2010-08-10 18:12:50 +02:00
|
|
|
/*
|
|
|
|
* This file is a part of Winix
|
|
|
|
* and is not publicly distributed
|
|
|
|
*
|
changed: when winix demonizes it creates a three new descriptors (0, 1 and 3)
pointing to /dev/null
added: DbBase::AssertValueBin(PGresult * r, int row, int col, std::string & result)
it reads binary (bytea) data
added: DbTextStream can handle 'bool' types now
(is puts 'true' of 'false' to the stream)
changed: now passwords can be stored either as plain text, a hash or can be encrypted
with RSA
currently we have following hashes:
md4, md5, sha1, sha224, sha256, sha384, sha512
we are using openssl to manage them
(look at config options for more info)
changed: winix version to 0.4.7
added: class Run - you can run any program from os and send a buffer to its standard input
and read what the program put on its standard output
added: class Crypt (in System) - calculating hashes, and crypting/decrypting
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@734 e52654a7-88a9-db11-a3e9-0013d4bc506e
2011-06-09 23:22:08 +02:00
|
|
|
* Copyright (c) 2008-2011, Tomasz Sowa
|
2010-08-10 18:12:50 +02:00
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "login.h"
|
changed: when winix demonizes it creates a three new descriptors (0, 1 and 3)
pointing to /dev/null
added: DbBase::AssertValueBin(PGresult * r, int row, int col, std::string & result)
it reads binary (bytea) data
added: DbTextStream can handle 'bool' types now
(is puts 'true' of 'false' to the stream)
changed: now passwords can be stored either as plain text, a hash or can be encrypted
with RSA
currently we have following hashes:
md4, md5, sha1, sha224, sha256, sha384, sha512
we are using openssl to manage them
(look at config options for more info)
changed: winix version to 0.4.7
added: class Run - you can run any program from os and send a buffer to its standard input
and read what the program put on its standard output
added: class Crypt (in System) - calculating hashes, and crypting/decrypting
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@734 e52654a7-88a9-db11-a3e9-0013d4bc506e
2011-06-09 23:22:08 +02:00
|
|
|
#include "utf8.h"
|
|
|
|
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
|
|
|
|
namespace Fun
|
|
|
|
{
|
|
|
|
|
|
|
|
Login::Login()
|
|
|
|
{
|
2010-11-21 01:19:17 +01:00
|
|
|
fun.url = L"login";
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
changed: when winix demonizes it creates a three new descriptors (0, 1 and 3)
pointing to /dev/null
added: DbBase::AssertValueBin(PGresult * r, int row, int col, std::string & result)
it reads binary (bytea) data
added: DbTextStream can handle 'bool' types now
(is puts 'true' of 'false' to the stream)
changed: now passwords can be stored either as plain text, a hash or can be encrypted
with RSA
currently we have following hashes:
md4, md5, sha1, sha224, sha256, sha384, sha512
we are using openssl to manage them
(look at config options for more info)
changed: winix version to 0.4.7
added: class Run - you can run any program from os and send a buffer to its standard input
and read what the program put on its standard output
added: class Crypt (in System) - calculating hashes, and crypting/decrypting
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@734 e52654a7-88a9-db11-a3e9-0013d4bc506e
2011-06-09 23:22:08 +02:00
|
|
|
void Login::ClearTmpStruct()
|
|
|
|
{
|
|
|
|
system->crypt.ClearString(pass_decrypted);
|
|
|
|
system->crypt.ClearString(pass_hashed);
|
|
|
|
system->crypt.ClearString(up.pass);
|
|
|
|
system->crypt.ClearString(up.pass_encrypted);
|
|
|
|
system->crypt.ClearString(up2.pass);
|
|
|
|
system->crypt.ClearString(up2.pass_encrypted);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bool Login::CheckPasswords(const std::wstring & password)
|
|
|
|
{
|
|
|
|
if( !up.pass_encrypted.empty() )
|
|
|
|
{
|
|
|
|
if( system->crypt.RSA(false, config->pass_rsa_private_key, up.pass_encrypted, pass_decrypted) )
|
|
|
|
{
|
|
|
|
Ezc::UTF8ToWide(pass_decrypted, up.pass);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
