AuthenticationResult Servatrice_DatabaseInterface::checkUserPassword(Server_ProtocolHandler *handler, const QString &user, const QString &password, const QString &clientId, QString &reasonStr, int &banSecondsLeft) { switch (server->getAuthenticationMethod()) { case Servatrice::AuthenticationNone: return UnknownUser; case Servatrice::AuthenticationPassword: { QString configPassword = settingsCache->value("authentication/password").toString(); if (configPassword == password) return PasswordRight; return NotLoggedIn; } case Servatrice::AuthenticationSql: { if (!checkSql()) return UnknownUser; if (!usernameIsValid(user, reasonStr)) return UsernameInvalid; if (checkUserIsBanned(handler->getAddress(), user, clientId, reasonStr, banSecondsLeft)) return UserIsBanned; QSqlQuery *passwordQuery = prepareQuery("select password_sha512, active from {prefix}_users where name = :name"); passwordQuery->bindValue(":name", user); if (!execSqlQuery(passwordQuery)) { qDebug("Login denied: SQL error"); return NotLoggedIn; } if (passwordQuery->next()) { const QString correctPassword = passwordQuery->value(0).toString(); const bool userIsActive = passwordQuery->value(1).toBool(); if(!userIsActive) { qDebug("Login denied: user not active"); return UserIsInactive; } if (correctPassword == PasswordHasher::computeHash(password, correctPassword.left(16))) { qDebug("Login accepted: password right"); return PasswordRight; } else { qDebug("Login denied: password wrong"); return NotLoggedIn; } } else { qDebug("Login accepted: unknown user"); return UnknownUser; } } } return UnknownUser; }
bool Servatrice_DatabaseInterface::changeUserPassword(const QString &user, const QString &oldPassword, const QString &newPassword) { if(server->getAuthenticationMethod() != Servatrice::AuthenticationSql) return true; if (!checkSql()) return true; QString error; if (!usernameIsValid(user, error)) return true; QSqlQuery *passwordQuery = prepareQuery("select password_sha512 from {prefix}_users where name = :name"); passwordQuery->bindValue(":name", user); if (!execSqlQuery(passwordQuery)) { qDebug("Change password denied: SQL error"); return true; } if (!passwordQuery->next()) return true; const QString correctPassword = passwordQuery->value(0).toString(); if (correctPassword != PasswordHasher::computeHash(oldPassword, correctPassword.left(16))) return true; QString passwordSha512 = PasswordHasher::computeHash(newPassword, PasswordHasher::generateRandomSalt()); passwordQuery = prepareQuery("update {prefix}_users set password_sha512=:password where name = :name"); passwordQuery->bindValue(":password", passwordSha512); passwordQuery->bindValue(":name", user); if (!execSqlQuery(passwordQuery)) { qDebug("Change password denied: SQL error"); return true; } return false; }
AuthenticationResult Servatrice_DatabaseInterface::checkUserPassword(Server_ProtocolHandler *handler, const QString &user, const QString &password, QString &reasonStr, int &banSecondsLeft) { switch (server->getAuthenticationMethod()) { case Servatrice::AuthenticationNone: return UnknownUser; case Servatrice::AuthenticationPassword: { QString configPassword = settingsCache->value("authentication/password").toString(); if (configPassword == password) return PasswordRight; return NotLoggedIn; } case Servatrice::AuthenticationSql: { if (!checkSql()) return UnknownUser; if (!usernameIsValid(user)) return UsernameInvalid; QSqlQuery ipBanQuery(sqlDatabase); ipBanQuery.prepare("select time_to_sec(timediff(now(), date_add(b.time_from, interval b.minutes minute))), b.minutes <=> 0, b.visible_reason from " + server->getDbPrefix() + "_bans b where b.time_from = (select max(c.time_from) from " + server->getDbPrefix() + "_bans c where c.ip_address = :address) and b.ip_address = :address2"); ipBanQuery.bindValue(":address", static_cast<ServerSocketInterface *>(handler)->getPeerAddress().toString()); ipBanQuery.bindValue(":address2", static_cast<ServerSocketInterface *>(handler)->getPeerAddress().toString()); if (!execSqlQuery(ipBanQuery)) { qDebug("Login denied: SQL error"); return NotLoggedIn; } if (ipBanQuery.next()) { const int secondsLeft = -ipBanQuery.value(0).toInt(); const bool permanentBan = ipBanQuery.value(1).toInt(); if ((secondsLeft > 0) || permanentBan) { reasonStr = ipBanQuery.value(2).toString(); banSecondsLeft = permanentBan ? 0 : secondsLeft; qDebug("Login denied: banned by address"); return UserIsBanned; } } QSqlQuery nameBanQuery(sqlDatabase); nameBanQuery.prepare("select time_to_sec(timediff(now(), date_add(b.time_from, interval b.minutes minute))), b.minutes <=> 0, b.visible_reason from " + server->getDbPrefix() + "_bans b where b.time_from = (select max(c.time_from) from " + server->getDbPrefix() + "_bans c where c.user_name = :name2) and b.user_name = :name1"); nameBanQuery.bindValue(":name1", user); nameBanQuery.bindValue(":name2", user); if (!execSqlQuery(nameBanQuery)) { qDebug("Login denied: SQL error"); return NotLoggedIn; } if (nameBanQuery.next()) { const int secondsLeft = -nameBanQuery.value(0).toInt(); const bool permanentBan = nameBanQuery.value(1).toInt(); if ((secondsLeft > 0) || permanentBan) { reasonStr = nameBanQuery.value(2).toString(); banSecondsLeft = permanentBan ? 0 : secondsLeft; qDebug("Login denied: banned by name"); return UserIsBanned; } } QSqlQuery passwordQuery(sqlDatabase); passwordQuery.prepare("select password_sha512 from " + server->getDbPrefix() + "_users where name = :name and active = 1"); passwordQuery.bindValue(":name", user); if (!execSqlQuery(passwordQuery)) { qDebug("Login denied: SQL error"); return NotLoggedIn; } if (passwordQuery.next()) { const QString correctPassword = passwordQuery.value(0).toString(); if (correctPassword == PasswordHasher::computeHash(password, correctPassword.left(16))) { qDebug("Login accepted: password right"); return PasswordRight; } else { qDebug("Login denied: password wrong"); return NotLoggedIn; } } else { qDebug("Login accepted: unknown user"); return UnknownUser; } } } return UnknownUser; }