Update server:
* Check that $db variable is OK before processing database requests * Don't close $db before calling lastErrorMsg() * Add support for user & url parameters from gPass popup
This commit is contained in:
Gregory Soutade
39
server/_user
39
server/_user
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/*
|
||||
Copyright (C) 2013-2015 Grégory Soutadé
|
||||
Copyright (C) 2013-2020 Grégory Soutadé
|
||||
|
||||
This file is part of gPass.
|
||||
|
||||
@@ -63,30 +63,31 @@ $PROTOCOL_VERSION = 4;
|
||||
|
||||
$db = load_database();
|
||||
|
||||
$res = "";
|
||||
|
||||
$statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
|
||||
|
||||
echo "protocol=gpass-$PROTOCOL_VERSION\n";
|
||||
if ($PBKDF2_LEVEL != 1000)
|
||||
echo "pbkdf2_level=$PBKDF2_LEVEL\n";
|
||||
|
||||
for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++)
|
||||
if ($db)
|
||||
{
|
||||
$statement->bindValue(":login", addslashes($_POST["k$i"]));
|
||||
$result = $statement->execute();
|
||||
$row = $result->fetchArray(SQLITE3_ASSOC);
|
||||
$result->finalize();
|
||||
if (isset($row["password"]))
|
||||
{
|
||||
echo "matched_key=" . $i . "\n";
|
||||
echo "pass=" . $row["password"] . "\n";
|
||||
break;
|
||||
}
|
||||
}
|
||||
$statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
|
||||
|
||||
$statement->close();
|
||||
for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++)
|
||||
{
|
||||
$statement->bindValue(":login", addslashes($_POST["k$i"]));
|
||||
$result = $statement->execute();
|
||||
$row = $result->fetchArray(SQLITE3_ASSOC);
|
||||
$result->finalize();
|
||||
if (isset($row["password"]))
|
||||
{
|
||||
echo "matched_key=" . $i . "\n";
|
||||
echo "pass=" . $row["password"] . "\n";
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$statement->close();
|
||||
}
|
||||
|
||||
echo "<end>";
|
||||
|
||||
?>
|
||||
?>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/*
|
||||
Copyright (C) 2013-2017 Grégory Soutadé
|
||||
Copyright (C) 2013-2019 Grégory Soutadé
|
||||
|
||||
This file is part of gPass.
|
||||
|
||||
@@ -241,18 +241,21 @@ function delete_entry($user, $login, $access_token)
|
||||
}
|
||||
|
||||
$result = $db->exec("DELETE FROM gpass WHERE login='" . $login . "'");
|
||||
$db->close();
|
||||
|
||||
if (!$result)
|
||||
{
|
||||
echo "Error " . $db->lastErrorMsg();
|
||||
return false;
|
||||
$ret = false;
|
||||
}
|
||||
else
|
||||
{
|
||||
echo "OK";
|
||||
return true;
|
||||
$ret = true;
|
||||
}
|
||||
|
||||
|
||||
$db->close();
|
||||
return $ret;
|
||||
}
|
||||
|
||||
function update_entry($user, $mkey, $old_login, $url, $login, $password, $shadow_login, $salt, $old_access_token, $new_access_token)
|
||||
@@ -329,4 +332,4 @@ function get_secure_entries($user, $access_tokens)
|
||||
$db->close();
|
||||
}
|
||||
|
||||
?>
|
||||
?>
|
||||
|
||||
@@ -1,19 +1,19 @@
|
||||
<?php
|
||||
/*
|
||||
Copyright (C) 2013-2017 Grégory Soutadé
|
||||
|
||||
|
||||
This file is part of gPass.
|
||||
|
||||
|
||||
gPass is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
|
||||
gPass is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with gPass. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
@@ -50,7 +50,7 @@ else
|
||||
if (isset($_POST['get_passwords']) && isset($_POST['user']))
|
||||
return list_entries($user);
|
||||
|
||||
if (isset($_POST['add_entry']) && isset($_POST['user']) &&
|
||||
if (isset($_POST['add_entry']) && isset($_POST['user']) &&
|
||||
isset($_POST['login']) && isset($_POST['password']) &&
|
||||
isset($_POST['shadow_login']) && isset($_POST['salt']) &&
|
||||
isset($_POST['access_token']) )
|
||||
@@ -61,7 +61,7 @@ else
|
||||
$salt,
|
||||
$access_token);
|
||||
|
||||
if (isset($_POST['delete_entry']) && isset($_POST['user']) &&
|
||||
if (isset($_POST['delete_entry']) && isset($_POST['user']) &&
|
||||
isset($_POST['login']) && isset($_POST['access_token']))
|
||||
return delete_entry($user,
|
||||
$login,
|
||||
@@ -69,7 +69,7 @@ else
|
||||
}
|
||||
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
|
||||
@@ -158,8 +158,8 @@ if ($user != "")
|
||||
{
|
||||
echo "<b>Add a new password</b><br/>\n";
|
||||
|
||||
echo 'URL <input type="text" name="url"/>';
|
||||
echo 'login <input type="text" name="login" />';
|
||||
echo 'URL <input type="text" name="url" value="' . (filter_input(INPUT_GET, "url", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>';
|
||||
echo 'login <input type="text" name="login" value="' . (filter_input(INPUT_GET, "user", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>';
|
||||
echo 'password <input id="new_password" type="text" name="password"/>';
|
||||
echo 'master key <input type="text" name="mkey" onkeypress="if (event.keyCode == 13) add_password();" onkeyup="chkPass(this.value);"/>';
|
||||
echo '<input type="button" value="Generate password" onClick="generate_password();"/>';
|
||||
|
||||
@@ -145,7 +145,7 @@ var current_user = "";
|
||||
var current_mkey = "";
|
||||
var clearTimer = null;
|
||||
var global_iv = null;
|
||||
var server_url = document.documentURI;
|
||||
var server_url = window.location.href.split('?')[0];
|
||||
|
||||
function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
|
||||
this.ciphered_login = ciphered_login;
|
||||
|
||||
Reference in New Issue
Block a user