bbs/magicka
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup users.c.

Browse Source 
This started with using bounded operations on strings,
and morphed to introducing a utility function to open
the USERS SQLite3 database and then a general cleanup.

This needs testing.

Signed-off-by: Dan Cross <patchdev@fat-dragon.org>
This commit is contained in:
Dan Cross 2018-10-15 18:19:54 +00:00 committed by Andrew Pamment
parent f1361379af
commit 58481b88eb
1 changed files with 226 additions and 325 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

551
src/users.c
View File

@ -15,6 +15,18 @@
extern struct bbs_config conf; extern struct bbs_config conf;
extern struct user_record *gUser; extern struct user_record *gUser;
static void open_users_db_or_die(sqlite3 **db) {
char buffer[PATH_MAX];
snprintf(buffer, PATH_MAX, "%s/users.sq3", conf.bbs_path);
if (sqlite3_open(buffer, db) != SQLITE_OK) {
dolog("Cannot open database: %s", sqlite3_errmsg(*db));
sqlite3_close(*db);
exit(1);
}
assert(db != NULL);
sqlite3_busy_timeout(*db, 5000);
}
char *hash_sha256(char *pass, char *salt) { char *hash_sha256(char *pass, char *salt) {
char *buffer = NULL; char *buffer = NULL;
char *shash = NULL; char *shash = NULL;
@ -30,14 +42,13 @@ char *hash_sha256(char *pass, char *salt) {
if (EVP_DigestInit_ex(context, EVP_sha256(), NULL)) { if (EVP_DigestInit_ex(context, EVP_sha256(), NULL)) {
if (EVP_DigestUpdate(context, buffer, strlen(buffer))) { if (EVP_DigestUpdate(context, buffer, strlen(buffer))) {
if (EVP_DigestFinal_ex(context, hash, &length_of_hash)) { if (EVP_DigestFinal_ex(context, hash, &length_of_hash)) {
stralloc shash = EMPTY_STRALLOC;
shash = (char *)malloz(length_of_hash * 2 + 1); for (i = 0; i < length_of_hash; i++)
for (i = 0; i < length_of_hash; i++) { stralloc_cat_byte(&shash, hash[i]);
sprintf(shash + (i * 2), "%02x", (int)hash[i]); stralloc_0(&shash);
}
EVP_MD_CTX_free(context); EVP_MD_CTX_free(context);
free(buffer); free(buffer);
return shash; return shash.s;
} }
} }
} }
@ -87,55 +98,50 @@ static int secLevel(void *user, const char *section, const char *name,
} }
int save_user(struct user_record *user) { int save_user(struct user_record *user) {
char buffer[PATH_MAX]; sqlite3 *db = NULL;
sqlite3 *db; sqlite3_stmt *res = NULL;
sqlite3_stmt *res; int rc = 0;
int rc;
char *update_sql = "UPDATE users SET password=?, salt=?, firstname=?," const char *update_sql =
"lastname=?, email=?, location=?, sec_level=?, last_on=?, time_left=?, cur_mail_conf=?, cur_mail_area=?, cur_file_dir=?, cur_file_sub=?, times_on=?, bwavepktno=?, archiver=?, protocol=?,nodemsgs=?,codepage=?,exteditor=?,bwavestyle=?,signature=?,autosig=? where loginname LIKE ?"; "UPDATE users SET password=?, salt=?, firstname=?,"
"lastname=?, email=?, location=?, sec_level=?, last_on=?, "
"time_left=?, cur_mail_conf=?, cur_mail_area=?, "
"cur_file_dir=?, cur_file_sub=?, times_on=?, bwavepktno=?, "
"archiver=?, protocol=?,nodemsgs=?,codepage=?,exteditor=?,"
"bwavestyle=?,signature=?,autosig=? where loginname LIKE ?";
snprintf(buffer, PATH_MAX, "%s/users.sq3", conf.bbs_path); open_users_db_or_die(&db);
rc = sqlite3_open(buffer, &db);
rc = sqlite3_prepare_v2(db, update_sql, -1, &res, 0);
if (rc != SQLITE_OK) { if (rc != SQLITE_OK) {
dolog("Cannot open database: %s", sqlite3_errmsg(db)); dolog("Failed to prepare statement: %s", sqlite3_errmsg(db));
sqlite3_close(db); sqlite3_close(db);
exit(1); exit(1);
} }
sqlite3_busy_timeout(db, 5000); sqlite3_bind_text(res, 1, user->password, -1, 0);
rc = sqlite3_prepare_v2(db, update_sql, -1, &res, 0); sqlite3_bind_text(res, 2, user->salt, -1, 0);
