind_parameter_index(statement, ":username"); int hashedPasswordParameterIndex = sqlite3_bind_parameter_index(statement, ":hashedPassword"); sqlite3_bind_text(statement, usernameParameterIndex, username.c_str(), username.size(), nullptr); sqlite3_bind_text(statement, hashedPasswordParameterIndex, hashedPassword.c_str(), hashedPassword.size(), nullptr); // Execute. while(true) { int status = sqlite3_step(statement); if(status == SQLITE_BUSY) continue; bool result = (status == SQLITE_ROW); // Free. sqlite3_finalize(statement); return result; } }
void UserDialog::addUser() { QSqlRecord record; QSqlField id("id", QVariant::Int); QSqlField username("username", QVariant::String); QSqlField email("email", QVariant::String); QSqlField hashedPassword("hashed_password", QVariant::String); QSqlField salt("salt", QVariant::String); QSqlField roleId("role_id", QVariant::Int); id.setAutoValue(true); username.setValue(QVariant(usernameLineEdit->text())); email.setValue(QVariant(emailLineEdit->text())); QString generatedSalt = QUuid::createUuid().toString(); QString generatedHashedPassword = QCryptographicHash::hash(passwordLineEdit->text().toAscii() + generatedSalt.toAscii(), QCryptographicHash::Sha1); hashedPassword.setValue(QVariant(generatedHashedPassword)); salt.setValue(QVariant(generatedSalt)); roleId.setValue(QVariant(getRoleId())); record.append(id); record.append(username); record.append(email); record.append(hashedPassword); record.append(salt); record.append(roleId); if(isFieldInputValid() && !isPasswordEmpty() && !userExists() && userModel->insertRecord(-1, record)) { accept(); } else { userModel->revertAll(); } }