Khaganat-NeL/khanat-opennel-code
2
0
Fork 0
Code Issues 21 Pull requests Projects Releases 1 Packages Wiki Activity

Refactor the way error is thrown in ask salt.

Browse source
This commit is contained in:
Stanislas Dolcini 2018-10-05 19:46:44 +02:00
parent ad07c3fc51
commit b6a989599c
1 changed files with 7 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
code/web/public_php/login/class/ConnectionHandler.php
View file

@ -40,16 +40,15 @@ class ConnectionHandler
private function askSalt($login, $lang)
{
setMsgLanguage($lang);
$escaped_login = $mysqli->escape_string($login);
$escaped_login = $this->db_Connection->escape_string($login);
if ($stmt = $this->db_Connection->prepare('SELECT Password FROM user WHERE Login=\'?\' LIMIT 1')) {
if ($stmt = mysqli_prepare('SELECT TOP 1 Password FROM user WHERE Login=\'?\'')) {
$stmt->bind_param("s", $escaped_login);
$stmt->execute();
$stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if ($stmt->num_rows == 1 && $stmt->fetch()) {
$salt = get_salt($password);
$stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_Connection->error));
if ($stmt->fetch() && $stmt->num_rows == 1) {
$salt = '1:' . get_salt($password);
} else {
die(errorMsgBlock(2001, $login, 'askSalt'));
$salt = errorMsgBlock(2001, $login, 'askSalt');
}
$stmt->close();
}
@ -113,10 +112,10 @@ class ConnectionHandler
{
switch ($command->cmd) {
case 'ask':
echo '1:' . askSalt($command->login, $command->submittedLang);
echo askSalt($command->login, $command->submittedLang);
break;
case 'login-https':
$salt = askSalt($command->login, $command->submittedLang);
$salt = substr(askSalt($command->login, $command->submittedLang), 2);
$generated_password = crypt($command->password, sprintf('$6$rounds=%d$%s$', 5000, $salt));
login($command->login, $generated_password, $command->clientApplication, $command->cp, $command->submittedLang);
break;