sqlite3_bind_text(res, 3, user->firstname, -1, 0);
if (rc == SQLITE_OK) { sqlite3_bind_text(res, 4, user->lastname, -1, 0);
sqlite3_bind_text(res, 1, user->password, -1, 0); sqlite3_bind_text(res, 5, user->email, -1, 0);
sqlite3_bind_text(res, 2, user->salt, -1, 0); sqlite3_bind_text(res, 6, user->location, -1, 0);
sqlite3_bind_text(res, 3, user->firstname, -1, 0); sqlite3_bind_int(res, 7, user->sec_level);
sqlite3_bind_text(res, 4, user->lastname, -1, 0); sqlite3_bind_int(res, 8, user->laston);
sqlite3_bind_text(res, 5, user->email, -1, 0); sqlite3_bind_int(res, 9, user->timeleft);
sqlite3_bind_text(res, 6, user->location, -1, 0); sqlite3_bind_int(res, 10, user->cur_mail_conf);
sqlite3_bind_int(res, 7, user->sec_level); sqlite3_bind_int(res, 11, user->cur_mail_area);
sqlite3_bind_int(res, 8, user->laston); sqlite3_bind_int(res, 12, user->cur_file_dir);
sqlite3_bind_int(res, 9, user->timeleft); sqlite3_bind_int(res, 13, user->cur_file_sub);
sqlite3_bind_int(res, 10, user->cur_mail_conf); sqlite3_bind_int(res, 14, user->timeson);
sqlite3_bind_int(res, 11, user->cur_mail_area); sqlite3_bind_int(res, 15, user->bwavepktno);
sqlite3_bind_int(res, 12, user->cur_file_dir); sqlite3_bind_int(res, 16, user->defarchiver);
sqlite3_bind_int(res, 13, user->cur_file_sub); sqlite3_bind_int(res, 17, user->defprotocol);
sqlite3_bind_int(res, 14, user->timeson); sqlite3_bind_int(res, 18, user->nodemsgs);
sqlite3_bind_int(res, 15, user->bwavepktno); sqlite3_bind_int(res, 19, user->codepage);
sqlite3_bind_int(res, 16, user->defarchiver); sqlite3_bind_int(res, 20, user->exteditor);
sqlite3_bind_int(res, 17, user->defprotocol); sqlite3_bind_int(res, 21, user->bwavestyle);
sqlite3_bind_int(res, 18, user->nodemsgs); sqlite3_bind_text(res, 22, user->signature, -1, 0);
sqlite3_bind_int(res, 19, user->codepage); sqlite3_bind_int(res, 23, user->autosig);
sqlite3_bind_int(res, 20, user->exteditor); sqlite3_bind_text(res, 24, user->loginname, -1, 0);
sqlite3_bind_int(res, 21, user->bwavestyle);
sqlite3_bind_text(res, 22, user->signature, -1, 0);
sqlite3_bind_int(res, 23, user->autosig);
sqlite3_bind_text(res, 24, user->loginname, -1, 0);
} else {
dolog("Failed to execute statement: %s", sqlite3_errmsg(db));
}
rc = sqlite3_step(res); rc = sqlite3_step(res);
if (rc != SQLITE_DONE) { if (rc != SQLITE_DONE) {
@ -150,29 +156,19 @@ int save_user(struct user_record *user) {
} }
int msgbase_flag_unflag(struct user_record *user, int conference, int msgbase, int msgid) { int msgbase_flag_unflag(struct user_record *user, int conference, int msgbase, int msgid) {
sqlite3 *db; sqlite3 *db = NULL;
sqlite3_stmt *res; sqlite3_stmt *res = NULL;
int rc; int rc = 0;
char buffer[PATH_MAX]; char *err_msg = NULL;
char *create_sql = "CREATE TABLE IF NOT EXISTS msg_flags (conference INTEGER, msgbase INTEGER, uid INTEGER, msg INTEGER);";
char *flag_buf = "INSERT INTO msg_flags (conference, msgbase, uid, msg) VALUES(?, ?, ?, ?)";
char *unflag_buf = "DELETE FROM msg_flags WHERE conference=? AND msgbase=? AND uid=? AND msg=?";
char *err_msg = 0;
int flagunflag = 0; int flagunflag = 0;
static const char *create_sql =
"CREATE TABLE IF NOT EXISTS msg_flags (conference INTEGER, msgbase INTEGER, uid INTEGER, msg INTEGER);";
flagunflag = msgbase_is_flagged(user, conference, msgbase, msgid); flagunflag = msgbase_is_flagged(user, conference, msgbase, msgid);
snprintf(buffer, PATH_MAX, "%s/users.sq3", conf.bbs_path); open_users_db_or_die(&db);
rc = sqlite3_open(buffer, &db);
if (rc != SQLITE_OK) {
dolog("Cannot open database: %s", sqlite3_errmsg(db));
sqlite3_close(db);
return 0;
}
sqlite3_busy_timeout(db, 5000);
