AuthenticationResult Servatrice_DatabaseInterface::checkUserPassword(Server_ProtocolHandler *handler, const QString &user, const QString &password, const QString &clientId, QString &reasonStr, int &banSecondsLeft)
{
switch (server->getAuthenticationMethod()) {
case Servatrice::AuthenticationNone: return UnknownUser;
case Servatrice::AuthenticationPassword: {
QString configPassword = settingsCache->value("authentication/password").toString();
if (configPassword == password)
return PasswordRight;
return NotLoggedIn;
}
case Servatrice::AuthenticationSql: {
if (!checkSql())
return UnknownUser;
if (!usernameIsValid(user, reasonStr))
return UsernameInvalid;
if (checkUserIsBanned(handler->getAddress(), user, clientId, reasonStr, banSecondsLeft))
return UserIsBanned;
QSqlQuery *passwordQuery = prepareQuery("select password_sha512, active from {prefix}_users where name = :name");
passwordQuery->bindValue(":name", user);
if (!execSqlQuery(passwordQuery)) {
qDebug("Login denied: SQL error");
return NotLoggedIn;
}
if (passwordQuery->next()) {
const QString correctPassword = passwordQuery->value(0).toString();
const bool userIsActive = passwordQuery->value(1).toBool();
if(!userIsActive) {
qDebug("Login denied: user not active");
return UserIsInactive;
}
if (correctPassword == PasswordHasher::computeHash(password, correctPassword.left(16))) {
qDebug("Login accepted: password right");
return PasswordRight;
} else {
qDebug("Login denied: password wrong");
return NotLoggedIn;
}
} else {
qDebug("Login accepted: unknown user");
return UnknownUser;
}
}
}
return UnknownUser;
}
bool Servatrice_DatabaseInterface::changeUserPassword(const QString &user, const QString &oldPassword, const QString &newPassword)
{
if(server->getAuthenticationMethod() != Servatrice::AuthenticationSql)
return true;
if (!checkSql())
return true;
QString error;
if (!usernameIsValid(user, error))
return true;
QSqlQuery *passwordQuery = prepareQuery("select password_sha512 from {prefix}_users where name = :name");
passwordQuery->bindValue(":name", user);
if (!execSqlQuery(passwordQuery)) {
qDebug("Change password denied: SQL error");
return true;
}
if (!passwordQuery->next())
return true;
const QString correctPassword = passwordQuery->value(0).toString();
if (correctPassword != PasswordHasher::computeHash(oldPassword, correctPassword.left(16)))
return true;
QString passwordSha512 = PasswordHasher::computeHash(newPassword, PasswordHasher::generateRandomSalt());
passwordQuery = prepareQuery("update {prefix}_users set password_sha512=:password where name = :name");
passwordQuery->bindValue(":password", passwordSha512);
passwordQuery->bindValue(":name", user);
if (!execSqlQuery(passwordQuery)) {
qDebug("Change password denied: SQL error");
return true;
}
return false;
}
AuthenticationResult Servatrice_DatabaseInterface::checkUserPassword(Server_ProtocolHandler *handler, const QString &user, const QString &password, QString &reasonStr, int &banSecondsLeft)
{
switch (server->getAuthenticationMethod()) {
case Servatrice::AuthenticationNone: return UnknownUser;
case Servatrice::AuthenticationPassword: {
QString configPassword = settingsCache->value("authentication/password").toString();
if (configPassword == password)
return PasswordRight;
return NotLoggedIn;
}
case Servatrice::AuthenticationSql: {
if (!checkSql())
return UnknownUser;
if (!usernameIsValid(user))
return UsernameInvalid;
QSqlQuery ipBanQuery(sqlDatabase);
ipBanQuery.prepare("select time_to_sec(timediff(now(), date_add(b.time_from, interval b.minutes minute))), b.minutes <=> 0, b.visible_reason from " + server->getDbPrefix() + "_bans b where b.time_from = (select max(c.time_from) from " + server->getDbPrefix() + "_bans c where c.ip_address = :address) and b.ip_address = :address2");
ipBanQuery.bindValue(":address", static_cast<ServerSocketInterface *>(handler)->getPeerAddress().toString());
ipBanQuery.bindValue(":address2", static_cast<ServerSocketInterface *>(handler)->getPeerAddress().toString());
if (!execSqlQuery(ipBanQuery)) {
qDebug("Login denied: SQL error");
return NotLoggedIn;
}
if (ipBanQuery.next()) {
const int secondsLeft = -ipBanQuery.value(0).toInt();
const bool permanentBan = ipBanQuery.value(1).toInt();
if ((secondsLeft > 0) || permanentBan) {
reasonStr = ipBanQuery.value(2).toString();
banSecondsLeft = permanentBan ? 0 : secondsLeft;
qDebug("Login denied: banned by address");
return UserIsBanned;
}
}
QSqlQuery nameBanQuery(sqlDatabase);
nameBanQuery.prepare("select time_to_sec(timediff(now(), date_add(b.time_from, interval b.minutes minute))), b.minutes <=> 0, b.visible_reason from " + server->getDbPrefix() + "_bans b where b.time_from = (select max(c.time_from) from " + server->getDbPrefix() + "_bans c where c.user_name = :name2) and b.user_name = :name1");
nameBanQuery.bindValue(":name1", user);
nameBanQuery.bindValue(":name2", user);
if (!execSqlQuery(nameBanQuery)) {
qDebug("Login denied: SQL error");
return NotLoggedIn;
}
if (nameBanQuery.next()) {
const int secondsLeft = -nameBanQuery.value(0).toInt();
const bool permanentBan = nameBanQuery.value(1).toInt();
if ((secondsLeft > 0) || permanentBan) {
reasonStr = nameBanQuery.value(2).toString();
banSecondsLeft = permanentBan ? 0 : secondsLeft;
qDebug("Login denied: banned by name");
return UserIsBanned;
}
}
QSqlQuery passwordQuery(sqlDatabase);
passwordQuery.prepare("select password_sha512 from " + server->getDbPrefix() + "_users where name = :name and active = 1");
passwordQuery.bindValue(":name", user);
if (!execSqlQuery(passwordQuery)) {
qDebug("Login denied: SQL error");
return NotLoggedIn;
}
if (passwordQuery.next()) {
const QString correctPassword = passwordQuery.value(0).toString();
if (correctPassword == PasswordHasher::computeHash(password, correctPassword.left(16))) {
qDebug("Login accepted: password right");
return PasswordRight;
} else {
qDebug("Login denied: password wrong");
return NotLoggedIn;
}
} else {
qDebug("Login accepted: unknown user");
return UnknownUser;
}
}
}
return UnknownUser;
}
