Update settings to support hashed passwords

This commit is contained in:
Andrew Pamment 2016-08-05 07:43:11 +10:00
parent 162d8badda
commit 995a062f29
2 changed files with 13 additions and 6 deletions

2
bbs.h
View File

@ -153,6 +153,8 @@ extern void disconnect(int socket, char *calledby);
extern void display_info(int socket); extern void display_info(int socket);
extern void display_last10_callers(int socket, struct user_record *user); extern void display_last10_callers(int socket, struct user_record *user);
extern void gen_salt(char **s);
extern char *hash_sha256(char *pass, char *salt);
extern int save_user(struct user_record *user); extern int save_user(struct user_record *user);
extern int check_user(char *loginname); extern int check_user(char *loginname);
extern struct user_record *new_user(int socket); extern struct user_record *new_user(int socket);

View File

@ -8,6 +8,7 @@ void settings_menu(int sock, struct user_record *user) {
char buffer[256]; char buffer[256];
int dosettings = 0; int dosettings = 0;
char c; char c;
char *hash;
while (!dosettings) { while (!dosettings) {
s_putstring(sock, "\e[2J\e[1;32mYour Settings\r\n"); s_putstring(sock, "\e[2J\e[1;32mYour Settings\r\n");
@ -25,13 +26,17 @@ void settings_menu(int sock, struct user_record *user) {
{ {
s_putstring(sock, "\r\nEnter your current password: "); s_putstring(sock, "\r\nEnter your current password: ");
s_readpass(sock, buffer, 16); s_readpass(sock, buffer, 16);
if (strcmp(buffer, user->password) == 0) { hash = hash_sha256(buffer, user->salt);
if (strcmp(hash, user->password) == 0) {
s_putstring(sock, "\r\nEnter your new password (8 chars min): "); s_putstring(sock, "\r\nEnter your new password (8 chars min): ");
s_readstring(sock, buffer, 16); s_readstring(sock, buffer, 16);
if (strlen(buffer) >= 8) { if (strlen(buffer) >= 8) {
free(user->password); free(user->password);
user->password = (char *)malloc(strlen(buffer) + 1); free(user->salt);
strcpy(user->password, buffer);
gen_salt(&user->salt);
user->password = hash_sha256(buffer, user->salt);
save_user(user); save_user(user);
s_putstring(sock, "\r\nPassword Changed!\r\n"); s_putstring(sock, "\r\nPassword Changed!\r\n");
} else { } else {