Update server:
* Check that $db variable is OK before processing database requests * Don't close $db before calling lastErrorMsg() * Add support for user & url parameters from gPass popup
This commit is contained in:
parent
6f1e2a814d
commit
9d528aeaa0
17
server/_user
17
server/_user
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
/*
|
/*
|
||||||
Copyright (C) 2013-2015 Grégory Soutadé
|
Copyright (C) 2013-2020 Grégory Soutadé
|
||||||
|
|
||||||
This file is part of gPass.
|
This file is part of gPass.
|
||||||
|
|
||||||
|
@ -63,16 +63,16 @@ $PROTOCOL_VERSION = 4;
|
||||||
|
|
||||||
$db = load_database();
|
$db = load_database();
|
||||||
|
|
||||||
$res = "";
|
|
||||||
|
|
||||||
$statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
|
|
||||||
|
|
||||||
echo "protocol=gpass-$PROTOCOL_VERSION\n";
|
echo "protocol=gpass-$PROTOCOL_VERSION\n";
|
||||||
if ($PBKDF2_LEVEL != 1000)
|
if ($PBKDF2_LEVEL != 1000)
|
||||||
echo "pbkdf2_level=$PBKDF2_LEVEL\n";
|
echo "pbkdf2_level=$PBKDF2_LEVEL\n";
|
||||||
|
|
||||||
for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++)
|
if ($db)
|
||||||
{
|
{
|
||||||
|
$statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
|
||||||
|
|
||||||
|
for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++)
|
||||||
|
{
|
||||||
$statement->bindValue(":login", addslashes($_POST["k$i"]));
|
$statement->bindValue(":login", addslashes($_POST["k$i"]));
|
||||||
$result = $statement->execute();
|
$result = $statement->execute();
|
||||||
$row = $result->fetchArray(SQLITE3_ASSOC);
|
$row = $result->fetchArray(SQLITE3_ASSOC);
|
||||||
|
@ -83,9 +83,10 @@ for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++)
|
||||||
echo "pass=" . $row["password"] . "\n";
|
echo "pass=" . $row["password"] . "\n";
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$statement->close();
|
$statement->close();
|
||||||
|
}
|
||||||
|
|
||||||
echo "<end>";
|
echo "<end>";
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
/*
|
/*
|
||||||
Copyright (C) 2013-2017 Grégory Soutadé
|
Copyright (C) 2013-2019 Grégory Soutadé
|
||||||
|
|
||||||
This file is part of gPass.
|
This file is part of gPass.
|
||||||
|
|
||||||
|
@ -241,18 +241,21 @@ function delete_entry($user, $login, $access_token)
|
||||||
}
|
}
|
||||||
|
|
||||||
$result = $db->exec("DELETE FROM gpass WHERE login='" . $login . "'");
|
$result = $db->exec("DELETE FROM gpass WHERE login='" . $login . "'");
|
||||||
$db->close();
|
|
||||||
|
|
||||||
if (!$result)
|
if (!$result)
|
||||||
{
|
{
|
||||||
echo "Error " . $db->lastErrorMsg();
|
echo "Error " . $db->lastErrorMsg();
|
||||||
return false;
|
$ret = false;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
echo "OK";
|
echo "OK";
|
||||||
return true;
|
$ret = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
$db->close();
|
||||||
|
return $ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
function update_entry($user, $mkey, $old_login, $url, $login, $password, $shadow_login, $salt, $old_access_token, $new_access_token)
|
function update_entry($user, $mkey, $old_login, $url, $login, $password, $shadow_login, $salt, $old_access_token, $new_access_token)
|
||||||
|
|
|
@ -158,8 +158,8 @@ if ($user != "")
|
||||||
{
|
{
|
||||||
echo "<b>Add a new password</b><br/>\n";
|
echo "<b>Add a new password</b><br/>\n";
|
||||||
|
|
||||||
echo 'URL <input type="text" name="url"/>';
|
echo 'URL <input type="text" name="url" value="' . (filter_input(INPUT_GET, "url", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>';
|
||||||
echo 'login <input type="text" name="login" />';
|
echo 'login <input type="text" name="login" value="' . (filter_input(INPUT_GET, "user", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>';
|
||||||
echo 'password <input id="new_password" type="text" name="password"/>';
|
echo 'password <input id="new_password" type="text" name="password"/>';
|
||||||
echo 'master key <input type="text" name="mkey" onkeypress="if (event.keyCode == 13) add_password();" onkeyup="chkPass(this.value);"/>';
|
echo 'master key <input type="text" name="mkey" onkeypress="if (event.keyCode == 13) add_password();" onkeyup="chkPass(this.value);"/>';
|
||||||
echo '<input type="button" value="Generate password" onClick="generate_password();"/>';
|
echo '<input type="button" value="Generate password" onClick="generate_password();"/>';
|
||||||
|
|
|
@ -145,7 +145,7 @@ var current_user = "";
|
||||||
var current_mkey = "";
|
var current_mkey = "";
|
||||||
var clearTimer = null;
|
var clearTimer = null;
|
||||||
var global_iv = null;
|
var global_iv = null;
|
||||||
var server_url = document.documentURI;
|
var server_url = window.location.href.split('?')[0];
|
||||||
|
|
||||||
function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
|
function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
|
||||||
this.ciphered_login = ciphered_login;
|
this.ciphered_login = ciphered_login;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user