diff --git a/server/functions.php b/server/functions.php index bff0b03..696b968 100755 --- a/server/functions.php +++ b/server/functions.php @@ -131,10 +131,10 @@ function migrate_database($user, $db) $migration_functions = ['_migrate_0', '_migrate_1']; $version = $db->querySingle("SELECT db_version FROM conf"); - if ($version == false || $version == -1) + if ($version == NULL || $version == -1) { $version = $db->querySingle("SELECT version FROM db_version"); - if ($version == false || $version == -1) + if ($version == NULL || $version == -1) $version = 0; } @@ -172,6 +172,8 @@ function load_database($user) function add_entry($user, $login, $password, $shadow_login, $salt, $access_token) { + global $USE_SHADOW_LOGINS; + $db = load_database($user); if ($db == null) @@ -180,22 +182,30 @@ function add_entry($user, $login, $password, return false; } + if ($USE_SHADOW_LOGINS && (strlen($shadow_login) != 32 || + strlen($salt) != 32 || strlen($access_token) != 32)) + { + $db->close(); + echo "Shadow login not configured"; + return false; + } + $count = $db->querySingle("SELECT COUNT(*) FROM gpass WHERE login='" . $login . "'"); - if ($count != 0) + if ($count != NULL && $count != 0) { echo "Entry already exists"; return false; } - $result = $db->query("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES + $result = $db->exec("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES ('" . $login . "', '" . $password . "', '" . $shadow_login . "', '" . $salt . "', '" . $access_token . "')"); /* error_log("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES */ /* ('" . $login . "', '" . $password . "', '" . $shadow_login . "', '" . $salt . "', '" . $access_token . "')"); */ $db->close(); - if ($result == FALSE) + if (!$result) { echo "Error " . $db->lastErrorMsg(); return false; @@ -209,6 +219,8 @@ function add_entry($user, $login, $password, function delete_entry($user, $login, $access_token) { + global $USE_SHADOW_LOGINS; + $db = load_database($user); if ($db == null) @@ -220,7 +232,7 @@ function delete_entry($user, $login, $access_token) if ($USE_SHADOW_LOGINS) { $db_ac = $db->querySingle("SELECT access_token FROM gpass WHERE login='" . $login . "'"); - if (strlen($db_ac) != 0 && strcmp($db_ac, $access_token)) + if ($db_ac != NULL && strcmp($db_ac, $access_token)) { $db->close(); echo "Bad access token"; @@ -228,10 +240,10 @@ function delete_entry($user, $login, $access_token) } } - $result = $db->query("DELETE FROM gpass WHERE login='" . $login . "'"); + $result = $db->exec("DELETE FROM gpass WHERE login='" . $login . "'"); $db->close(); - if ($result == FALSE) + if (!$result) { echo "Error " . $db->lastErrorMsg(); return false;