X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fsqlitestorage.cpp;h=46e2c70e981b580bb798660c6a5fad4852a1792d;hp=b9686798c3e3da7db7876f8ad2504ed56deddd15;hb=5923f262cc695f0fe0a06757ef3411688747066a;hpb=9d54503555534a2c554f09a33df6afa33d6308ec diff --git a/src/core/sqlitestorage.cpp b/src/core/sqlitestorage.cpp index b9686798..46e2c70e 100644 --- a/src/core/sqlitestorage.cpp +++ b/src/core/sqlitestorage.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2014 by the Quassel Project * + * Copyright (C) 2005-2015 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -129,7 +129,8 @@ UserId SqliteStorage::addUser(const QString &user, const QString &password) QSqlQuery query(db); query.prepare(queryString("insert_quasseluser")); query.bindValue(":username", user); - query.bindValue(":password", cryptedPassword(password)); + query.bindValue(":password", hashPassword(password)); + query.bindValue(":hashversion", Storage::HashVersion::Latest); lockForWrite(); safeExec(query); if (query.lastError().isValid() && query.lastError().number() == 19) { // user already exists - sadly 19 seems to be the general constraint violation error... @@ -158,7 +159,8 @@ bool SqliteStorage::updateUser(UserId user, const QString &password) QSqlQuery query(db); query.prepare(queryString("update_userpassword")); query.bindValue(":userid", user.toInt()); - query.bindValue(":password", cryptedPassword(password)); + query.bindValue(":password", hashPassword(password)); + query.bindValue(":hashversion", Storage::HashVersion::Latest); lockForWrite(); safeExec(query); success = query.numRowsAffected() != 0; @@ -190,23 +192,30 @@ void SqliteStorage::renameUser(UserId user, const QString &newName) UserId SqliteStorage::validateUser(const QString &user, const QString &password) { UserId userId; + QString hashedPassword; + Storage::HashVersion hashVersion; { QSqlQuery query(logDb()); query.prepare(queryString("select_authuser")); query.bindValue(":username", user); - query.bindValue(":password", cryptedPassword(password)); lockForRead(); safeExec(query); if (query.first()) { userId = query.value(0).toInt(); + hashedPassword = query.value(1).toString(); + hashVersion = static_cast(query.value(2).toInt()); } } unlock(); - return userId; + UserId returnUserId; + if (userId != 0 && checkHashedPassword(userId, password, hashedPassword, hashVersion)) { + returnUserId = userId; + } + return returnUserId; } @@ -828,9 +837,9 @@ QList SqliteStorage::networks(UserId user) net.networkId = networksQuery.value(0).toInt(); net.networkName = networksQuery.value(1).toString(); net.identity = networksQuery.value(2).toInt(); - net.codecForServer = networksQuery.value(3).toString().toAscii(); - net.codecForEncoding = networksQuery.value(4).toString().toAscii(); - net.codecForDecoding = networksQuery.value(5).toString().toAscii(); + net.codecForServer = networksQuery.value(3).toString().toLatin1(); + net.codecForEncoding = networksQuery.value(4).toString().toLatin1(); + net.codecForDecoding = networksQuery.value(5).toString().toLatin1(); net.useRandomServer = networksQuery.value(6).toInt() == 1 ? true : false; net.perform = networksQuery.value(7).toString().split("\n"); net.useAutoIdentify = networksQuery.value(8).toInt() == 1 ? true : false; @@ -1110,7 +1119,7 @@ BufferInfo SqliteStorage::bufferInfo(UserId user, const NetworkId &networkId, Bu qCritical() << " bound Values:"; QList list = query.boundValues().values(); for (int i = 0; i < list.size(); ++i) - qCritical() << i << ":" << list.at(i).toString().toAscii().data(); + qCritical() << i << ":" << list.at(i).toString().toLatin1().data(); Q_ASSERT(false); } }