QSqlQuery query(db);
query.prepare(queryString("insert_quasseluser"));
query.bindValue(":username", user);
- query.bindValue(":password", cryptedPassword(password));
+ query.bindValue(":password", hashPassword(password));
+ query.bindValue(":hashversion", Storage::HashVersion::Latest);
lockForWrite();
safeExec(query);
if (query.lastError().isValid() && query.lastError().number() == 19) { // user already exists - sadly 19 seems to be the general constraint violation error...
QSqlQuery query(db);
query.prepare(queryString("update_userpassword"));
query.bindValue(":userid", user.toInt());
- query.bindValue(":password", cryptedPassword(password));
+ query.bindValue(":password", hashPassword(password));
+ query.bindValue(":hashversion", Storage::HashVersion::Latest);
lockForWrite();
safeExec(query);
success = query.numRowsAffected() != 0;
UserId SqliteStorage::validateUser(const QString &user, const QString &password)
{
UserId userId;
+ QString hashedPassword;
+ Storage::HashVersion hashVersion;
{
QSqlQuery query(logDb());
query.prepare(queryString("select_authuser"));
query.bindValue(":username", user);
- query.bindValue(":password", cryptedPassword(password));
lockForRead();
safeExec(query);
if (query.first()) {
userId = query.value(0).toInt();
+ hashedPassword = query.value(1).toString();
+ hashVersion = static_cast<Storage::HashVersion>(query.value(2).toInt());
}
}
unlock();
- return userId;
+ UserId returnUserId;
+ if (userId != 0 && checkHashedPassword(userId, password, hashedPassword, hashVersion)) {
+ returnUserId = userId;
+ }
+ return returnUserId;
}
QSqlQuery query(db);
query.prepare(queryString("update_buffer_persistent_channel"));
query.bindValue(":userid", user.toInt());
- query.bindValue(":networkId", networkId.toInt());
+ query.bindValue(":networkid", networkId.toInt());
query.bindValue(":buffercname", channel.toLower());
query.bindValue(":joined", isJoined ? 1 : 0);
QSqlQuery query(db);
query.prepare(queryString("update_buffer_set_channel_key"));
query.bindValue(":userid", user.toInt());
- query.bindValue(":networkId", networkId.toInt());
+ query.bindValue(":networkid", networkId.toInt());
query.bindValue(":buffercname", channel.toLower());
query.bindValue(":key", key);
user.id = value(0).toInt();
user.username = value(1).toString();
user.password = value(2).toString();
+ user.hashversion = value(3).toInt();
return true;
}