rc = sqlite3_exec(db, create_sql, 0, 0, &err_msg); rc = sqlite3_exec(db, create_sql, 0, 0, &err_msg);
if (rc != SQLITE_OK) { if (rc != SQLITE_OK) {
@ -184,8 +180,12 @@ int msgbase_flag_unflag(struct user_record *user, int conference, int msgbase, i
return 0; return 0;
} }
if (flagunflag == 1) { if (flagunflag == 1) {
static const char *unflag_buf =
"DELETE FROM msg_flags WHERE conference=? AND msgbase=? AND uid=? AND msg=?";
rc = sqlite3_prepare_v2(db, unflag_buf, -1, &res, 0); rc = sqlite3_prepare_v2(db, unflag_buf, -1, &res, 0);
} else { } else {
static const char *flag_buf =
"INSERT INTO msg_flags (conference, msgbase, uid, msg) VALUES(?, ?, ?, ?)";
rc = sqlite3_prepare_v2(db, flag_buf, -1, &res, 0); rc = sqlite3_prepare_v2(db, flag_buf, -1, &res, 0);
} }
@ -203,27 +203,16 @@ int msgbase_flag_unflag(struct user_record *user, int conference, int msgbase, i
} }
int msgbase_is_flagged(struct user_record *user, int conference, int msgbase, int msgid) { int msgbase_is_flagged(struct user_record *user, int conference, int msgbase, int msgid) {
sqlite3 *db; sqlite3 *db = NULL;
sqlite3_stmt *res; sqlite3_stmt *res = NULL;
int rc; int rc = 0;
char buffer[PATH_MAX];
char *sql_buf = "SELECT * FROM msg_flags WHERE conference=? AND msgbase=? AND uid=? AND msg=?"; static const char *sql_buf =
"SELECT * FROM msg_flags WHERE conference=? AND msgbase=? AND uid=? AND msg=?";
snprintf(buffer, PATH_MAX, "%s/users.sq3", conf.bbs_path); open_users_db_or_die(&db);
rc = sqlite3_open(buffer, &db);
if (rc != SQLITE_OK) {
dolog("Cannot open database: %s", sqlite3_errmsg(db));
sqlite3_close(db);
exit(1);
}
sqlite3_busy_timeout(db, 5000);
rc = sqlite3_prepare_v2(db, sql_buf, -1, &res, 0); rc = sqlite3_prepare_v2(db, sql_buf, -1, &res, 0);
if (rc != SQLITE_OK) { if (rc != SQLITE_OK) {
sqlite3_close(db); sqlite3_close(db);
return 0; return 0;
@ -245,42 +234,30 @@ int msgbase_is_flagged(struct user_record *user, int conference, int msgbase, in
} }
int msgbase_sub_unsub(int conference, int msgbase) { int msgbase_sub_unsub(int conference, int msgbase) {
sqlite3 *db; sqlite3 *db = NULL;
sqlite3_stmt *res; sqlite3_stmt *res = NULL;
int rc; int rc = 0;
char buffer[PATH_MAX]; static const char *create_sql =
char *create_sql = "CREATE TABLE IF NOT EXISTS msg_subs (conference INTEGER, msgbase INTEGER, uid INTEGER);"; "CREATE TABLE IF NOT EXISTS msg_subs (conference INTEGER, msgbase INTEGER, uid INTEGER);";
char *sub_buf = "INSERT INTO msg_subs (conference, msgbase, uid) VALUES(?, ?, ?)"; char *err_msg = NULL;
char *unsub_buf = "DELETE FROM msg_subs WHERE conference=? AND msgbase=? AND uid=?"; int subunsub = msgbase_is_subscribed(conference, msgbase);
char *err_msg = 0;
int subunsub = 0;
subunsub = msgbase_is_subscribed(conference, msgbase); open_users_db_or_die(&db);
snprintf(buffer, PATH_MAX, "%s/users.sq3", conf.bbs_path);
rc = sqlite3_open(buffer, &db);
if (rc != SQLITE_OK) {
dolog("Cannot open database: %s", sqlite3_errmsg(db));
sqlite3_close(db);
return 0;
}
sqlite3_busy_timeout(db, 5000);
rc = sqlite3_exec(db, create_sql, 0, 0, &err_msg); rc = sqlite3_exec(db, create_sql, 0, 0, &err_msg);
if (rc != SQLITE_OK) { if (rc != SQLITE_OK) {
dolog("SQL error: %s", err_msg); dolog("SQL error: %s", err_msg);
sqlite3_free(err_msg); sqlite3_free(err_msg);
sqlite3_close(db); sqlite3_close(db);
return 0; return 0;
} }
if (subunsub == 1) { if (subunsub == 1) {
static char *unsub_buf =
"DELETE FROM msg_subs WHERE conference=? AND msgbase=? AND uid=?";
rc = sqlite3_prepare_v2(db, unsub_buf, -1, &res, 0); rc = sqlite3_prepare_v2(db, unsub_buf, -1, &res, 0);
} else { } else {
