Add files via upload
This commit is contained in:
parent
c0fe76acce
commit
e6f0b2ee72
|
@ -37,7 +37,7 @@ def CheckUserExists(username):
|
|||
return count
|
||||
|
||||
def TryCreate():
|
||||
username = jsonData['name']
|
||||
username = jsonData['name'].lower()
|
||||
password = jsonData['password']
|
||||
authToken = jsonData['authToken']
|
||||
securityAnswer = jsonData['answer']
|
||||
|
@ -75,6 +75,7 @@ def TryCreate():
|
|||
AnswerHashSalted = binascii.hexlify(xor(bytearray(AnswerHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
||||
|
||||
c = db.cursor()
|
||||
c.execute('UPDATE users SET LastSession=NULL WHERE LastSession=?',(authToken,))
|
||||
c.execute('INSERT INTO users VAlUES (?,?,?,?,?)',(username,PassHashSalted,Salt,authToken,math.floor(time.time())))
|
||||
c.execute('INSERT INTO securityQuestion VAlUES (?,?,?)',(username,questionType,AnswerHashSalted))
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@ def xor(data, key):
|
|||
))
|
||||
|
||||
def TryLogin():
|
||||
username = jsonData['name']
|
||||
username = jsonData['name'].lower()
|
||||
password = jsonData['password']
|
||||
authToken = jsonData['authToken']
|
||||
|
||||
|
@ -53,7 +53,8 @@ def TryLogin():
|
|||
SaltedHash = binascii.hexlify(xor(bytearray(InputHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
||||
if SaltedHash != PassHash:
|
||||
result['status'] = INVALID_PASSWORD
|
||||
return 0
|
||||
return 0
|
||||
c.execute('UPDATE users SET LastSession=NULL WHERE LastSession=?',(authToken,))
|
||||
c.execute('UPDATE users SET LastSession=? WHERE Name=?',(authToken,username))
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,88 @@
|
|||
#!/usr/bin/python3
|
||||
from dreamtown_config import *
|
||||
import sys
|
||||
import binascii
|
||||
import os
|
||||
import json
|
||||
import sqlite3
|
||||
import random
|
||||
import hashlib
|
||||
|
||||
print("Content-Type: application/json")
|
||||
print("")
|
||||
method = os.environ["REQUEST_METHOD"]
|
||||
if method != "POST":
|
||||
print("Expected POST")
|
||||
os._exit()
|
||||
|
||||
|
||||
content_len = int(os.environ["CONTENT_LENGTH"])
|
||||
post = sys.stdin.read(content_len)
|
||||
jsonData = json.loads(post)
|
||||
result = {"status":SUCCESS}
|
||||
|
||||
def xor(data, key):
|
||||
l = len(key)
|
||||
return bytearray((
|
||||
(data[i] ^ key[i % l]) for i in range(0,len(data))
|
||||
))
|
||||
|
||||
|
||||
def TryRetrive():
|
||||
username = jsonData['name'].lower()
|
||||
answer = jsonData['answer'].lower()
|
||||
authToken = jsonData['authToken']
|
||||
|
||||
#Check User Exists
|
||||
c = db.cursor()
|
||||
cur = c.execute('SELECT COUNT(1) from users WHERE Name=?',(username,))
|
||||
rows = cur.fetchone()
|
||||
count = rows[0]
|
||||
|
||||
if count == 0:
|
||||
result['status'] = USER_DOES_NOT_EXIST
|
||||
return 0
|
||||
#Check Answer
|
||||
cur = c.execute('SELECT AnswerHash from securityQuestion WHERE Name= ?',(username,))
|
||||
rows = cur.fetchone()
|
||||
AnswerHash = rows[0]
|
||||
|
||||
cur = c.execute('SELECT Salt from users WHERE Name=?',(username,))
|
||||
rows = cur.fetchone()
|
||||
Salt = rows[0]
|
||||
|
||||
|
||||
m = hashlib.sha512()
|
||||
m.update(answer.encode('utf-8'))
|
||||
InputHash = m.digest()
|
||||
SaltedHash = binascii.hexlify(xor(bytearray(InputHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
||||
|
||||
|
||||
if SaltedHash != AnswerHash:
|
||||
result['status'] = INVALID_PASSWORD
|
||||
return 0
|
||||
|
||||
# Set new password
|
||||
# Unlike bandai, we store our passwords securely
|
||||
newPass = answer
|
||||
if len(answer) < 9:
|
||||
newPass += str(random.randint(0,999))
|
||||
|
||||
m = hashlib.sha512()
|
||||
m.update(newPass.encode('utf-8'))
|
||||
InputHash = m.digest()
|
||||
SaltedHash = binascii.hexlify(xor(bytearray(InputHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
||||
|
||||
c.execute('UPDATE users SET PassHash=? WHERE Name=?',(SaltedHash,username))
|
||||
c.execute('UPDATE users SET LastSession=NULL WHERE Name=?',(username,))
|
||||
|
||||
result['password'] = newPass
|
||||
|
||||
db = sqlite3.connect(SQLLITE_DB_PATH)
|
||||
TryRetrive()
|
||||
db.commit()
|
||||
db.close()
|
||||
print(json.dumps(result))
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
#!/usr/bin/python3
|
||||
from dreamtown_config import *
|
||||
import sys
|
||||
import binascii
|
||||
import os
|
||||
import json
|
||||
import sqlite3
|
||||
import hashlib
|
||||
|
||||
print("Content-Type: application/json")
|
||||
print("")
|
||||
method = os.environ["REQUEST_METHOD"]
|
||||
if method != "POST":
|
||||
print("Expected POST")
|
||||
os._exit()
|
||||
|
||||
|
||||
content_len = int(os.environ["CONTENT_LENGTH"])
|
||||
post = sys.stdin.read(content_len)
|
||||
jsonData = json.loads(post)
|
||||
result = {"status":SUCCESS}
|
||||
|
||||
|
||||
def TryRetrive():
|
||||
username = jsonData['name'].lower()
|
||||
authToken = jsonData['authToken']
|
||||
|
||||
#Check User Exists
|
||||
c = db.cursor()
|
||||
cur = c.execute('SELECT COUNT(1) from users WHERE Name=?',(username,))
|
||||
rows = cur.fetchone()
|
||||
count = rows[0]
|
||||
|
||||
if count == 0:
|
||||
result['status'] = USER_DOES_NOT_EXIST
|
||||
return 0
|
||||
#Check QuestionType
|
||||
cur = c.execute('SELECT QuestionType from securityQuestion WHERE Name=?',(username,))
|
||||
rows = cur.fetchone()
|
||||
QuestionType = rows[0]
|
||||
result['questionId'] = QuestionType
|
||||
|
||||
|
||||
db = sqlite3.connect(SQLLITE_DB_PATH)
|
||||
TryRetrive()
|
||||
db.commit()
|
||||
db.close()
|
||||
print(json.dumps(result))
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue