2010-08-10 18:12:50 +02:00
|
|
|
/*
|
|
|
|
* This file is a part of Winix
|
|
|
|
* and is not publicly distributed
|
|
|
|
*
|
changed: when winix demonizes it creates a three new descriptors (0, 1 and 3)
pointing to /dev/null
added: DbBase::AssertValueBin(PGresult * r, int row, int col, std::string & result)
it reads binary (bytea) data
added: DbTextStream can handle 'bool' types now
(is puts 'true' of 'false' to the stream)
changed: now passwords can be stored either as plain text, a hash or can be encrypted
with RSA
currently we have following hashes:
md4, md5, sha1, sha224, sha256, sha384, sha512
we are using openssl to manage them
(look at config options for more info)
changed: winix version to 0.4.7
added: class Run - you can run any program from os and send a buffer to its standard input
and read what the program put on its standard output
added: class Crypt (in System) - calculating hashes, and crypting/decrypting
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@734 e52654a7-88a9-db11-a3e9-0013d4bc506e
2011-06-09 23:22:08 +02:00
|
|
|
* Copyright (c) 2008-2011, Tomasz Sowa
|
2010-08-10 18:12:50 +02:00
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "adduser.h"
|
2011-06-27 23:38:19 +02:00
|
|
|
#include "core/slog.h"
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
namespace Fun
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
AddUser::AddUser()
|
|
|
|
{
|
2010-11-21 01:19:17 +01:00
|
|
|
fun.url = L"adduser";
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-06-27 23:38:19 +02:00
|
|
|
/*
|
|
|
|
checking whether login consists of allowed characters
|
|
|
|
currently all characters above 32 (space) are available
|
|
|
|
|
|
|
|
160 - unbreakable space
|
|
|
|
*/
|
|
|
|
bool AddUser::HasLoginCorrectChars(const std::wstring & login)
|
|
|
|
{
|
|
|
|
for(size_t i=0 ; i<login.size() ; ++i)
|
|
|
|
if( login[i] <= 32 || login[i]==160 )
|
|
|
|
return false;
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bool AddUser::IsLoginCorrect(const std::wstring & login)
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2010-08-12 21:10:12 +02:00
|
|
|
if( login.empty() )
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2011-06-27 23:38:19 +02:00
|
|
|
log << log3 << "AddUser: login can't be empty" << logend;
|
|
|
|
slog << logerror << T("adduser_err_login_empty") << logend;
|
2010-08-10 18:12:50 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2011-06-27 23:38:19 +02:00
|
|
|
if( !HasLoginCorrectChars(login) )
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2011-06-27 23:38:19 +02:00
|
|
|
log << log3 << "AddUser: incorrect login characters" << logend;
|
|
|
|
slog << logerror << T("adduser_err_login_incorrect_chars") << logend;
|
2010-08-10 18:12:50 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2011-06-27 23:38:19 +02:00
|
|
|
if( system->users.IsUser(login) )
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2011-06-27 23:38:19 +02:00
|
|
|
log << log3 << "AddUser: such user already exists" << logend;
|
|
|
|
slog << logerror << T("adduser_err_user_exists") << logend;
|
2010-08-10 18:12:50 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2011-06-27 23:38:19 +02:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bool AddUser::IsPasswordCorrect(const std::wstring & pass, const std::wstring & conf_pass)
|
|
|
|
{
|
|
|
|
if( pass != conf_pass )
|
|
|
|
{
|
|
|
|
log << log3 << "AddUser: passwords are different" << logend;
|
|
|
|
slog << logerror << T("adduser_err_passwords_different") << logend;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if( pass.size() < config->pass_min_size )
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2011-06-27 23:38:19 +02:00
|
|
|
log << log3 << "AddUser: password is too small" << logend;
|
|
|
|
slog << logerror << T("adduser_err_password_too_small") << " "
|
|
|
|
<< config->pass_min_size << " " << T("adduser_err_password_too_small2") << logend;
|
2010-08-10 18:12:50 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void AddUser::MakePost()
|
|
|
|
{
|
2011-06-27 23:38:19 +02:00
|
|
|
user.Clear();
|
2011-01-23 15:15:30 +01:00
|
|
|
const std::wstring & login = cur->request->PostVar(L"login");
|
|
|
|
const std::wstring & pass = cur->request->PostVar(L"password");
|
changed: when winix demonizes it creates a three new descriptors (0, 1 and 3)
