SetPassword in Trunk Code

Started by szll2010, February 26, 2011, 11:27:07 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

szll2010

February 26, 2011, 11:27:07 AM
Dear Victor,

There is a bug in the userdb_objects.cpp in trunk. The setpassword function does not consider the Unicode and MBCS. However, I changed the code to this:
void User::setPassword(const TCHAR *password, bool clearChangePasswdFlag)
{
#ifdef UNICODE
   char *mb = MBStringFromWideString(password);
   CalculateSHA1Hash((BYTE *)mb, strlen(mb), m_passwordHash);
   free(mb);
#else
   CalculateSHA1Hash((BYTE *)password, _tcslen(password), m_passwordHash);
#endif
   //CalculateSHA1Hash((BYTE *)password, _tcslen(password), m_passwordHash);
   m_graceLogins = MAX_GRACE_LOGINS;
   m_flags |= UF_MODIFIED;
   if (clearChangePasswdFlag)
      m_flags &= ~UF_CHANGE_PASSWORD;
}
Still has the problem with setting or changing the password.

Could you check?

best regards,

szll2010

Victor Kirhenshtein

#1
February 26, 2011, 01:28:14 PM
Hi!

I changed both setPassword and validatePassword to use UTF-8 instead of current server's page to calculate hash:


bool User::validatePassword(const TCHAR *password)
{
   BYTE hash[SHA1_DIGEST_SIZE];

#ifdef UNICODE
   char mbPassword[1024];
   WideCharToMultiByte(CP_UTF8, 0, password, -1, mbPassword, 1024, NULL, NULL);
   mbPassword[1023] = 0;
   CalculateSHA1Hash((BYTE *)mbPassword, strlen(mbPassword), hash);
#else
   CalculateSHA1Hash((BYTE *)password, strlen(password), hash);
#endif
   return !memcmp(hash, m_passwordHash, SHA1_DIGEST_SIZE);
}


void User::setPassword(const TCHAR *password, bool clearChangePasswdFlag)
{
#ifdef UNICODE
   char mbPassword[1024];
   WideCharToMultiByte(CP_UTF8, 0, password, -1, mbPassword, 1024, NULL, NULL);
   mbPassword[1023] = 0;
   CalculateSHA1Hash((BYTE *)mbPassword, strlen(mbPassword), m_passwordHash);
#else
   CalculateSHA1Hash((BYTE *)password, strlen(password), m_passwordHash);
#endif
   m_graceLogins = MAX_GRACE_LOGINS;
   m_flags |= UF_MODIFIED;
   if (clearChangePasswdFlag)
      m_flags &= ~UF_CHANGE_PASSWORD;
}


tested it on Russian, Chinese, and Japanese characters - works fine. This solution, however, will cause problem for already set non-latin1 passwords - they will need to be reset.

Changed code already commited to svn.

Best regards,
Victor
Print
Go Up Pages1
User actions