rlgwebd/sqlickrypt.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <sqlite3.h>
#include <unistd.h>
#include <crypt.h>

#define DATABASE "/dgldir/dgamelaunch.db"
#define IBUFSIZE 200

int xcallback(void *targ, int ncols, char **vals, char **colnames) {
  char *pws;
  int j;
  pws = *((char **) targ);
  if (pws == NULL) {
    for (j = 0; j < ncols; j++) {
      if (!strcmp(colnames[j], "password"))
        *((char **) targ) = strdup(vals[j]);
    }
  }
  /* Otherwise, this isn't the first row. */
  return 0;
}

/* Simple callback, for checking if there are any matches. */
int searchcallback(void *targ, int ncols, char **vals, char **colnames) {
  *((int *) targ) = 1;
  return 0;
}

int check(char *uname, char *pw) {
  char finduser_sql[160];
  char *pwhash = NULL, *comphash;
  int status;
  sqlite3 *db;

  strcpy(finduser_sql, "SELECT * FROM dglusers WHERE username='");
  strncat(finduser_sql, uname, 40);
  strcat(finduser_sql, "';");

  status = sqlite3_open(DATABASE, &db);
  if (status) {
    sqlite3_close(db);
    return 1;
  }
  sqlite3_exec(db, finduser_sql, xcallback, (void *) &pwhash, NULL);

  sqlite3_close(db);
  /* Now check the password. */
  if (pwhash == NULL) {
    return 2;
  }
  comphash = crypt(pw, pwhash);
  if (!strcmp(pwhash, comphash))
    return 0;
  return 1;
}

int insertuser(char *uname, char *pw, char *email) {
  char finduser_sql[160];
  int status;
  sqlite3 *db;

  strcpy(finduser_sql, "BEGIN; SELECT * FROM dglusers WHERE username='");
  strncat(finduser_sql, uname, 40);
  strcat(finduser_sql, "';");

  status = sqlite3_open(DATABASE, &db);
  if (status) {
    sqlite3_close(db);
    return 1;
  }
  status = 0;
  sqlite3_exec(db, finduser_sql, searchcallback, (void *) &status, NULL);
  if (!status) {
    /* FIXME This is ugly, and email is unsanitzed. */
    strcpy(finduser_sql, "INSERT INTO dglusers (username, password, email) VALUES ('");
    strncat(finduser_sql, uname, 20);
    strcat(finduser_sql, "', '");
    strcat(finduser_sql, crypt(pw, pw));
    strcat(finduser_sql, "', '");
    strncat(finduser_sql, email, 40);
    strcat(finduser_sql, "');");
    sqlite3_exec(db, finduser_sql, NULL, NULL, NULL);
  }
  sqlite3_exec(db, "COMMIT;", NULL, NULL, NULL);
  sqlite3_close(db);
  return status;
}

int main(int argc, char *argv[]) {
  char ibuf[IBUFSIZE], *uname, *pw, *email;
  char *cptr; // Utility pointer
  int status;

  /* Read in the username and password */
  fgets(ibuf, IBUFSIZE, stdin);
  uname = ibuf;
  pw = strchr(uname, '\n');
  if (pw == NULL)
    exit(4); /* Truncated */
  *pw = '\0';
  pw++;
  fgets(pw, IBUFSIZE - (pw - ibuf), stdin);
  if (pw[strlen(pw) - 1] == '\n')
    pw[strlen(pw) - 1] = '\0';
  else
    exit(4); /* Truncated */
  if (argc > 1 && !strcmp(argv[1], "register")) {
    email = pw + strlen(pw) + 1;
    fgets(email, IBUFSIZE - (email - ibuf), stdin);
    if (email[strlen(email) - 1] == '\n')
      email[strlen(email) - 1] = '\0';
    else
      exit(4);
    for (cptr = email; *cptr != '\0'; cptr++) {
      if (!isalnum(*cptr) && !strchr("@._-", *cptr)) {
        exit(4);
      }
    }
  }
  /* Sanitize the username, because it gets put into a query. */
  for (cptr = uname; *cptr != '\0'; cptr++) {
    if (!isalnum(*cptr)) {
      exit(4);
    }
  }
  if (argc == 1 || !strcmp(argv[1], "check"))
    status = check(uname, pw);
  else if (!strcmp(argv[1], "register")) {
    status = insertuser(uname, pw, email);
  }
  else
    status = 127;
  return status;
}
rlgwebd: switch to dgamelaunch's SQLite database. The quickrypt utility is replaced with sqlickrypt, which takes a username and password pair and checks them against the SQLite password database used by dgamelaunch. This will be more extensible to using rlgwebd to register, change passwords, etc. 2012-05-20 15:52:07 -07:00			`#include <stdio.h>`
			`#include <stdlib.h>`
			`#include <string.h>`
			`#include <ctype.h>`
			`#include <sqlite3.h>`
			`#include <unistd.h>`
			`#include <crypt.h>`

