Refactor the way error is thrown in ask salt.

2018-10-05 19:46:44 +02:00 · 2018-10-05 19:46:44 +02:00 · b6a989599c
commit b6a989599c
parent ad07c3fc51
1 changed files with 7 additions and 8 deletions
--- a/code/web/public_php/login/class/ConnectionHandler.php
+++ b/code/web/public_php/login/class/ConnectionHandler.php
@ -40,16 +40,15 @@ class ConnectionHandler
    private function askSalt($login, $lang)
    {
        setMsgLanguage($lang);
-        $escaped_login = $mysqli->escape_string($login);
+        $escaped_login = $this->db_Connection->escape_string($login);
        if ($stmt = $this->db_Connection->prepare('SELECT Password FROM user WHERE Login=\'?\' LIMIT 1')) {
        if ($stmt = mysqli_prepare('SELECT TOP 1 Password FROM user WHERE Login=\'?\'')) {
            $stmt->bind_param("s", $escaped_login);
            $stmt->execute();
-            $stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
+            $stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_Connection->error));
-            if ($stmt->num_rows == 1 && $stmt->fetch()) {
+            if ($stmt->fetch() && $stmt->num_rows == 1) {
-                $salt = get_salt($password);
+                $salt = '1:' . get_salt($password);
            } else {
-                die(errorMsgBlock(2001, $login, 'askSalt'));
+                $salt = errorMsgBlock(2001, $login, 'askSalt');
            }
            $stmt->close();
        }
@ -113,10 +112,10 @@ class ConnectionHandler
    {
        switch ($command->cmd) {
            case 'ask':
-                echo '1:' . askSalt($command->login, $command->submittedLang);
+                echo askSalt($command->login, $command->submittedLang);
                break;
            case 'login-https':
-                $salt = askSalt($command->login, $command->submittedLang);
+                $salt = substr(askSalt($command->login, $command->submittedLang), 2);
                $generated_password = crypt($command->password, sprintf('$6$rounds=%d$%s$', 5000, $salt));
                login($command->login, $generated_password, $command->clientApplication, $command->cp, $command->submittedLang);
                break;