log << log1 << "Login: I cannot decrypt a stored password, login failure" << logend;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pass_hashed = password;
|
|
|
|
up2.pass_type = up.pass_type;
|
|
|
|
up2.pass = password;
|
|
|
|
|
|
|
|
if( up.pass_hash_salted )
|
|
|
|
salt = config->pass_hash_salt;
|
|
|
|
else
|
|
|
|
salt.clear();
|
|
|
|
|
|
|
|
if( !system->crypt.PassHash(salt, up2) )
|
|
|
|
{
|
|
|
|
log << log1 << "Login: I cannot hash a password, login failure" << logend;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return up.pass == up2.pass;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
this method is checking whether there is a person with that login and password
|
|
|
|
in the database
|
|
|
|
|
|
|
|
return true if it has found one and sets it user_id
|
|
|
|
*/
|
|
|
|
bool Login::CheckUserPass(const std::wstring & login, const std::wstring & password, long & user_id)
|
|
|
|
{
|
|
|
|
bool result;
|
|
|
|
|
|
|
|
if( db->GetUserPass(login, user_id, up) )
|
|
|
|
{
|
|
|
|
result = CheckPasswords(password);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
log << log1 << "Login: there is no a user: " << login << " in the database (or an error)" << logend;
|
|
|
|
result = false;
|
|
|
|
}
|
|
|
|
|
|
|
|
ClearTmpStruct();
|
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
void Login::MakePost()
|
|
|
|
{
|
2011-01-23 15:15:30 +01:00
|
|
|
if( cur->session->id == 0 )
|
2011-01-21 17:16:52 +01:00
|
|
|
{
|
|
|
|
log << log1 << "Login: can't login in a temporary session (skipped)" << logend;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2011-01-23 15:15:30 +01:00
|
|
|
const std::wstring & login = cur->request->PostVar(L"login");
|
|
|
|
const std::wstring & pass = cur->request->PostVar(L"password");
|
|
|
|
const std::wstring & remem = cur->request->PostVar(L"rememberme");
|
2010-08-10 18:12:50 +02:00
|
|
|
long user_id;
|
|
|
|
|
changed: when winix demonizes it creates a three new descriptors (0, 1 and 3)
pointing to /dev/null
added: DbBase::AssertValueBin(PGresult * r, int row, int col, std::string & result)
it reads binary (bytea) data
added: DbTextStream can handle 'bool' types now
(is puts 'true' of 'false' to the stream)
changed: now passwords can be stored either as plain text, a hash or can be encrypted
with RSA
currently we have following hashes:
md4, md5, sha1, sha224, sha256, sha384, sha512
we are using openssl to manage them
(look at config options for more info)
changed: winix version to 0.4.7
added: class Run - you can run any program from os and send a buffer to its standard input
and read what the program put on its standard output
added: class Crypt (in System) - calculating hashes, and crypting/decrypting
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@734 e52654a7-88a9-db11-a3e9-0013d4bc506e
2011-06-09 23:22:08 +02:00
|
|
|
if( CheckUserPass(login, pass, user_id) )
|
|
|
|
{
|
2010-08-12 21:10:12 +02:00
|
|
|
system->users.LoginUser(user_id, !remem.empty());
|
changed: when winix demonizes it creates a three new descriptors (0, 1 and 3)
pointing to /dev/null
added: DbBase::AssertValueBin(PGresult * r, int row, int col, std::string & result)
it reads binary (bytea) data
added: DbTextStream can handle 'bool' types now
(is puts 'true' of 'false' to the stream)
changed: now passwords can be stored either as plain text, a hash or can be encrypted
with RSA
currently we have following hashes:
md4, md5, sha1, sha224, sha256, sha384, sha512
we are using openssl to manage them
(look at config options for more info)
changed: winix version to 0.4.7
added: class Run - you can run any program from os and send a buffer to its standard input
and read what the program put on its standard output
added: class Crypt (in System) - calculating hashes, and crypting/decrypting
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@734 e52654a7-88a9-db11-a3e9-0013d4bc506e
2011-06-09 23:22:08 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
// !! moze zglosic komunikat o nie poprawnym logowaniu
|
|
|
|
}
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
system->RedirectToLastItem();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
} // namespace
|