static const char *sub_buf =
"INSERT INTO msg_subs (conference, msgbase, uid) VALUES(?, ?, ?)";
rc = sqlite3_prepare_v2(db, sub_buf, -1, &res, 0); rc = sqlite3_prepare_v2(db, sub_buf, -1, &res, 0);
} }
@ -297,27 +274,16 @@ int msgbase_sub_unsub(int conference, int msgbase) {
} }
int msgbase_is_subscribed(int conference, int msgbase) { int msgbase_is_subscribed(int conference, int msgbase) {
sqlite3 *db; sqlite3 *db = NULL;
sqlite3_stmt *res; sqlite3_stmt *res = NULL;
int rc; int rc = 0;
char buffer[PATH_MAX];
char *sql_buf = "SELECT * FROM msg_subs WHERE conference=? AND msgbase=? AND uid=?"; static const char *sql_buf =
"SELECT * FROM msg_subs WHERE conference=? AND msgbase=? AND uid=?";
snprintf(buffer, PATH_MAX, "%s/users.sq3", conf.bbs_path); open_users_db_or_die(&db);
rc = sqlite3_open(buffer, &db);
if (rc != SQLITE_OK) {
dolog("Cannot open database: %s", sqlite3_errmsg(db));
sqlite3_close(db);
exit(1);
}
sqlite3_busy_timeout(db, 5000);
rc = sqlite3_prepare_v2(db, sql_buf, -1, &res, 0); rc = sqlite3_prepare_v2(db, sql_buf, -1, &res, 0);
if (rc != SQLITE_OK) { if (rc != SQLITE_OK) {
sqlite3_close(db); sqlite3_close(db);
return 0; return 0;
@ -334,15 +300,18 @@ int msgbase_is_subscribed(int conference, int msgbase) {
} }
sqlite3_finalize(res); sqlite3_finalize(res);
sqlite3_close(db); sqlite3_close(db);
return 1; return 1;
} }
int inst_user(struct user_record *user) { int inst_user(struct user_record *user) {
char buffer[PATH_MAX]; sqlite3 *db = NULL;
sqlite3 *db; sqlite3_stmt *res = NULL;
sqlite3_stmt *res; char *err_msg = NULL;
int rc; int rc = 0;
char *create_sql = "CREATE TABLE IF NOT EXISTS users ("
static const char *create_sql =
"CREATE TABLE IF NOT EXISTS users ("
"Id INTEGER PRIMARY KEY," "Id INTEGER PRIMARY KEY,"
"loginname TEXT COLLATE NOCASE," "loginname TEXT COLLATE NOCASE,"
"password TEXT," "password TEXT,"
@ -369,67 +338,56 @@ int inst_user(struct user_record *user) {
"signature TEXT," "signature TEXT,"
"autosig INTEGER);"; "autosig INTEGER);";
char *insert_sql = "INSERT INTO users (loginname, password, salt, firstname," static const char *insert_sql =
"lastname, email, location, sec_level, last_on, time_left, cur_mail_conf, cur_mail_area, cur_file_dir, cur_file_sub, times_on, bwavepktno, archiver, protocol, nodemsgs, codepage, exteditor, bwavestyle, signature, autosig) VALUES(?,?, ?,?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"; "INSERT INTO users (loginname, password, salt, firstname,"
char *err_msg = 0; "lastname, email, location, sec_level, last_on, time_left, "
"cur_mail_conf, cur_mail_area, cur_file_dir, cur_file_sub, "
"times_on, bwavepktno, archiver, protocol, nodemsgs, "
"codepage, exteditor, bwavestyle, signature, autosig) "
"VALUES(?,?, ?,?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
snprintf(buffer, PATH_MAX, "%s/users.sq3", conf.bbs_path); open_users_db_or_die(&db);
rc = sqlite3_open(buffer, &db);
if (rc != SQLITE_OK) {
dolog("Cannot open database: %s", sqlite3_errmsg(db));
sqlite3_close(db);
exit(1);
}
sqlite3_busy_timeout(db, 5000);
rc = sqlite3_exec(db, create_sql, 0, 0, &err_msg); rc = sqlite3_exec(db, create_sql, 0, 0, &err_msg);
if (rc != SQLITE_OK) { if (rc != SQLITE_OK) {
dolog("SQL error: %s", err_msg); dolog("SQL error: %s", err_msg);
sqlite3_free(err_msg); sqlite3_free(err_msg);
sqlite3_close(db); sqlite3_close(db);
exit(1); exit(1);
} }
rc = sqlite3_prepare_v2(db, insert_sql, -1, &res, 0); rc = sqlite3_prepare_v2(db, insert_sql, -1, &res, 0);
if (rc != SQLITE_OK) {
if (rc == SQLITE_OK) {
sqlite3_bind_text(res, 1, user->loginname, -1, 0);
sqlite3_bind_text(res, 2, user->password, -1, 0);
