Add files via upload
This commit is contained in:
parent
c0fe76acce
commit
e6f0b2ee72
|
@ -37,7 +37,7 @@ def CheckUserExists(username):
|
||||||
return count
|
return count
|
||||||
|
|
||||||
def TryCreate():
|
def TryCreate():
|
||||||
username = jsonData['name']
|
username = jsonData['name'].lower()
|
||||||
password = jsonData['password']
|
password = jsonData['password']
|
||||||
authToken = jsonData['authToken']
|
authToken = jsonData['authToken']
|
||||||
securityAnswer = jsonData['answer']
|
securityAnswer = jsonData['answer']
|
||||||
|
@ -75,6 +75,7 @@ def TryCreate():
|
||||||
AnswerHashSalted = binascii.hexlify(xor(bytearray(AnswerHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
AnswerHashSalted = binascii.hexlify(xor(bytearray(AnswerHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
||||||
|
|
||||||
c = db.cursor()
|
c = db.cursor()
|
||||||
|
c.execute('UPDATE users SET LastSession=NULL WHERE LastSession=?',(authToken,))
|
||||||
c.execute('INSERT INTO users VAlUES (?,?,?,?,?)',(username,PassHashSalted,Salt,authToken,math.floor(time.time())))
|
c.execute('INSERT INTO users VAlUES (?,?,?,?,?)',(username,PassHashSalted,Salt,authToken,math.floor(time.time())))
|
||||||
c.execute('INSERT INTO securityQuestion VAlUES (?,?,?)',(username,questionType,AnswerHashSalted))
|
c.execute('INSERT INTO securityQuestion VAlUES (?,?,?)',(username,questionType,AnswerHashSalted))
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,7 @@ def xor(data, key):
|
||||||
))
|
))
|
||||||
|
|
||||||
def TryLogin():
|
def TryLogin():
|
||||||
username = jsonData['name']
|
username = jsonData['name'].lower()
|
||||||
password = jsonData['password']
|
password = jsonData['password']
|
||||||
authToken = jsonData['authToken']
|
authToken = jsonData['authToken']
|
||||||
|
|
||||||
|
@ -53,7 +53,8 @@ def TryLogin():
|
||||||
SaltedHash = binascii.hexlify(xor(bytearray(InputHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
SaltedHash = binascii.hexlify(xor(bytearray(InputHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
||||||
if SaltedHash != PassHash:
|
if SaltedHash != PassHash:
|
||||||
result['status'] = INVALID_PASSWORD
|
result['status'] = INVALID_PASSWORD
|
||||||
return 0
|
return 0
|
||||||
|
c.execute('UPDATE users SET LastSession=NULL WHERE LastSession=?',(authToken,))
|
||||||
c.execute('UPDATE users SET LastSession=? WHERE Name=?',(authToken,username))
|
c.execute('UPDATE users SET LastSession=? WHERE Name=?',(authToken,username))
|
||||||
|
|
||||||
|
|
||||||
|
|
88
DreamTown/cgi-bin/auth/5555/retrievePassword
Normal file
88
DreamTown/cgi-bin/auth/5555/retrievePassword
Normal file
|
@ -0,0 +1,88 @@
|
||||||
|
#!/usr/bin/python3
|
||||||
|
from dreamtown_config import *
|
||||||
|
import sys
|
||||||
|
import binascii
|
||||||
|
import os
|
||||||
|
import json
|
||||||
|
import sqlite3
|
||||||
|
import random
|
||||||
|
import hashlib
|
||||||
|
|
||||||
|
print("Content-Type: application/json")
|
||||||
|
print("")
|
||||||
|
method = os.environ["REQUEST_METHOD"]
|
||||||
|
if method != "POST":
|
||||||
|
print("Expected POST")
|
||||||
|
os._exit()
|
||||||
|
|
||||||
|
|
||||||
|
content_len = int(os.environ["CONTENT_LENGTH"])
|
||||||
|
post = sys.stdin.read(content_len)
|
||||||
|
jsonData = json.loads(post)
|
||||||
|
result = {"status":SUCCESS}
|
||||||
|
|
||||||
|
def xor(data, key):
|
||||||
|
l = len(key)
|
||||||
|
return bytearray((
|
||||||
|
(data[i] ^ key[i % l]) for i in range(0,len(data))
|
||||||
|
))
|
||||||
|
|
||||||
|
|
||||||
|
def TryRetrive():
|
||||||
|
username = jsonData['name'].lower()
|
||||||
|
answer = jsonData['answer'].lower()
|
||||||
|
