From fb27cbc7ae300f21bfd57234b6f1b41dcd8b7ccd Mon Sep 17 00:00:00 2001 From: Minho Kang Date: Fri, 1 Sep 2017 18:42:36 +0900 Subject: [PATCH] Format --- src/servers/Server_REST/SapphireAPI.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/servers/Server_REST/SapphireAPI.cpp b/src/servers/Server_REST/SapphireAPI.cpp index e5db9fbb..a3829835 100644 --- a/src/servers/Server_REST/SapphireAPI.cpp +++ b/src/servers/Server_REST/SapphireAPI.cpp @@ -29,6 +29,7 @@ Core::Network::SapphireAPI::~SapphireAPI() bool Core::Network::SapphireAPI::login( const std::string& username, const std::string& pass, std::string& sId ) { + // FIXME: username is vuln to SQLi std::string query = "SELECT account_id, account_pass FROM accounts WHERE account_name = '" + username + "';"; // check if a user with that name / password exists @@ -39,13 +40,12 @@ bool Core::Network::SapphireAPI::login( const std::string& username, const std:: // id is assumed to be verified with SQL // check password here - auto const accountPass = pQR->fetch()[1].getString(); - if ( crypto_pwhash_argon2i_str_verify( accountPass, pass.c_str(), pass.length()) != 0 ) + auto accountPass = pQR->fetch()[1].getString(); + if ( crypto_pwhash_argon2i_str_verify( accountPass, pass.c_str(), pass.length() ) != 0 ) { return false; } - // user found, proceed int32_t accountId = pQR->fetch()[0].getUInt32(); @@ -109,11 +109,11 @@ bool Core::Network::SapphireAPI::createAccount( const std::string& username, con pQR = g_database.query( "SELECT MAX(account_id) FROM accounts;" ); int32_t accountId = pQR->fetch()[0].getUInt32() + 1; - + // Hash password char hash[crypto_pwhash_STRBYTES]; - if (crypto_pwhash_argon2i_str(hash, pass.c_str(), pass.length(), crypto_pwhash_OPSLIMIT_INTERACTIVE, crypto_pwhash_MEMLIMIT_INTERACTIVE) != 0) + if ( crypto_pwhash_argon2i_str( hash, pass.c_str(), pass.length(), crypto_pwhash_OPSLIMIT_INTERACTIVE, crypto_pwhash_MEMLIMIT_INTERACTIVE ) != 0 ) { - // Failed to allocate memory + // Failed to allocate a memory return false; }