sqlite3_bind_text(res, 3, user->salt, -1, 0);
sqlite3_bind_text(res, 4, user->firstname, -1, 0);
sqlite3_bind_text(res, 5, user->lastname, -1, 0);
sqlite3_bind_text(res, 6, user->email, -1, 0);
sqlite3_bind_text(res, 7, user->location, -1, 0);
sqlite3_bind_int(res, 8, user->sec_level);
sqlite3_bind_int(res, 9, user->laston);
sqlite3_bind_int(res, 10, user->timeleft);
sqlite3_bind_int(res, 11, user->cur_mail_conf);
sqlite3_bind_int(res, 12, user->cur_mail_area);
sqlite3_bind_int(res, 13, user->cur_file_dir);
sqlite3_bind_int(res, 14, user->cur_file_sub);
sqlite3_bind_int(res, 15, user->timeson);
sqlite3_bind_int(res, 16, user->bwavepktno);
sqlite3_bind_int(res, 17, user->defarchiver);
sqlite3_bind_int(res, 18, user->defprotocol);
sqlite3_bind_int(res, 19, user->nodemsgs);
sqlite3_bind_int(res, 20, user->codepage);
sqlite3_bind_int(res, 21, user->exteditor);
sqlite3_bind_int(res, 22, user->bwavestyle);
sqlite3_bind_text(res, 23, user->signature, -1, 0);
sqlite3_bind_int(res, 24, user->autosig);
} else {
dolog("Failed to execute statement: %s", sqlite3_errmsg(db)); dolog("Failed to execute statement: %s", sqlite3_errmsg(db));
sqlite3_close(db); sqlite3_close(db);
exit(1); exit(1);
} }
sqlite3_bind_text(res, 1, user->loginname, -1, 0);
sqlite3_bind_text(res, 2, user->password, -1, 0);
sqlite3_bind_text(res, 3, user->salt, -1, 0);
sqlite3_bind_text(res, 4, user->firstname, -1, 0);
sqlite3_bind_text(res, 5, user->lastname, -1, 0);
sqlite3_bind_text(res, 6, user->email, -1, 0);
sqlite3_bind_text(res, 7, user->location, -1, 0);
sqlite3_bind_int(res, 8, user->sec_level);
sqlite3_bind_int(res, 9, user->laston);
sqlite3_bind_int(res, 10, user->timeleft);
sqlite3_bind_int(res, 11, user->cur_mail_conf);
sqlite3_bind_int(res, 12, user->cur_mail_area);
sqlite3_bind_int(res, 13, user->cur_file_dir);
sqlite3_bind_int(res, 14, user->cur_file_sub);
sqlite3_bind_int(res, 15, user->timeson);
sqlite3_bind_int(res, 16, user->bwavepktno);
sqlite3_bind_int(res, 17, user->defarchiver);
sqlite3_bind_int(res, 18, user->defprotocol);
sqlite3_bind_int(res, 19, user->nodemsgs);
sqlite3_bind_int(res, 20, user->codepage);
sqlite3_bind_int(res, 21, user->exteditor);
sqlite3_bind_int(res, 22, user->bwavestyle);
sqlite3_bind_text(res, 23, user->signature, -1, 0);
sqlite3_bind_int(res, 24, user->autosig);
rc = sqlite3_step(res); rc = sqlite3_step(res);
if (rc != SQLITE_DONE) { if (rc != SQLITE_DONE) {
dolog("execution failed: %s", sqlite3_errmsg(db)); dolog("execution failed: %s", sqlite3_errmsg(db));
sqlite3_close(db); sqlite3_close(db);
@ -440,114 +398,103 @@ int inst_user(struct user_record *user) {
sqlite3_finalize(res); sqlite3_finalize(res);
sqlite3_close(db); sqlite3_close(db);
return 1; return 1;
} }
struct user_record *check_user_pass(char *loginname, char *password) { struct user_record *check_user_pass(char *loginname, char *password) {
struct user_record *user; sqlite3 *db = NULL;
char buffer[1024]; sqlite3_stmt *res = NULL;
sqlite3 *db; int rc = NULL;
sqlite3_stmt *res; int pass_ok = 0;
int rc; char pathbuf[PATH_MAX];
char *sql = "SELECT Id, loginname, password, salt, firstname,"
"lastname, email, location, sec_level, last_on, time_left, cur_mail_conf, cur_mail_area, cur_file_dir, cur_file_sub, times_on, bwavepktno, archiver, protocol,nodemsgs, codepage, exteditor, bwavestyle, signature, autosig FROM users WHERE loginname LIKE ?";
char *pass_hash;
sprintf(buffer, "%s/users.sq3", conf.bbs_path); static const char *sql =
"SELECT Id, loginname, password, salt, firstname,"
"lastname, email, location, sec_level, last_on, time_left, "