			`#define DATABASE "/dgldir/dgamelaunch.db"`
sqlickrypt.c: add the ability to register new users. When sqlickrypt is run with the option "register", it expects a username, password, and email, and adds them to the database if the username is not already in use. 2012-05-21 21:40:56 -07:00			`#define IBUFSIZE 200`
rlgwebd: switch to dgamelaunch's SQLite database. The quickrypt utility is replaced with sqlickrypt, which takes a username and password pair and checks them against the SQLite password database used by dgamelaunch. This will be more extensible to using rlgwebd to register, change passwords, etc. 2012-05-20 15:52:07 -07:00
			`int xcallback(void targ, int ncols, char vals, char *colnames) {`
			`char *pws;`
			`int j;`
			`pws = ((char *) targ);`
			`if (pws == NULL) {`
			`for (j = 0; j < ncols; j++) {`
			`if (!strcmp(colnames[j], "password"))`
			`((char *) targ) = strdup(vals[j]);`
			`}`
			`}`
			`/* Otherwise, this isn't the first row. */`
			`return 0;`
			`}`

sqlickrypt.c: add the ability to register new users. When sqlickrypt is run with the option "register", it expects a username, password, and email, and adds them to the database if the username is not already in use. 2012-05-21 21:40:56 -07:00			`/* Simple callback, for checking if there are any matches. */`
			`int searchcallback(void targ, int ncols, char vals, char *colnames) {`
			`((int ) targ) = 1;`
			`return 0;`
			`}`

			`int check(char uname, char pw) {`
rlgwebd: switch to dgamelaunch's SQLite database. The quickrypt utility is replaced with sqlickrypt, which takes a username and password pair and checks them against the SQLite password database used by dgamelaunch. This will be more extensible to using rlgwebd to register, change passwords, etc. 2012-05-20 15:52:07 -07:00			`char finduser_sql[160];`
sqlickrypt.c: add the ability to register new users. When sqlickrypt is run with the option "register", it expects a username, password, and email, and adds them to the database if the username is not already in use. 2012-05-21 21:40:56 -07:00			`char pwhash = NULL, comphash;`
rlgwebd: switch to dgamelaunch's SQLite database. The quickrypt utility is replaced with sqlickrypt, which takes a username and password pair and checks them against the SQLite password database used by dgamelaunch. This will be more extensible to using rlgwebd to register, change passwords, etc. 2012-05-20 15:52:07 -07:00			`int status;`
sqlickrypt.c: add the ability to register new users. When sqlickrypt is run with the option "register", it expects a username, password, and email, and adds them to the database if the username is not already in use. 2012-05-21 21:40:56 -07:00			`sqlite3 *db;`
rlgwebd: switch to dgamelaunch's SQLite database. The quickrypt utility is replaced with sqlickrypt, which takes a username and password pair and checks them against the SQLite password database used by dgamelaunch. This will be more extensible to using rlgwebd to register, change passwords, etc. 2012-05-20 15:52:07 -07:00
			`strcpy(finduser_sql, "SELECT * FROM dglusers WHERE username='");`
			`strncat(finduser_sql, uname, 40);`
			`strcat(finduser_sql, "';");`

