warden/rlgwebd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sqlickrypt.c: add the ability to register new users.

Browse source 
When sqlickrypt is run with the option "register", it expects a
username, password, and email, and adds them to the database if the
username is not already in use.
This commit is contained in:
John "Elwin" Edwards 2012-05-21 21:40:56 -07:00
parent e7bcd4be4a
commit dfbd2a71d0
1 changed files with 91 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

118
sqlickrypt.c
View file

@ -7,6 +7,7 @@
#include <crypt.h> #include <crypt.h>
#define DATABASE "/dgldir/dgamelaunch.db" #define DATABASE "/dgldir/dgamelaunch.db"
#define IBUFSIZE 200
int xcallback(void *targ, int ncols, char **vals, char **colnames) { int xcallback(void *targ, int ncols, char **vals, char **colnames) {
char *pws; char *pws;
@ -22,33 +23,18 @@ int xcallback(void *targ, int ncols, char **vals, char **colnames) {
return 0; return 0;
} }
int main(int argc, char *argv[]) { /* Simple callback, for checking if there are any matches. */
char ibuf[160], *uname, *pw, *pwhash = NULL, *comphash; int searchcallback(void *targ, int ncols, char **vals, char **colnames) {
char finduser_sql[160]; *((int *) targ) = 1;
char *cptr; // Utility pointer return 0;
sqlite3 *db; }
int status;
int check(char *uname, char *pw) {
char finduser_sql[160];
char *pwhash = NULL, *comphash;
int status;
sqlite3 *db;
/* Read in the username and password */
fgets(ibuf, 160, stdin);
uname = ibuf;
pw = strchr(uname, '\n');
if (pw == NULL)
exit(4); /* Truncated */
*pw = '\0';
pw++;
fgets(pw, 160 - (pw - ibuf), stdin);
if (pw[strlen(pw) - 1] == '\n')
pw[strlen(pw) - 1] = '\0';
else
exit(4); /* Truncated */
/* Sanitize the username, because it gets put into a query. */
for (cptr = uname; *cptr != '\0'; cptr++) {
if (!isalnum(*cptr)) {
exit(4);
}
}
/* Construct the query */
strcpy(finduser_sql, "SELECT * FROM dglusers WHERE username='"); strcpy(finduser_sql, "SELECT * FROM dglusers WHERE username='");
strncat(finduser_sql, uname, 40); strncat(finduser_sql, uname, 40);
strcat(finduser_sql, "';"); strcat(finduser_sql, "';");
@ -61,7 +47,6 @@ int main(int argc, char *argv[]) {
sqlite3_exec(db, finduser_sql, xcallback, (void *) &pwhash, NULL); sqlite3_exec(db, finduser_sql, xcallback, (void *) &pwhash, NULL);
sqlite3_close(db); sqlite3_close(db);
/* Now check the password. */ /* Now check the password. */
if (pwhash == NULL) { if (pwhash == NULL) {
return 2; return 2;
@ -71,3 +56,82 @@ int main(int argc, char *argv[]) {
return 0; return 0;
return 1; return 1;
} }
int insertuser(char *uname, char *pw, char *email) {
char finduser_sql[160];
int status;
sqlite3 *db;
strcpy(finduser_sql, "BEGIN; SELECT * FROM dglusers WHERE username='");
strncat(finduser_sql, uname, 40);
strcat(finduser_sql, "';");
status = sqlite3_open(DATABASE, &db);
if (status) {
sqlite3_close(db);
return 1;
}
status = 0;
sqlite3_exec(db, finduser_sql, searchcallback, (void *) &status, NULL);
if (!status) {
/* FIXME This is ugly, and email is unsanitzed. */
strcpy(finduser_sql, "INSERT INTO dglusers (username, password, email) VALUES ('");
strncat(finduser_sql, uname, 20);
strcat(finduser_sql, "', '");
strcat(finduser_sql, crypt(pw, pw));
strcat(finduser_sql, "', '");
strncat(finduser_sql, email, 40);
strcat(finduser_sql, "');");
sqlite3_exec(db, finduser_sql, NULL, NULL, NULL);
}
sqlite3_exec(db, "COMMIT;", NULL, NULL, NULL);
sqlite3_close(db);
return status;
}
int main(int argc, char *argv[]) {
char ibuf[IBUFSIZE], *uname, *pw, *email;
char *cptr; // Utility pointer
int status;
/* Read in the username and password */
fgets(ibuf, IBUFSIZE, stdin);
uname = ibuf;
pw = strchr(uname, '\n');
if (pw == NULL)
exit(4); /* Truncated */
*pw = '\0';
pw++;
fgets(pw, IBUFSIZE - (pw - ibuf), stdin);
if (pw[strlen(pw) - 1] == '\n')
pw[strlen(pw) - 1] = '\0';
else
exit(4); /* Truncated */
if (argc > 1 && !strcmp(argv[1], "register")) {
email = pw + strlen(pw) + 1;
fgets(email, IBUFSIZE - (email - ibuf), stdin);
if (email[strlen(email) - 1] == '\n')
email[strlen(email) - 1] = '\0';
else
exit(4);
for (cptr = email; *cptr != '\0'; cptr++) {
if (!isalnum(*cptr) && !strchr("@._-", *cptr)) {
exit(4);
}
}
}
/* Sanitize the username, because it gets put into a query. */
for (cptr = uname; *cptr != '\0'; cptr++) {
if (!isalnum(*cptr)) {
exit(4);
}
}
if (argc == 1 || !strcmp(argv[1], "check"))
status = check(uname, pw);
else if (!strcmp(argv[1], "register")) {
status = insertuser(uname, pw, email);
}
else
status = 127;
return status;
}