Update server:
* Check that $db variable is OK before processing database requests * Don't close $db before calling lastErrorMsg() * Add support for user & url parameters from gPass popup
This commit is contained in:
Gregory Soutade
parent
6f1e2a814d
commit
9d528aeaa0
37
server/_user
37
server/_user
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
/*
|
||||
Copyright (C) 2013-2015 Grégory Soutadé
|
||||
Copyright (C) 2013-2020 Grégory Soutadé
|
||||
|
||||
This file is part of gPass.
|
||||
|
||||
|
|
@ -63,29 +63,30 @@ $PROTOCOL_VERSION = 4;
|
|||
|
||||
$db = load_database();
|
||||
|
||||
$res = "";
|
||||
|
||||
$statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
|
||||
|
||||
echo "protocol=gpass-$PROTOCOL_VERSION\n";
|
||||
if ($PBKDF2_LEVEL != 1000)
|
||||
echo "pbkdf2_level=$PBKDF2_LEVEL\n";
|
||||
|
||||
for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++)
|
||||
if ($db)
|
||||
{
|
||||
$statement->bindValue(":login", addslashes($_POST["k$i"]));
|
||||
$result = $statement->execute();
|
||||
$row = $result->fetchArray(SQLITE3_ASSOC);
|
||||
$result->finalize();
|
||||
if (isset($row["password"]))
|
||||
{
|
||||
echo "matched_key=" . $i . "\n";
|
||||
echo "pass=" . $row["password"] . "\n";
|
||||
break;
|
||||
}
|
||||
}
|
||||
$statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
|
||||
|
||||
$statement->close();
|
||||
for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++)
|
||||
{
|
||||
$statement->bindValue(":login", addslashes($_POST["k$i"]));
|
||||
$result = $statement->execute();
|
||||
$row = $result->fetchArray(SQLITE3_ASSOC);
|
||||
$result->finalize();
|
||||
if (isset($row["password"]))
|
||||
{
|
||||
echo "matched_key=" . $i . "\n";
|
||||
echo "pass=" . $row["password"] . "\n";
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$statement->close();
|
||||
}
|
||||
|
||||
echo "<end>";
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
/*
|
||||
Copyright (C) 2013-2017 Grégory Soutadé
|
||||
Copyright (C) 2013-2019 Grégory Soutadé
|
||||
|
||||
This file is part of gPass.
|
||||
|
||||
|
|
@ -241,18 +241,21 @@ function delete_entry($user, $login, $access_token)
|
|||
}
|
||||
|
||||
$result = $db->exec("DELETE FROM gpass WHERE login='" . $login . "'");
|
||||
$db->close();
|
||||
|
||||
if (!$result)
|
||||
{
|
||||
echo "Error " . $db->lastErrorMsg();
|
||||
return false;
|
||||
$ret = false;
|
||||
}
|
||||
else
|
||||
{
|
||||
echo "OK";
|
||||
return true;
|
||||
$ret = true;
|
||||
}
|
||||
|
||||
|
||||
$db->close();
|
||||
return $ret;
|
||||
}
|
||||
|
||||
function update_entry($user, $mkey, $old_login, $url, $login, $password, $shadow_login, $salt, $old_access_token, $new_access_token)
|
||||
|
|
|
|||
|
|
@ -158,8 +158,8 @@ if ($user != "")
|
|||
{
|
||||
echo "<b>Add a new password</b><br/>\n";
|
||||
|
||||
echo 'URL <input type="text" name="url"/>';
|
||||
echo 'login <input type="text" name="login" />';
|
||||
echo 'URL <input type="text" name="url" value="' . (filter_input(INPUT_GET, "url", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>';
|
||||
echo 'login <input type="text" name="login" value="' . (filter_input(INPUT_GET, "user", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>';
|
||||
echo 'password <input id="new_password" type="text" name="password"/>';
|
||||
echo 'master key <input type="text" name="mkey" onkeypress="if (event.keyCode == 13) add_password();" onkeyup="chkPass(this.value);"/>';
|
||||
echo '<input type="button" value="Generate password" onClick="generate_password();"/>';
|
||||
|
|
|
|||
|
|
@ -145,7 +145,7 @@ var current_user = "";
|
|||
var current_mkey = "";
|
||||
var clearTimer = null;
|
||||
var global_iv = null;
|
||||
var server_url = document.documentURI;
|
||||
var server_url = window.location.href.split('?')[0];
|
||||
|
||||
function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
|
||||
this.ciphered_login = ciphered_login;
|
||||
|
|
|
|||
Loading…
Reference in New Issue