"cur_mail_conf, cur_mail_area, cur_file_dir, cur_file_sub, "
"times_on, bwavepktno, archiver, protocol,nodemsgs, "
"codepage, exteditor, bwavestyle, signature, autosig "
"FROM users WHERE loginname LIKE ?";
rc = sqlite3_open(buffer, &db); open_users_db_or_die(&db);
if (rc != SQLITE_OK) {
dolog("Cannot open database: %s", sqlite3_errmsg(db));
sqlite3_close(db);
exit(1);
}
sqlite3_busy_timeout(db, 5000);
rc = sqlite3_prepare_v2(db, sql, -1, &res, 0); rc = sqlite3_prepare_v2(db, sql, -1, &res, 0);
if (rc != SQLITE_OK) {
if (rc == SQLITE_OK) {
sqlite3_bind_text(res, 1, loginname, -1, 0);
} else {
dolog("Failed to execute statement: %s", sqlite3_errmsg(db)); dolog("Failed to execute statement: %s", sqlite3_errmsg(db));
sqlite3_finalize(res); sqlite3_finalize(res);
sqlite3_close(db); sqlite3_close(db);
return NULL; return NULL;
} }
sqlite3_bind_text(res, 1, loginname, -1, 0);
int step = sqlite3_step(res); int step = sqlite3_step(res);
if (step != SQLITE_ROW) {
if (step == SQLITE_ROW) {
user = (struct user_record *)malloz(sizeof(struct user_record));
user->id = sqlite3_column_int(res, 0);
user->loginname = strdup((char *)sqlite3_column_text(res, 1));
user->password = strdup((char *)sqlite3_column_text(res, 2));
user->salt = strdup((char *)sqlite3_column_text(res, 3));
user->firstname = strdup((char *)sqlite3_column_text(res, 4));
user->lastname = strdup((char *)sqlite3_column_text(res, 5));
user->email = strdup((char *)sqlite3_column_text(res, 6));
user->location = strdup((char *)sqlite3_column_text(res, 7));
user->sec_level = sqlite3_column_int(res, 8);
user->laston = (time_t)sqlite3_column_int(res, 9);
user->timeleft = sqlite3_column_int(res, 10);
user->cur_mail_conf = sqlite3_column_int(res, 11);
user->cur_mail_area = sqlite3_column_int(res, 12);
user->cur_file_dir = sqlite3_column_int(res, 13);
user->cur_file_sub = sqlite3_column_int(res, 14);
user->timeson = sqlite3_column_int(res, 15);
user->bwavepktno = sqlite3_column_int(res, 16);
user->defarchiver = sqlite3_column_int(res, 17);
user->defprotocol = sqlite3_column_int(res, 18);
user->nodemsgs = sqlite3_column_int(res, 19);
user->codepage = sqlite3_column_int(res, 20);
user->exteditor = sqlite3_column_int(res, 21);
user->bwavestyle = sqlite3_column_int(res, 22);
user->signature = strdup((char *)sqlite3_column_text(res, 23));
user->autosig = sqlite3_column_int(res, 24);
pass_hash = hash_sha256(password, user->salt);
if (strcmp(pass_hash, user->password) != 0) {
free(user->loginname);
free(user->firstname);
free(user->lastname);
free(user->email);
free(user->location);
free(user->salt);
free(user->signature);
free(user);
free(pass_hash);
sqlite3_finalize(res);
sqlite3_close(db);
return NULL;
}
free(pass_hash);
} else {
sqlite3_finalize(res); sqlite3_finalize(res);
sqlite3_close(db); sqlite3_close(db);
return NULL; return NULL;
} }
struct user_record *user = malloz(sizeof(struct user_record));
user->id = sqlite3_column_int(res, 0);
user->loginname = strdup((char *)sqlite3_column_text(res, 1));
user->password = strdup((char *)sqlite3_column_text(res, 2));
user->salt = strdup((char *)sqlite3_column_text(res, 3));
user->firstname = strdup((char *)sqlite3_column_text(res, 4));
user->lastname = strdup((char *)sqlite3_column_text(res, 5));
user->email = strdup((char *)sqlite3_column_text(res, 6));
user->location = strdup((char *)sqlite3_column_text(res, 7));
user->sec_level = sqlite3_column_int(res, 8);
user->laston = (time_t)sqlite3_column_int(res, 9);
user->timeleft = sqlite3_column_int(res, 10);
user->cur_mail_conf = sqlite3_column_int(res, 11);
user->cur_mail_area = sqlite3_column_int(res, 12);
