X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fsqlitestorage.cpp;h=354b340a91800ee3af4dff9db2c0ee0d2dcb873e;hp=837e6b8ac881992a8ab4a6cbbe29abe60652c41a;hb=dbd5ce3ab41367dab975159c2d78dbed5aafcd54;hpb=e50ae7a06fc4e5d3a911c361d30953410deab609

diff --git a/src/core/sqlitestorage.cpp b/src/core/sqlitestorage.cpp
index 837e6b8a..354b340a 100644
--- a/src/core/sqlitestorage.cpp
+++ b/src/core/sqlitestorage.cpp
@@ -129,7 +129,8 @@ UserId SqliteStorage::addUser(const QString &user, const QString &password)
         QSqlQuery query(db);
         query.prepare(queryString("insert_quasseluser"));
         query.bindValue(":username", user);
-        query.bindValue(":password", cryptedPassword(password));
+        query.bindValue(":password", hashPassword(password));
+        query.bindValue(":hashversion", Storage::HashVersion::Latest);
         lockForWrite();
         safeExec(query);
         if (query.lastError().isValid() && query.lastError().number() == 19) { // user already exists - sadly 19 seems to be the general constraint violation error...
@@ -158,7 +159,8 @@ bool SqliteStorage::updateUser(UserId user, const QString &password)
         QSqlQuery query(db);
         query.prepare(queryString("update_userpassword"));
         query.bindValue(":userid", user.toInt());
-        query.bindValue(":password", cryptedPassword(password));
+        query.bindValue(":password", hashPassword(password));
+        query.bindValue(":hashversion", Storage::HashVersion::Latest);
         lockForWrite();
         safeExec(query);
         success = query.numRowsAffected() != 0;
@@ -190,23 +192,30 @@ void SqliteStorage::renameUser(UserId user, const QString &newName)
 UserId SqliteStorage::validateUser(const QString &user, const QString &password)
 {
     UserId userId;
+    QString hashedPassword;
+    Storage::HashVersion hashVersion;
 
     {
         QSqlQuery query(logDb());
         query.prepare(queryString("select_authuser"));
         query.bindValue(":username", user);
-        query.bindValue(":password", cryptedPassword(password));
 
         lockForRead();
         safeExec(query);
 
         if (query.first()) {
             userId = query.value(0).toInt();
+            hashedPassword = query.value(1).toString();
+            hashVersion = static_cast<Storage::HashVersion>(query.value(2).toInt());
         }
     }
     unlock();
 
-    return userId;
+    UserId returnUserId;
+    if (userId != 0 && checkHashedPassword(userId, password, hashedPassword, hashVersion)) {
+        returnUserId = userId;
+    }
+    return returnUserId;
 }
 
 
@@ -959,7 +968,7 @@ void SqliteStorage::setChannelPersistent(UserId user, const NetworkId &networkId
         QSqlQuery query(db);
         query.prepare(queryString("update_buffer_persistent_channel"));
         query.bindValue(":userid", user.toInt());
-        query.bindValue(":networkId", networkId.toInt());
+        query.bindValue(":networkid", networkId.toInt());
         query.bindValue(":buffercname", channel.toLower());
         query.bindValue(":joined", isJoined ? 1 : 0);
 
@@ -981,7 +990,7 @@ void SqliteStorage::setPersistentChannelKey(UserId user, const NetworkId &networ
         QSqlQuery query(db);
         query.prepare(queryString("update_buffer_set_channel_key"));
         query.bindValue(":userid", user.toInt());
-        query.bindValue(":networkId", networkId.toInt());
+        query.bindValue(":networkid", networkId.toInt());
         query.bindValue(":buffercname", channel.toLower());
         query.bindValue(":key", key);