Log(LOGERR, "No user matching %s", user);
}
-
+ //TODO: Handle administrator users somehow better than this
+ // UserCake stores the permission level in a seperate table to the username/password, which is annoying
+ if (user_type != USER_UNAUTH && strcmp(user, "admin") == 0)
+ {
+ user_type = USER_ADMIN;
+ }
mysql_free_result(result);
mysql_close(con);
return user_type;
passwd_index = -1;
}
+ fclose(f);
+
if (passwd_index <= 0)
{
//Log(LOGDEBUG,"No user found matching %s\n", user);
/**
* Handle a Login Request
* @param context - The context
- * @param params - Parameter string, should contain username and password
+ * @param params - Parameter string, should contain username and password.
+ * NOTE: Care should be taken when using params, as it is
+ * completely unescaped. Do not log or use it without
+ * suitable escaping.
*/
void Login_Handler(FCGIContext * context, char * params)
{
case AUTH_LDAP:
{
- if (strlen(pass) <= 0)
+ if (*pass == '\0')
{
FCGI_RejectJSON(context, "No password supplied.");
return;
{
//WARNING: C string manipulation code approaching!
// Non reentrent; uses strsep and modifies g_options.auth_options
- // If problems happen, try strdup ...
+ // If problems happen, try strdup first ...
static char * db_opts[] = {"root", "", "users", "uc_users"};
static bool db_init_opts = false;
if (!db_init_opts)
break;
}
}
- Log(LOGDEBUG, "MySQL: user %s pass %s name %s table %s", db_opts[0], db_opts[1], db_opts[2], db_opts[3]);
+ //Log(LOGDEBUG, "MySQL: user %s pass %s name %s table %s", db_opts[0], db_opts[1], db_opts[2], db_opts[3]);
}
user_type = Login_MySQL(user, pass, g_options.auth_uri, db_opts[0],db_opts[1], db_opts[2], db_opts[3]);
git.ucc.asn.au / matches / MCTX3420.git / blobdiff
UCC git Repository :: git.ucc.asn.au