user->cur_file_dir = sqlite3_column_int(res, 13);
user->cur_file_sub = sqlite3_column_int(res, 14);
user->timeson = sqlite3_column_int(res, 15);
user->bwavepktno = sqlite3_column_int(res, 16);
user->defarchiver = sqlite3_column_int(res, 17);
user->defprotocol = sqlite3_column_int(res, 18);
user->nodemsgs = sqlite3_column_int(res, 19);
user->codepage = sqlite3_column_int(res, 20);
user->exteditor = sqlite3_column_int(res, 21);
user->bwavestyle = sqlite3_column_int(res, 22);
user->signature = strdup((char *)sqlite3_column_text(res, 23));
user->autosig = sqlite3_column_int(res, 24);
char *pass_hash = hash_sha256(password, user->salt);
if (strcmp(pass_hash, user->password) != 0) {
free(user->loginname);
free(user->firstname);
free(user->lastname);
free(user->email);
free(user->location);
free(user->salt);
free(user->signature);
free(user);
free(pass_hash);
sqlite3_finalize(res);
sqlite3_close(db);
return NULL;
}
free(pass_hash);
sqlite3_finalize(res); sqlite3_finalize(res);
sqlite3_close(db); sqlite3_close(db);
user->sec_info = (struct sec_level_t *)malloz(sizeof(struct sec_level_t)); user->sec_info = (struct sec_level_t *)malloz(sizeof(struct sec_level_t));
snprintf(buffer, 1024, "%s/s%d.ini", conf.config_path, user->sec_level); snprintf(pathbuf, sizeof pathbuf, "%s/s%d.ini", conf.config_path, user->sec_level);
if (ini_parse(buffer, secLevel, user->sec_info) < 0) { if (ini_parse(pathbuf, secLevel, user->sec_info) < 0) {
dolog("Unable to load sec Level ini (%s)!", buffer); dolog("Unable to load sec Level ini (%s)!", pathbuf);
exit(-1); exit(-1);
} }
if (user->cur_mail_conf >= conf.mail_conference_count) { if (user->cur_mail_conf >= conf.mail_conference_count) {
user->cur_mail_conf = 0; user->cur_mail_conf = 0;
} }
if (user->cur_file_dir >= conf.file_directory_count) { if (user->cur_file_dir >= conf.file_directory_count) {
user->cur_file_dir = 0; user->cur_file_dir = 0;
} }
if (user->cur_mail_area >= conf.mail_conferences[user->cur_mail_conf]->mail_area_count) { if (user->cur_mail_area >= conf.mail_conferences[user->cur_mail_conf]->mail_area_count) {
user->cur_mail_area = 0; user->cur_mail_area = 0;
} }
if (user->cur_file_sub >= conf.file_directories[user->cur_file_dir]->file_sub_count) { if (user->cur_file_sub >= conf.file_directories[user->cur_file_dir]->file_sub_count) {
user->cur_file_sub = 0; user->cur_file_sub = 0;
} }
@ -556,24 +503,14 @@ struct user_record *check_user_pass(char *loginname, char *password) {
} }
void list_users(struct user_record *user) { void list_users(struct user_record *user) {
char buffer[256]; sqlite3 *db = NULL;
sqlite3 *db; sqlite3_stmt *res = NULL;
sqlite3_stmt *res; int rc = 0;
int rc;
int i;
char *sql = "SELECT loginname,location,times_on FROM users"; static const char *sql = "SELECT loginname,location,times_on FROM users";
sprintf(buffer, "%s/users.sq3", conf.bbs_path); open_users_db_or_die(&db);
rc = sqlite3_open(buffer, &db);
if (rc != SQLITE_OK) {
dolog("Cannot open database: %s", sqlite3_errmsg(db));
sqlite3_close(db);
exit(1);
}
sqlite3_busy_timeout(db, 5000);
rc = sqlite3_prepare_v2(db, sql, -1, &res, 0); rc = sqlite3_prepare_v2(db, sql, -1, &res, 0);
if (rc != SQLITE_OK) { if (rc != SQLITE_OK) {
dolog("Cannot prepare statement: %s", sqlite3_errmsg(db)); dolog("Cannot prepare statement: %s", sqlite3_errmsg(db));
@ -583,11 +520,8 @@ void list_users(struct user_record *user) {
s_printf(get_string(161)); s_printf(get_string(161));
s_printf(get_string(162)); s_printf(get_string(162));
s_printf(get_string(163)); s_printf(get_string(163));
i = 0; for (int i = 0; sqlite3_step(res) == SQLITE_ROW; ++i) {
while (sqlite3_step(res) == SQLITE_ROW) {
