matthew/The-Powder-Toy
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make username case-insensitive when logging in

Browse Source 
Username will be fixed automatically if not in the right casing
Logins are always sent over https
Logins are stored and salted using bcrypt on the server-side (wraps around original md5), fixes #294
This commit is contained in:
jacob1 2021-04-24 22:39:56 -04:00
parent 2e16eecae0
commit 4e2e054c50
1 changed files with 5 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/client/Client.cpp
View File

@ -1207,26 +1207,17 @@ std::vector<unsigned char> Client::GetSaveData(int saveID, int saveDate)
LoginStatus Client::Login(ByteString username, ByteString password, User & user)
{
lastError = "";
char passwordHash[33];
char totalHash[33];
user.UserID = 0;
user.Username = "";
user.SessionID = "";
user.SessionKey = "";
//Doop
md5_ascii(passwordHash, (const unsigned char *)password.c_str(), password.length());
passwordHash[32] = 0;
ByteString total = ByteString::Build(username, "-", passwordHash);
md5_ascii(totalHash, (const unsigned char *)(total.c_str()), total.size());
totalHash[32] = 0;
ByteString data;
int dataStatus;
data = http::Request::Simple(SCHEME SERVER "/Login.json", &dataStatus, {
{ "Username", username },
{ "Hash", totalHash },
data = http::Request::Simple("https://" SERVER "/Login.json", &dataStatus, {
{ "name", username },
{ "pass", password },
});
RequestStatus ret = ParseServerReturn(data, dataStatus, true);
@ -1238,6 +1229,7 @@ LoginStatus Client::Login(ByteString username, ByteString password, User & user)
Json::Value objDocument;
dataStream >> objDocument;
ByteString usernameTemp = objDocument["Username"].asString();
int userIDTemp = objDocument["UserID"].asInt();
ByteString sessionIDTemp = objDocument["SessionID"].asString();
ByteString sessionKeyTemp = objDocument["SessionKey"].asString();
@ -1253,7 +1245,7 @@ LoginStatus Client::Login(ByteString username, ByteString password, User & user)
AddServerNotification(item);
}
user.Username = username;
user.Username = usernameTemp;
user.UserID = userIDTemp;
user.SessionID = sessionIDTemp;
user.SessionKey = sessionKeyTemp;