Add files via upload
This commit is contained in:
Bluzume
GitHub
parent
5c48c86614
commit
88ed4006f2
|
|
@ -23,12 +23,7 @@ jsonData = json.loads(post)
|
|||
result = {"status":SUCCESS}
|
||||
|
||||
|
||||
def xor(data, key):
|
||||
l = len(key)
|
||||
return bytearray((
|
||||
(data[i] ^ key[i % l]) for i in range(0,len(data))
|
||||
))
|
||||
|
||||
|
||||
def CheckUserExists(username):
|
||||
c = db.cursor()
|
||||
cur = c.execute('SELECT COUNT(1) from users WHERE Name=?',(username,))
|
||||
|
|
@ -63,16 +58,8 @@ def TryCreate():
|
|||
#Generate password hash
|
||||
Salt = binascii.hexlify(os.urandom(64)).decode('utf8')
|
||||
|
||||
m = hashlib.sha512()
|
||||
m.update(password.encode('utf-8'))
|
||||
PasswordHash = m.digest()
|
||||
|
||||
m = hashlib.sha512()
|
||||
m.update(securityAnswer.encode('utf-8'))
|
||||
AnswerHash = m.digest()
|
||||
|
||||
PassHashSalted = binascii.hexlify(xor(bytearray(PasswordHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
||||
AnswerHashSalted = binascii.hexlify(xor(bytearray(AnswerHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
||||
PassHashSalted = pass_salt_algo(password,Salt);
|
||||
AnswerHashSalted = pass_salt_algo(securityAnswer,Salt);
|
||||
|
||||
c = db.cursor()
|
||||
c.execute('UPDATE users SET LastSession=NULL WHERE LastSession=?',(authToken,))
|
||||
|
|
|
|||
|
|
@ -21,12 +21,6 @@ jsonData = json.loads(post)
|
|||
result = {"status":SUCCESS}
|
||||
|
||||
|
||||
def xor(data, key):
|
||||
l = len(key)
|
||||
return bytearray((
|
||||
(data[i] ^ key[i % l]) for i in range(0,len(data))
|
||||
))
|
||||
|
||||
def TryLogin():
|
||||
username = jsonData['name'].lower()
|
||||
password = jsonData['password']
|
||||
|
|
@ -43,14 +37,14 @@ def TryLogin():
|
|||
return 0
|
||||
#Check Password
|
||||
cur = c.execute('SELECT PassHash,Salt from users WHERE Name= ?',(username,))
|
||||
rows = cur.fetchone()
|
||||
m = hashlib.sha512()
|
||||
m.update(password.encode('utf-8'))
|
||||
InputHash = m.digest()
|
||||
|
||||
rows = cur.fetchone()
|
||||
|
||||
PassHash = rows[0]
|
||||
Salt = rows[1]
|
||||
SaltedHash = binascii.hexlify(xor(bytearray(InputHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
||||
|
||||
SaltedHash = pass_salt_algo(password,Salt)
|
||||
|
||||
if SaltedHash != PassHash:
|
||||
result['status'] = INVALID_PASSWORD
|
||||
return 0
|
||||
|
|
|
|||
|
|
@ -21,12 +21,6 @@ post = sys.stdin.read(content_len)
|
|||
jsonData = json.loads(post)
|
||||
result = {"status":SUCCESS}
|
||||
|
||||
def xor(data, key):
|
||||
l = len(key)
|
||||
return bytearray((
|
||||
(data[i] ^ key[i % l]) for i in range(0,len(data))
|
||||
))
|
||||
|
||||
|
||||
def TryRetrive():
|
||||
username = jsonData['name'].lower()
|
||||
|
|
@ -50,15 +44,10 @@ def TryRetrive():
|
|||
cur = c.execute('SELECT Salt from users WHERE Name=?',(username,))
|
||||
rows = cur.fetchone()
|
||||
Salt = rows[0]
|
||||
|
||||
InputHash = pass_salt_algo(answer, Salt)
|
||||
|
||||
|
||||
m = hashlib.sha512()
|
||||
m.update(answer.encode('utf-8'))
|
||||
InputHash = m.digest()
|
||||
SaltedHash = binascii.hexlify(xor(bytearray(InputHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
||||
|
||||
|
||||
if SaltedHash != AnswerHash:
|
||||
if InputHash != AnswerHash:
|
||||
result['status'] = INVALID_PASSWORD
|
||||
return 0
|
||||
|
||||
|
|
@ -68,12 +57,9 @@ def TryRetrive():
|
|||
if len(answer) < 9:
|
||||
newPass += str(random.randint(0,999))
|
||||
|
||||
m = hashlib.sha512()
|
||||
m.update(newPass.encode('utf-8'))
|
||||
InputHash = m.digest()
|
||||
SaltedHash = binascii.hexlify(xor(bytearray(InputHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
||||
|
||||
c.execute('UPDATE users SET PassHash=? WHERE Name=?',(SaltedHash,username))
|
||||
NewPassHash = pass_salt_algo(newPass, Salt)
|
||||
|
||||
c.execute('UPDATE users SET PassHash=? WHERE Name=?',(NewPassHash,username))
|
||||
c.execute('UPDATE users SET LastSession=NULL WHERE Name=?',(username,))
|
||||
|
||||
result['password'] = newPass
|
||||
|
|
|
|||
|
|
@ -1,7 +1,11 @@
|
|||
# Add <server_path>/friends/cgi-bin to $PYTHONPATH in /etc/enviroment and as a SetVar for your VirtualHost in apache2
|
||||
|
||||
import sqlite3
|
||||
import binascii
|
||||
import hashlib
|
||||
|
||||
#MAKE SURE THE DB IS *OUTSIDE* THE PUBLIC_HTML!!!
|
||||
SQLLITE_DB_PATH = "/home/silica/DreamTown.db"
|
||||
SQLLITE_DB_PATH = "/home/web/DreamTown.db"
|
||||
|
||||
SUCCESS = 1
|
||||
USER_DOES_NOT_EXIST = 2
|
||||
|
|
@ -12,6 +16,28 @@ ANSWER_INCORRECT = 5
|
|||
|
||||
db = sqlite3.connect(SQLLITE_DB_PATH)
|
||||
|
||||
|
||||
def xor(data, key):
|
||||
l = len(key)
|
||||
return bytearray((
|
||||
(data[i] ^ key[i % l]) for i in range(0,len(data))
|
||||
))
|
||||
|
||||
|
||||
def pass_salt_algo(passwd, Salt):
|
||||
m = hashlib.sha512()
|
||||
m.update(passwd.encode('utf-8'))
|
||||
passHash = m.digest()
|
||||
|
||||
salt = bytearray(binascii.unhexlify(Salt))
|
||||
saltedHash = xor(passHash,salt);
|
||||
|
||||
m = hashlib.sha512()
|
||||
m.update(saltedHash)
|
||||
outHash = m.digest();
|
||||
|
||||
return binascii.hexlify(outHash).decode("utf-8")
|
||||
|
||||
c = db.cursor()
|
||||
try:
|
||||
c.execute("""
|
||||
|
|
|
|||
Loading…
Reference in New Issue