			`status = sqlite3_open(DATABASE, &db);`
			`if (status) {`
			`sqlite3_close(db);`
			`return 1;`
			`}`
			`sqlite3_exec(db, finduser_sql, xcallback, (void *) &pwhash, NULL);`

			`sqlite3_close(db);`
			`/* Now check the password. */`
			`if (pwhash == NULL) {`
			`return 2;`
			`}`
			`comphash = crypt(pw, pwhash);`
			`if (!strcmp(pwhash, comphash))`
			`return 0;`
			`return 1;`
			`}`
sqlickrypt.c: add the ability to register new users. When sqlickrypt is run with the option "register", it expects a username, password, and email, and adds them to the database if the username is not already in use. 2012-05-21 21:40:56 -07:00
			`int insertuser(char uname, char pw, char *email) {`
			`char finduser_sql[160];`
			`int status;`
			`sqlite3 *db;`

			`strcpy(finduser_sql, "BEGIN; SELECT * FROM dglusers WHERE username='");`
			`strncat(finduser_sql, uname, 40);`
			`strcat(finduser_sql, "';");`

			`status = sqlite3_open(DATABASE, &db);`
			`if (status) {`
			`sqlite3_close(db);`
			`return 1;`
			`}`
			`status = 0;`
			`sqlite3_exec(db, finduser_sql, searchcallback, (void *) &status, NULL);`
			`if (!status) {`
			`/* FIXME This is ugly, and email is unsanitzed. */`
			`strcpy(finduser_sql, "INSERT INTO dglusers (username, password, email) VALUES ('");`
			`strncat(finduser_sql, uname, 20);`
			`strcat(finduser_sql, "', '");`
			`strcat(finduser_sql, crypt(pw, pw));`
			`strcat(finduser_sql, "', '");`
			`strncat(finduser_sql, email, 40);`
			`strcat(finduser_sql, "');");`
			`sqlite3_exec(db, finduser_sql, NULL, NULL, NULL);`
			`}`
			`sqlite3_exec(db, "COMMIT;", NULL, NULL, NULL);`
			`sqlite3_close(db);`
			`return status;`
			`}`

			`int main(int argc, char *argv[]) {`
			`char ibuf[IBUFSIZE], uname, pw, *email;`
			`char *cptr; // Utility pointer`
			`int status;`

			`/* Read in the username and password */`
			`fgets(ibuf, IBUFSIZE, stdin);`
			`uname = ibuf;`
			`pw = strchr(uname, '\n');`
			`if (pw == NULL)`
			`exit(4); /* Truncated */`
			`*pw = '\0';`
			`pw++;`
			`fgets(pw, IBUFSIZE - (pw - ibuf), stdin);`
			`if (pw[strlen(pw) - 1] == '\n')`
			`pw[strlen(pw) - 1] = '\0';`
			`else`
			`exit(4); /* Truncated */`
			`if (argc > 1 && !strcmp(argv[1], "register")) {`
			`email = pw + strlen(pw) + 1;`
			`fgets(email, IBUFSIZE - (email - ibuf), stdin);`
			`if (email[strlen(email) - 1] == '\n')`
			`email[strlen(email) - 1] = '\0';`
			`else`
			`exit(4);`
			`for (cptr = email; *cptr != '\0'; cptr++) {`
			`if (!isalnum(cptr) && !strchr("@._-", cptr)) {`
			`exit(4);`
			`}`
			`}`
			`}`
			`/* Sanitize the username, because it gets put into a query. */`
			`for (cptr = uname; *cptr != '\0'; cptr++) {`
			`if (!isalnum(*cptr)) {`
			`exit(4);`
			`}`
			`}`
			`if (argc == 1 \|\| !strcmp(argv[1], "check"))`
			`status = check(uname, pw);`
			`else if (!strcmp(argv[1], "register")) {`
			`status = insertuser(uname, pw, email);`
			`}`
			`else`
			`status = 127;`
			`return status;`
			`}`