From 995a062f29c2fda26a69addb45dd39756191cbbc Mon Sep 17 00:00:00 2001 From: Andrew Pamment Date: Fri, 5 Aug 2016 07:43:11 +1000 Subject: [PATCH] Update settings to support hashed passwords --- bbs.h | 2 ++ settings.c | 17 +++++++++++------ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/bbs.h b/bbs.h index 8895ac9..bb1ac3e 100644 --- a/bbs.h +++ b/bbs.h @@ -153,6 +153,8 @@ extern void disconnect(int socket, char *calledby); extern void display_info(int socket); extern void display_last10_callers(int socket, struct user_record *user); +extern void gen_salt(char **s); +extern char *hash_sha256(char *pass, char *salt); extern int save_user(struct user_record *user); extern int check_user(char *loginname); extern struct user_record *new_user(int socket); diff --git a/settings.c b/settings.c index f5a0f3b..1411cea 100644 --- a/settings.c +++ b/settings.c @@ -8,7 +8,8 @@ void settings_menu(int sock, struct user_record *user) { char buffer[256]; int dosettings = 0; char c; - + char *hash; + while (!dosettings) { s_putstring(sock, "\e[2J\e[1;32mYour Settings\r\n"); s_putstring(sock, "\e[1;30m-------------------------------------------------------------------------------\e[0m\r\n"); @@ -17,21 +18,25 @@ void settings_menu(int sock, struct user_record *user) { s_putstring(sock, buffer); s_putstring(sock, "\e[0;36mQ. \e[1;37mQuit to Main Menu\r\n"); s_putstring(sock, "\e[1;30m-------------------------------------------------------------------------------\e[0m\r\n"); - + c = s_getc(sock); - + switch(tolower(c)) { case 'p': { s_putstring(sock, "\r\nEnter your current password: "); s_readpass(sock, buffer, 16); - if (strcmp(buffer, user->password) == 0) { + hash = hash_sha256(buffer, user->salt); + if (strcmp(hash, user->password) == 0) { s_putstring(sock, "\r\nEnter your new password (8 chars min): "); s_readstring(sock, buffer, 16); if (strlen(buffer) >= 8) { free(user->password); - user->password = (char *)malloc(strlen(buffer) + 1); - strcpy(user->password, buffer); + free(user->salt); + + gen_salt(&user->salt); + user->password = hash_sha256(buffer, user->salt); + save_user(user); s_putstring(sock, "\r\nPassword Changed!\r\n"); } else {