Add files via upload

2019-09-17 13:11:10 +12:00 · 2019-09-17 13:11:10 +12:00 · e6f0b2ee72
parent c0fe76acce
commit e6f0b2ee72
4 changed files with 144 additions and 3 deletions
--- a/DreamTown/cgi-bin/auth/5555/create
+++ b/DreamTown/cgi-bin/auth/5555/create
@ -37,7 +37,7 @@ def CheckUserExists(username):
 	return count

 def TryCreate():
-	username = jsonData['name']
+	username = jsonData['name'].lower()
 	password = jsonData['password']
 	authToken = jsonData['authToken']
 	securityAnswer = jsonData['answer']
@ -75,6 +75,7 @@ def TryCreate():
 	AnswerHashSalted = binascii.hexlify(xor(bytearray(AnswerHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
 	
 	c = db.cursor()
+	c.execute('UPDATE users SET LastSession=NULL WHERE LastSession=?',(authToken,))
 	c.execute('INSERT INTO users VAlUES (?,?,?,?,?)',(username,PassHashSalted,Salt,authToken,math.floor(time.time())))
 	c.execute('INSERT INTO securityQuestion VAlUES (?,?,?)',(username,questionType,AnswerHashSalted))

--- a/DreamTown/cgi-bin/auth/5555/login
+++ b/DreamTown/cgi-bin/auth/5555/login
@ -28,7 +28,7 @@ def xor(data, key):
    ))
 	
 def TryLogin():
-	username = jsonData['name']
+	username = jsonData['name'].lower()
 	password = jsonData['password']
 	authToken = jsonData['authToken']
 	
@ -53,7 +53,8 @@ def TryLogin():
 	SaltedHash = binascii.hexlify(xor(bytearray(InputHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
 	if SaltedHash != PassHash:
 		result['status'] = INVALID_PASSWORD
-		return 0
+		return 0
+	c.execute('UPDATE users SET LastSession=NULL WHERE LastSession=?',(authToken,))
 	c.execute('UPDATE users SET LastSession=? WHERE Name=?',(authToken,username))
 	
 		
--- a/DreamTown/cgi-bin/auth/5555/retrievePassword
+++ b/DreamTown/cgi-bin/auth/5555/retrievePassword
@ -0,0 +1,88 @@
+#!/usr/bin/python3
+from dreamtown_config import *
+import sys
+import binascii
+import os
+import json
+import sqlite3
+import random
+import hashlib
+
+print("Content-Type: application/json")
+print("")
+method = os.environ["REQUEST_METHOD"]
+if method != "POST":
+	print("Expected POST")
+	os._exit()
+	
+
+content_len = int(os.environ["CONTENT_LENGTH"])
+post = sys.stdin.read(content_len)
+jsonData = json.loads(post)
+result = {"status":SUCCESS}
+
+def xor(data, key):
+    l = len(key)
+    return bytearray((
+        (data[i] ^ key[i % l]) for i in range(0,len(data))
+    ))
+	
+	
+def TryRetrive():
+	username = jsonData['name'].lower()
+	answer = jsonData['answer'].lower()
+	authToken = jsonData['authToken']
+	
+	#Check User Exists
+	c = db.cursor()
+	cur = c.execute('SELECT COUNT(1) from users WHERE Name=?',(username,))
+	rows = cur.fetchone()
+	count = rows[0]
+	
+	if count == 0:
+		result['status'] = USER_DOES_NOT_EXIST
+		return 0
+	#Check Answer
+	cur = c.execute('SELECT AnswerHash from securityQuestion WHERE Name= ?',(username,))
+	rows = cur.fetchone()
+	AnswerHash = rows[0]
+	
+	cur = c.execute('SELECT Salt from users WHERE Name=?',(username,))
+	rows = cur.fetchone()
+	Salt = rows[0]
+	
+	
+	m = hashlib.sha512()
+	m.update(answer.encode('utf-8'))
+	InputHash = m.digest()
+	SaltedHash = binascii.hexlify(xor(bytearray(InputHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
+	
+	
+	if SaltedHash != AnswerHash:
+		result['status'] = INVALID_PASSWORD
+		return 0
+	
+	# Set new password
+	# Unlike bandai, we store our passwords securely
+	newPass = answer
+	if len(answer) < 9:
+		newPass += str(random.randint(0,999))
+	
+	m = hashlib.sha512()
+	m.update(newPass.encode('utf-8'))
+	InputHash = m.digest()
+	SaltedHash = binascii.hexlify(xor(bytearray(InputHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
+
+	c.execute('UPDATE users SET PassHash=? WHERE Name=?',(SaltedHash,username))
+	c.execute('UPDATE users SET LastSession=NULL WHERE Name=?',(username,))
+	
+	result['password'] = newPass
+
+db = sqlite3.connect(SQLLITE_DB_PATH)
+TryRetrive()
+db.commit()
+db.close()
+print(json.dumps(result))
+		
+
+	
--- a/DreamTown/cgi-bin/auth/5555/retrieveQuestion
+++ b/DreamTown/cgi-bin/auth/5555/retrieveQuestion
@ -0,0 +1,51 @@
+#!/usr/bin/python3
+from dreamtown_config import *
+import sys
+import binascii
+import os
+import json
+import sqlite3
+import hashlib
+
+print("Content-Type: application/json")
+print("")
+method = os.environ["REQUEST_METHOD"]
+if method != "POST":
+	print("Expected POST")
+	os._exit()
+	
+
+content_len = int(os.environ["CONTENT_LENGTH"])
+post = sys.stdin.read(content_len)
+jsonData = json.loads(post)
+result = {"status":SUCCESS}
+
+	
+def TryRetrive():
+	username = jsonData['name'].lower()
+	authToken = jsonData['authToken']
+	
+	#Check User Exists
+	c = db.cursor()
+	cur = c.execute('SELECT COUNT(1) from users WHERE Name=?',(username,))
+	rows = cur.fetchone()
+	count = rows[0]
+	
+	if count == 0:
+		result['status'] = USER_DOES_NOT_EXIST
+		return 0
+	#Check QuestionType
+	cur = c.execute('SELECT QuestionType from securityQuestion WHERE Name=?',(username,))
+	rows = cur.fetchone()
+	QuestionType = rows[0]
+	result['questionId'] = QuestionType 
+	
+		
+db = sqlite3.connect(SQLLITE_DB_PATH)
+TryRetrive()
+db.commit()
+db.close()
+print(json.dumps(result))
+		
+
+