Update server:

* Check that $db variable is OK before processing database requests
	* Don't close $db before calling lastErrorMsg()
	* Add support for user & url parameters from gPass popup
This commit is contained in:
Gregory Soutade 2020-02-26 16:00:24 +01:00
parent 6f1e2a814d
commit 9d528aeaa0
4 changed files with 38 additions and 34 deletions

View File

@ -1,6 +1,6 @@
<?php <?php
/* /*
Copyright (C) 2013-2015 Grégory Soutadé Copyright (C) 2013-2020 Grégory Soutadé
This file is part of gPass. This file is part of gPass.
@ -63,29 +63,30 @@ $PROTOCOL_VERSION = 4;
$db = load_database(); $db = load_database();
$res = "";
$statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
echo "protocol=gpass-$PROTOCOL_VERSION\n"; echo "protocol=gpass-$PROTOCOL_VERSION\n";
if ($PBKDF2_LEVEL != 1000) if ($PBKDF2_LEVEL != 1000)
echo "pbkdf2_level=$PBKDF2_LEVEL\n"; echo "pbkdf2_level=$PBKDF2_LEVEL\n";
for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++) if ($db)
{ {
$statement->bindValue(":login", addslashes($_POST["k$i"])); $statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
$result = $statement->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
$result->finalize();
if (isset($row["password"]))
{
echo "matched_key=" . $i . "\n";
echo "pass=" . $row["password"] . "\n";
break;
}
}
$statement->close(); for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++)
{
$statement->bindValue(":login", addslashes($_POST["k$i"]));
$result = $statement->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
$result->finalize();
if (isset($row["password"]))
{
echo "matched_key=" . $i . "\n";
echo "pass=" . $row["password"] . "\n";
break;
}
}
$statement->close();
}
echo "<end>"; echo "<end>";

View File

@ -1,6 +1,6 @@
<?php <?php
/* /*
Copyright (C) 2013-2017 Grégory Soutadé Copyright (C) 2013-2019 Grégory Soutadé
This file is part of gPass. This file is part of gPass.
@ -241,18 +241,21 @@ function delete_entry($user, $login, $access_token)
} }
$result = $db->exec("DELETE FROM gpass WHERE login='" . $login . "'"); $result = $db->exec("DELETE FROM gpass WHERE login='" . $login . "'");
$db->close();
if (!$result) if (!$result)
{ {
echo "Error " . $db->lastErrorMsg(); echo "Error " . $db->lastErrorMsg();
return false; $ret = false;
} }
else else
{ {
echo "OK"; echo "OK";
return true; $ret = true;
} }
$db->close();
return $ret;
} }
function update_entry($user, $mkey, $old_login, $url, $login, $password, $shadow_login, $salt, $old_access_token, $new_access_token) function update_entry($user, $mkey, $old_login, $url, $login, $password, $shadow_login, $salt, $old_access_token, $new_access_token)

View File

@ -158,8 +158,8 @@ if ($user != "")
{ {
echo "<b>Add a new password</b><br/>\n"; echo "<b>Add a new password</b><br/>\n";
echo 'URL <input type="text" name="url"/>'; echo 'URL <input type="text" name="url" value="' . (filter_input(INPUT_GET, "url", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>';
echo 'login <input type="text" name="login" />'; echo 'login <input type="text" name="login" value="' . (filter_input(INPUT_GET, "user", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>';
echo 'password <input id="new_password" type="text" name="password"/>'; echo 'password <input id="new_password" type="text" name="password"/>';
echo 'master key <input type="text" name="mkey" onkeypress="if (event.keyCode == 13) add_password();" onkeyup="chkPass(this.value);"/>'; echo 'master key <input type="text" name="mkey" onkeypress="if (event.keyCode == 13) add_password();" onkeyup="chkPass(this.value);"/>';
echo '<input type="button" value="Generate password" onClick="generate_password();"/>'; echo '<input type="button" value="Generate password" onClick="generate_password();"/>';

View File

@ -145,7 +145,7 @@ var current_user = "";
var current_mkey = ""; var current_mkey = "";
var clearTimer = null; var clearTimer = null;
var global_iv = null; var global_iv = null;
var server_url = document.documentURI; var server_url = window.location.href.split('?')[0];
function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) { function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
this.ciphered_login = ciphered_login; this.ciphered_login = ciphered_login;