pointing to /dev/null
added: DbBase::AssertValueBin(PGresult * r, int row, int col, std::string & result)
it reads binary (bytea) data
added: DbTextStream can handle 'bool' types now
(is puts 'true' of 'false' to the stream)
changed: now passwords can be stored either as plain text, a hash or can be encrypted
with RSA
currently we have following hashes:
md4, md5, sha1, sha224, sha256, sha384, sha512
we are using openssl to manage them
(look at config options for more info)
changed: winix version to 0.4.7
added: class Run - you can run any program from os and send a buffer to its standard input
and read what the program put on its standard output
added: class Crypt (in System) - calculating hashes, and crypting/decrypting
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@734 e52654a7-88a9-db11-a3e9-0013d4bc506e
2011-06-09 23:22:08 +02:00
|
|
|
const std::wstring & conf_pass = cur->request->PostVar(L"passwordconfirm");
|
2010-08-10 18:12:50 +02:00
|
|
|
|
2011-06-27 23:38:19 +02:00
|
|
|
if( !IsLoginCorrect(login) || !IsPasswordCorrect(pass, conf_pass) )
|
2010-08-10 18:12:50 +02:00
|
|
|
return;
|
|
|
|
|
2010-08-12 21:10:12 +02:00
|
|
|
user.name = login;
|
2011-01-23 15:15:30 +01:00
|
|
|
user.email = cur->request->PostVar(L"email");
|
2010-08-10 18:12:50 +02:00
|
|
|
|
changed: when winix demonizes it creates a three new descriptors (0, 1 and 3)
pointing to /dev/null
added: DbBase::AssertValueBin(PGresult * r, int row, int col, std::string & result)
it reads binary (bytea) data
added: DbTextStream can handle 'bool' types now
(is puts 'true' of 'false' to the stream)
changed: now passwords can be stored either as plain text, a hash or can be encrypted
with RSA
currently we have following hashes:
md4, md5, sha1, sha224, sha256, sha384, sha512
we are using openssl to manage them
(look at config options for more info)
changed: winix version to 0.4.7
added: class Run - you can run any program from os and send a buffer to its standard input
and read what the program put on its standard output
added: class Crypt (in System) - calculating hashes, and crypting/decrypting
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@734 e52654a7-88a9-db11-a3e9-0013d4bc506e
2011-06-09 23:22:08 +02:00
|
|
|
up.pass = pass;
|
|
|
|
system->crypt.PassHashCrypt(up);
|
|
|
|
|
|
|
|
cur->request->status = db->AddUser(user, up.pass, up.pass_encrypted, up.pass_type, up.pass_hash_salted);
|
2010-08-10 18:12:50 +02:00
|
|
|
|
2011-01-23 15:15:30 +01:00
|
|
|
if( cur->request->status == WINIX_ERR_OK )
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
|
|
|
if( system->users.AddUser(user) )
|
|
|
|
{
|
2011-01-23 15:15:30 +01:00
|
|
|
if( !cur->session->puser )
|
2010-08-10 18:12:50 +02:00
|
|
|
system->users.LoginUser(user.id, false);
|
|
|
|
|
2011-06-27 23:38:19 +02:00
|
|
|
log << log2 << "AddUser: added a new user: " << user.name << logend;
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2011-06-27 23:38:19 +02:00
|
|
|
log << log1 << "AddUser: I can't add to system->users: " << user.name
|
2010-08-10 18:12:50 +02:00
|
|
|
<< " but the user was added to the db correctly" << logend;
|
|
|
|
}
|
|
|
|
|
|
|
|
system->RedirectToLastItem();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
changed: when winix demonizes it creates a three new descriptors (0, 1 and 3)
pointing to /dev/null
added: DbBase::AssertValueBin(PGresult * r, int row, int col, std::string & result)
it reads binary (bytea) data
added: DbTextStream can handle 'bool' types now
(is puts 'true' of 'false' to the stream)
changed: now passwords can be stored either as plain text, a hash or can be encrypted
with RSA
currently we have following hashes:
md4, md5, sha1, sha224, sha256, sha384, sha512
we are using openssl to manage them
(look at config options for more info)
changed: winix version to 0.4.7
added: class Run - you can run any program from os and send a buffer to its standard input
and read what the program put on its standard output
added: class Crypt (in System) - calculating hashes, and crypting/decrypting
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@734 e52654a7-88a9-db11-a3e9-0013d4bc506e
2011-06-09 23:22:08 +02:00
|
|
|
void AddUser::MakeGet()
|
|
|
|
{
|
|
|
|
}
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
|
|
|
|
} // namespace
|