krombel/matrix-register-bot
1
0
Fork 0
Code Issues 4 Pull Requests Releases Activity

complete (insecure) password fetching on registration

Browse Source
This commit is contained in:
Matthias
2018-05-27 13:00:48 +02:00
parent 083c848347
commit a8903dcf9a
8 changed files with 38 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
database.php
View File

@@ -78,7 +78,7 @@ class mxDatabase {
first_name TEXT,
last_name TEXT,
username TEXT,
password_hash TEXT DEFAULT '',
password TEXT DEFAULT '',
note TEXT,
email TEXT,
verify_token TEXT,
@@ -184,7 +184,7 @@ class mxDatabase {
*
* @return ["verify_token"]
*/
function addRegistration($first_name, $last_name, $username, $note, $email) {
function addRegistration($first_name, $last_name, $username, $password, $note, $email) {
if ($this->userPendingRegistrations($username)) {
throw new Exception("USERNAME_PENDING_REGISTRATION");
}
@@ -196,8 +196,9 @@ class mxDatabase {
$admin_token = bin2hex(random_bytes(16));
$this->db->exec("INSERT INTO registrations
(first_name, last_name, username, note, email, verify_token, admin_token)
VALUES ('" . $first_name . "','" . $last_name . "','" . $username . "','" . $note . "','"
(first_name, last_name, username, password, note, email, verify_token, admin_token)
VALUES ('" . $first_name . "','" . $last_name . "','"
. $username . "','" . $password . "','" . $note . "','"
. $email . "','" . $verify_token . "','" . $admin_token . "')");
return [
@@ -217,7 +218,7 @@ class mxDatabase {
$res = $this->db->query($sql);
if ($res->fetchColumn() > 0) {
$sql = "SELECT first_name, last_name, username, note, email FROM registrations"
$sql = "SELECT first_name, last_name, username, password, note, email FROM registrations"
. " WHERE admin_token = '" . $admin_token . "'"
. " AND state = " . RegisterState::PendingAdminVerify
. " LIMIT 1;";