Checks for right shadow login when adding an entry

Use exec() instead of query() when it's necessary for SQL queries
This commit is contained in:
Grégory Soutadé 2017-04-17 20:37:26 +02:00
parent 48571b31c1
commit b4b54ec57c

View File

@ -131,10 +131,10 @@ function migrate_database($user, $db)
$migration_functions = ['_migrate_0', '_migrate_1'];
$version = $db->querySingle("SELECT db_version FROM conf");
if ($version == false || $version == -1)
if ($version == NULL || $version == -1)
{
$version = $db->querySingle("SELECT version FROM db_version");
if ($version == false || $version == -1)
if ($version == NULL || $version == -1)
$version = 0;
}
@ -172,6 +172,8 @@ function load_database($user)
function add_entry($user, $login, $password,
$shadow_login, $salt, $access_token)
{
global $USE_SHADOW_LOGINS;
$db = load_database($user);
if ($db == null)
@ -180,22 +182,30 @@ function add_entry($user, $login, $password,
return false;
}
if ($USE_SHADOW_LOGINS && (strlen($shadow_login) != 32 ||
strlen($salt) != 32 || strlen($access_token) != 32))
{
$db->close();
echo "Shadow login not configured";
return false;
}
$count = $db->querySingle("SELECT COUNT(*) FROM gpass WHERE login='" . $login . "'");
if ($count != 0)
if ($count != NULL && $count != 0)
{
echo "Entry already exists";
return false;
}
$result = $db->query("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES
$result = $db->exec("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES
('" . $login . "', '" . $password . "', '" . $shadow_login . "', '" . $salt . "', '" . $access_token . "')");
/* error_log("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES */
/* ('" . $login . "', '" . $password . "', '" . $shadow_login . "', '" . $salt . "', '" . $access_token . "')"); */
$db->close();
if ($result == FALSE)
if (!$result)
{
echo "Error " . $db->lastErrorMsg();
return false;
@ -209,6 +219,8 @@ function add_entry($user, $login, $password,
function delete_entry($user, $login, $access_token)
{
global $USE_SHADOW_LOGINS;
$db = load_database($user);
if ($db == null)
@ -220,7 +232,7 @@ function delete_entry($user, $login, $access_token)
if ($USE_SHADOW_LOGINS)
{
$db_ac = $db->querySingle("SELECT access_token FROM gpass WHERE login='" . $login . "'");
if (strlen($db_ac) != 0 && strcmp($db_ac, $access_token))
if ($db_ac != NULL && strcmp($db_ac, $access_token))
{
$db->close();
echo "Bad access token";
@ -228,10 +240,10 @@ function delete_entry($user, $login, $access_token)
}
}
$result = $db->query("DELETE FROM gpass WHERE login='" . $login . "'");
$result = $db->exec("DELETE FROM gpass WHERE login='" . $login . "'");
$db->close();
if ($result == FALSE)
if (!$result)
{
echo "Error " . $db->lastErrorMsg();
return false;