From 4e2e054c50381be08d889b2e2039a52673d0030e Mon Sep 17 00:00:00 2001 From: jacob1 Date: Sat, 24 Apr 2021 22:39:56 -0400 Subject: [PATCH] Make username case-insensitive when logging in Username will be fixed automatically if not in the right casing Logins are always sent over https Logins are stored and salted using bcrypt on the server-side (wraps around original md5), fixes #294 --- src/client/Client.cpp | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/src/client/Client.cpp b/src/client/Client.cpp index eae84f72f..8f3aecf80 100644 --- a/src/client/Client.cpp +++ b/src/client/Client.cpp @@ -1207,26 +1207,17 @@ std::vector Client::GetSaveData(int saveID, int saveDate) LoginStatus Client::Login(ByteString username, ByteString password, User & user) { lastError = ""; - char passwordHash[33]; - char totalHash[33]; user.UserID = 0; user.Username = ""; user.SessionID = ""; user.SessionKey = ""; - //Doop - md5_ascii(passwordHash, (const unsigned char *)password.c_str(), password.length()); - passwordHash[32] = 0; - ByteString total = ByteString::Build(username, "-", passwordHash); - md5_ascii(totalHash, (const unsigned char *)(total.c_str()), total.size()); - totalHash[32] = 0; - ByteString data; int dataStatus; - data = http::Request::Simple(SCHEME SERVER "/Login.json", &dataStatus, { - { "Username", username }, - { "Hash", totalHash }, + data = http::Request::Simple("https://" SERVER "/Login.json", &dataStatus, { + { "name", username }, + { "pass", password }, }); RequestStatus ret = ParseServerReturn(data, dataStatus, true); @@ -1238,6 +1229,7 @@ LoginStatus Client::Login(ByteString username, ByteString password, User & user) Json::Value objDocument; dataStream >> objDocument; + ByteString usernameTemp = objDocument["Username"].asString(); int userIDTemp = objDocument["UserID"].asInt(); ByteString sessionIDTemp = objDocument["SessionID"].asString(); ByteString sessionKeyTemp = objDocument["SessionKey"].asString(); @@ -1253,7 +1245,7 @@ LoginStatus Client::Login(ByteString username, ByteString password, User & user) AddServerNotification(item); } - user.Username = username; + user.Username = usernameTemp; user.UserID = userIDTemp; user.SessionID = sessionIDTemp; user.SessionKey = sessionKeyTemp;