129 lines
2.3 KiB
C++
Executable File
129 lines
2.3 KiB
C++
Executable File
/*
|
|
* This file is a part of Winix
|
|
* and is not publicly distributed
|
|
*
|
|
* Copyright (c) 2008-2011, Tomasz Sowa
|
|
* All rights reserved.
|
|
*
|
|
*/
|
|
|
|
#include "login.h"
|
|
#include "utf8.h"
|
|
|
|
|
|
|
|
namespace Fun
|
|
{
|
|
|
|
Login::Login()
|
|
{
|
|
fun.url = L"login";
|
|
}
|
|
|
|
|
|
void Login::ClearTmpStruct()
|
|
{
|
|
system->crypt.ClearString(pass_decrypted);
|
|
system->crypt.ClearString(pass_hashed);
|
|
system->crypt.ClearString(up.pass);
|
|
system->crypt.ClearString(up.pass_encrypted);
|
|
system->crypt.ClearString(up2.pass);
|
|
system->crypt.ClearString(up2.pass_encrypted);
|
|
}
|
|
|
|
|
|
|
|
bool Login::CheckPasswords(const std::wstring & password)
|
|
{
|
|
if( !up.pass_encrypted.empty() )
|
|
{
|
|
if( system->crypt.RSA(false, config->pass_rsa_private_key, up.pass_encrypted, pass_decrypted) )
|
|
{
|
|
Ezc::UTF8ToWide(pass_decrypted, up.pass);
|
|
}
|
|
else
|
|
{
|
|
log << log1 << "Login: I cannot decrypt a stored password, login failure" << logend;
|
|
return false;
|
|
}
|
|
}
|
|
|
|
pass_hashed = password;
|
|
up2.pass_type = up.pass_type;
|
|
up2.pass = password;
|
|
|
|
if( up.pass_hash_salted )
|
|
salt = config->pass_hash_salt;
|
|
else
|
|
salt.clear();
|
|
|
|
if( !system->crypt.PassHash(salt, up2) )
|
|
{
|
|
log << log1 << "Login: I cannot hash a password, login failure" << logend;
|
|
return false;
|
|
}
|
|
|
|
return up.pass == up2.pass;
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
this method is checking whether there is a person with that login and password
|
|
in the database
|
|
|
|
return true if it has found one and sets it user_id
|
|
*/
|
|
bool Login::CheckUserPass(const std::wstring & login, const std::wstring & password, long & user_id)
|
|
{
|
|
bool result;
|
|
|
|
if( db->GetUserPass(login, user_id, up) )
|
|
{
|
|
result = CheckPasswords(password);
|
|
}
|
|
else
|
|
{
|
|
log << log1 << "Login: there is no a user: " << login << " in the database (or an error)" << logend;
|
|
result = false;
|
|
}
|
|
|
|
ClearTmpStruct();
|
|
|
|
return result;
|
|
}
|
|
|
|
|
|
|
|
void Login::MakePost()
|
|
{
|
|
if( cur->session->id == 0 )
|
|
{
|
|
log << log1 << "Login: can't login in a temporary session (skipped)" << logend;
|
|
return;
|
|
}
|
|
|
|
const std::wstring & login = cur->request->PostVar(L"login");
|
|
const std::wstring & pass = cur->request->PostVar(L"password");
|
|
const std::wstring & remem = cur->request->PostVar(L"rememberme");
|
|
long user_id;
|
|
|
|
if( CheckUserPass(login, pass, user_id) )
|
|
{
|
|
system->users.LoginUser(user_id, !remem.empty());
|
|
}
|
|
else
|
|
{
|
|
// !! moze zglosic komunikat o nie poprawnym logowaniu
|
|
}
|
|
|
|
system->RedirectToLastItem();
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
} // namespace
|