From 173a493897bec0d2158b4dd703e061cf85c4ec8b Mon Sep 17 00:00:00 2001 From: Bluzume <39113159+KuromeSan@users.noreply.github.com> Date: Sun, 21 Jun 2020 23:10:58 +1200 Subject: [PATCH] ! was not in original dreamtown ! --- DreamTown/cgi-bin/auth/5555/changePassword | 65 ++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 DreamTown/cgi-bin/auth/5555/changePassword diff --git a/DreamTown/cgi-bin/auth/5555/changePassword b/DreamTown/cgi-bin/auth/5555/changePassword new file mode 100644 index 0000000..9fb7062 --- /dev/null +++ b/DreamTown/cgi-bin/auth/5555/changePassword @@ -0,0 +1,65 @@ +#!/usr/bin/python3 +from dreamtown_config import * +import sys +import binascii +import os +import json +import sqlite3 +import hashlib + +print("Content-Type: application/json") +print("") +method = os.environ["REQUEST_METHOD"] +if method != "POST": + print("Expected POST") + os._exit() + + +content_len = int(os.environ["CONTENT_LENGTH"]) +post = sys.stdin.read(content_len) +jsonData = json.loads(post) +result = {"status":SUCCESS} + + +def TryLogin(): + username = jsonData['name'].lower() + old_password = jsonData['old_password'] + new_password = jsonData['new_password'] + + #Check User Exists + c = db.cursor() + cur = c.execute('SELECT COUNT(1) from users WHERE Name=?',(username,)) + rows = cur.fetchone() + count = rows[0] + + if count == 0: + result['status'] = USER_DOES_NOT_EXIST + return 0 + #Check Password + cur = c.execute('SELECT PassHash,Salt from users WHERE Name= ?',(username,)) + + rows = cur.fetchone() + + PassHash = rows[0] + Salt = rows[1] + + SaltedHash = pass_salt_algo(old_password,Salt) + if SaltedHash != PassHash: + result['status'] = INVALID_PASSWORD + return 0 + + NewSaltedHash = pass_salt_algo(new_password,Salt) + + #Update password + result['status'] = SUCCESS + c.execute('UPDATE users SET PassHash=? WHERE Name=?',(NewSaltedHash,username)) + c.execute('UPDATE users SET LastSession=NULL WHERE Name=?',(username,)) + +db = sqlite3.connect(SQLLITE_DB_PATH) +TryLogin() +db.commit() +db.close() +print(json.dumps(result)) + + + \ No newline at end of file