s_printf(get_string(164), sqlite3_column_text(res, 0), sqlite3_column_text(res, 1), sqlite3_column_int(res, 2)); s_printf(get_string(164), sqlite3_column_text(res, 0), sqlite3_column_text(res, 1), sqlite3_column_int(res, 2));
i++;
if (i == 20) { if (i == 20) {
s_printf(get_string(6)); s_printf(get_string(6));
s_getc(); s_getc();
@ -603,82 +537,49 @@ void list_users(struct user_record *user) {
} }
int check_fullname(char *firstname, char *lastname) { int check_fullname(char *firstname, char *lastname) {
char buffer[256]; sqlite3 *db = NULL;
sqlite3 *db; sqlite3_stmt *res = NULL;
sqlite3_stmt *res; int rc = 0;
int rc;
char *sql = "SELECT * FROM users WHERE firstname = ? AND lastname = ?";
sprintf(buffer, "%s/users.sq3", conf.bbs_path); static const char *sql =
"SELECT * FROM users WHERE firstname = ? AND lastname = ?";
rc = sqlite3_open(buffer, &db); open_users_db_or_die(&db);
if (rc != SQLITE_OK) {
dolog("Cannot open database: %s", sqlite3_errmsg(db));
sqlite3_close(db);
exit(1);
}
sqlite3_busy_timeout(db, 5000);
rc = sqlite3_prepare_v2(db, sql, -1, &res, 0); rc = sqlite3_prepare_v2(db, sql, -1, &res, 0);
if (rc != SQLITE_OK) {
if (rc == SQLITE_OK) { dolog("Failed to prepare statement: %s", sqlite3_errmsg(db));
sqlite3_bind_text(res, 1, firstname, -1, 0);
sqlite3_bind_text(res, 2, lastname, -1, 0);
} else {
dolog("Failed to execute statement: %s", sqlite3_errmsg(db));
}
int step = sqlite3_step(res);
if (step == SQLITE_ROW) {
sqlite3_finalize(res);
sqlite3_close(db); sqlite3_close(db);
return 0; return 0;
} }
sqlite3_bind_text(res, 1, firstname, -1, 0);
sqlite3_bind_text(res, 2, lastname, -1, 0);
int step = sqlite3_step(res);
sqlite3_finalize(res); sqlite3_finalize(res);
sqlite3_close(db); sqlite3_close(db);
return 1;
return (step == SQLITE_ROW);
} }
int check_user(char *loginname) { int check_user(char *loginname) {
char buffer[256]; sqlite3 *db = NULL;
sqlite3 *db; sqlite3_stmt *res = NULL;
sqlite3_stmt *res; int rc = 0;
int rc;
char *sql = "SELECT * FROM users WHERE loginname = ?";
sprintf(buffer, "%s/users.sq3", conf.bbs_path); static const char *sql = "SELECT * FROM users WHERE loginname = ?";
rc = sqlite3_open(buffer, &db); open_users_db_or_die(&db);
if (rc != SQLITE_OK) {
dolog("Cannot open database: %s", sqlite3_errmsg(db));
sqlite3_close(db);
exit(1);
}
sqlite3_busy_timeout(db, 5000);
rc = sqlite3_prepare_v2(db, sql, -1, &res, 0); rc = sqlite3_prepare_v2(db, sql, -1, &res, 0);
if (rc != SQLITE_OK) {
if (rc == SQLITE_OK) {
sqlite3_bind_text(res, 1, loginname, -1, 0);
} else {
dolog("Failed to execute statement: %s", sqlite3_errmsg(db)); dolog("Failed to execute statement: %s", sqlite3_errmsg(db));
}
int step = sqlite3_step(res);
if (step == SQLITE_ROW) {
sqlite3_finalize(res);
sqlite3_close(db); sqlite3_close(db);
return 0; return 1;
} }
sqlite3_bind_text(res, 1, loginname, -1, 0);
int step = sqlite3_step(res);
sqlite3_finalize(res); sqlite3_finalize(res);
sqlite3_close(db); sqlite3_close(db);
return 1;
return (step != SQLITE_ROW);
} }
struct user_record *new_user() { struct user_record *new_user() {
@ -710,8 +611,8 @@ struct user_record *new_user() {
s_printf(get_string(240)); s_printf(get_string(240));
continue; continue;
} }
for (i = 0; i < strlen(buffer); i++) { for (const char *p = buffer; *p != '\0'; ++p) {
if (!(tolower(buffer[i]) >= 97 && tolower(buffer[i]) <= 122) && buffer[i] != 32 && !(buffer[i] >= '0' && buffer[i] <= '9')) { if (!(tolower(*p) >= 97 && tolower(*p) <= 122) && *p != 32 && !(*p >= '0' && *p <= '9')) {
s_printf(get_string(168)); s_printf(get_string(168));
nameok = 1; nameok = 1;
break; break;