authToken = jsonData['authToken']
|
||||||
|
|
||||||
|
#Check User Exists
|
||||||
|
c = db.cursor()
|
||||||
|
cur = c.execute('SELECT COUNT(1) from users WHERE Name=?',(username,))
|
||||||
|
rows = cur.fetchone()
|
||||||
|
count = rows[0]
|
||||||
|
|
||||||
|
if count == 0:
|
||||||
|
result['status'] = USER_DOES_NOT_EXIST
|
||||||
|
return 0
|
||||||
|
#Check Answer
|
||||||
|
cur = c.execute('SELECT AnswerHash from securityQuestion WHERE Name= ?',(username,))
|
||||||
|
rows = cur.fetchone()
|
||||||
|
AnswerHash = rows[0]
|
||||||
|
|
||||||
|
cur = c.execute('SELECT Salt from users WHERE Name=?',(username,))
|
||||||
|
rows = cur.fetchone()
|
||||||
|
Salt = rows[0]
|
||||||
|
|
||||||
|
|
||||||
|
m = hashlib.sha512()
|
||||||
|
m.update(answer.encode('utf-8'))
|
||||||
|
InputHash = m.digest()
|
||||||
|
SaltedHash = binascii.hexlify(xor(bytearray(InputHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
||||||
|
|
||||||
|
|
||||||
|
if SaltedHash != AnswerHash:
|
||||||
|
result['status'] = INVALID_PASSWORD
|
||||||
|
return 0
|
||||||
|
|
||||||
|
# Set new password
|
||||||
|
# Unlike bandai, we store our passwords securely
|
||||||
|
newPass = answer
|
||||||
|
if len(answer) < 9:
|
||||||
|
newPass += str(random.randint(0,999))
|
||||||
|
|
||||||
|
m = hashlib.sha512()
|
||||||
|
m.update(newPass.encode('utf-8'))
|
||||||
|
InputHash = m.digest()
|
||||||
|
SaltedHash = binascii.hexlify(xor(bytearray(InputHash),bytearray(binascii.unhexlify(Salt)))).decode('utf-8')
|
||||||
|
|
||||||
|
c.execute('UPDATE users SET PassHash=? WHERE Name=?',(SaltedHash,username))
|
||||||
|
c.execute('UPDATE users SET LastSession=NULL WHERE Name=?',(username,))
|
||||||
|
|
||||||
|
result['password'] = newPass
|
||||||
|
|
||||||
|
db = sqlite3.connect(SQLLITE_DB_PATH)
|
||||||
|
TryRetrive()
|
||||||
|
db.commit()
|
||||||
|
db.close()
|
||||||
|
print(json.dumps(result))
|
||||||
|
|
||||||
|
|
||||||
|
|
51
DreamTown/cgi-bin/auth/5555/retrieveQuestion
Normal file
51
DreamTown/cgi-bin/auth/5555/retrieveQuestion
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
#!/usr/bin/python3
|
||||||
|
from dreamtown_config import *
|
||||||
|
import sys
|
||||||
|
import binascii
|
||||||
|
import os
|
||||||
|
import json
|
||||||
|
import sqlite3
|
||||||
|
import hashlib
|
||||||
|
|
||||||
|
print("Content-Type: application/json")
|
||||||
|
print("")
|
||||||
|
method = os.environ["REQUEST_METHOD"]
|
||||||
|
if method != "POST":
|
||||||
|
print("Expected POST")
|
||||||
|
os._exit()
|
||||||
|
|
||||||
|
|
||||||
|
content_len = int(os.environ["CONTENT_LENGTH"])
|
||||||
|
post = sys.stdin.read(content_len)
|
||||||
|
jsonData = json.loads(post)
|
||||||
|
result = {"status":SUCCESS}
|
||||||
|
|
||||||
|
|
||||||
|
def TryRetrive():
|
||||||
|
username = jsonData['name'].lower()
|
||||||
|
authToken = jsonData['authToken']
|
||||||
|
|
||||||
|
#Check User Exists
|
||||||
|
c = db.cursor()
|
||||||
|
cur = c.execute('SELECT COUNT(1) from users WHERE Name=?',(username,))
|
||||||
|
rows = cur.fetchone()
|
||||||
|
count = rows[0]
|
||||||
|
|
||||||
|
if count == 0:
|
||||||
|
result['status'] = USER_DOES_NOT_EXIST
|
||||||
|
return 0
|
||||||
|
#Check QuestionType
|
||||||
|
cur = c.execute('SELECT QuestionType from securityQuestion WHERE Name=?',(username,))
|
||||||
|
rows = cur.fetchone()
|
||||||
|
QuestionType = rows[0]
|
||||||
|
result['questionId'] = QuestionType
|
||||||
|
|
||||||
|
|
||||||
|
db = sqlite3.connect(SQLLITE_DB_PATH)
|
||||||
|
TryRetrive()
|
||||||
|
db.commit()
|
||||||
|
db.close()
|
||||||
|
print(json.dumps(result))
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user