diff options
Diffstat (limited to 'src/modules')
-rw-r--r-- | src/modules/extra/m_sql.cpp | 8 | ||||
-rw-r--r-- | src/modules/extra/m_sqlauth.cpp | 164 |
2 files changed, 166 insertions, 6 deletions
diff --git a/src/modules/extra/m_sql.cpp b/src/modules/extra/m_sql.cpp index 1b7862281..5d8eef332 100644 --- a/src/modules/extra/m_sql.cpp +++ b/src/modules/extra/m_sql.cpp @@ -70,9 +70,7 @@ class SQLConnection // multiple rows. bool QueryResult(std::string query) { - char escaped_query[query.length()+1]; - mysql_real_escape_string(&connection, escaped_query, query.c_str(), query.length()); - int r = mysql_query(&connection, escaped_query); + int r = mysql_query(&connection, query.c_str()); if (!r) { res = mysql_use_result(&connection); @@ -84,9 +82,7 @@ class SQLConnection // the number of effected rows is returned in the return value. unsigned long QueryCount(std::string query) { - char escaped_query[query.length()+1]; - mysql_real_escape_string(&connection, escaped_query, query.c_str(), query.length()); - int r = mysql_query(&connection, escaped_query); + int r = mysql_query(&connection, query.c_str()); if (!r) { res = mysql_store_result(&connection); diff --git a/src/modules/extra/m_sqlauth.cpp b/src/modules/extra/m_sqlauth.cpp new file mode 100644 index 000000000..71eb2b9bc --- /dev/null +++ b/src/modules/extra/m_sqlauth.cpp @@ -0,0 +1,164 @@ +/* +------------------------------------+ + * | Inspire Internet Relay Chat Daemon | + * +------------------------------------+ + * + * Inspire is copyright (C) 2002-2004 ChatSpike-Dev. + * E-mail: + * <brain@chatspike.net> + * <Craig@chatspike.net> + * + * Written by Craig Edwards, Craig McLure, and others. + * This program is free but copyrighted software; see + * the file COPYING for details. + * + * --------------------------------------------------- + */ + +#include <stdio.h> +#include <string> +#include <stdlib.h> +#include <time.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/time.h> +#include <string.h> +#include <unistd.h> +#include <errno.h> +#include <fcntl.h> +#include <poll.h> +#include "users.h" +#include "channels.h" +#include "modules.h" +#include "inspircd.h" +#include "m_sql.h" + +/* $ModDesc: An SQL test module */ + +Server *Srv; + +class ModuleSQLAuth : public Module +{ + ConfigReader* Conf; + std::string usertable; + unsigned long dbid; + Module* SQLModule; + + public: + bool ReadConfig() + { + Conf = new ConfigReader(); + usertable = Conf->ReadValue("sqlauth","usertable",0); + dbid = Conf->ReadInteger("sqlauth","dbid",0,true); + delete Conf; + SQLModule = Srv->FindModule("m_sql.so"); + return (SQLModule); + } + + ModuleSQLAuth() + { + Srv = new Server; + ReadConfig(); + } + + virtual void OnRehash() + { + ReadConfig(); + } + + bool CheckCredentials(std::string username, std::string password,std::string usertable) + { + bool found = false; + + // is the sql module loaded? If not, we don't attempt to do anything. + if (!SQLModule) + return false; + + // Create a request containing the SQL query and send it to m_sql.so + SQLRequest* query = new SQLRequest(SQL_RESULT,1,"SELECT * FROM "+usertable+" WHERE user='"+username+"' AND pass=md5('"+password+"')"); + Request queryrequest((char*)query, this, SQLModule); + SQLResult* result = (SQLResult*)queryrequest.Send(); + + // Did we get "OK" as a result? + if (result->GetType() == SQL_OK) + { + + // if we did, this means we may now request a row... there should be only one row for each user, so, + // we don't need to loop to fetch multiple rows. + SQLRequest* rowrequest = new SQLRequest(SQL_ROW,1,""); + Request rowquery((char*)rowrequest, this, SQLModule); + SQLResult* rowresult = (SQLResult*)rowquery.Send(); + + // did we get a row? If we did, we can now do something with the fields + if (rowresult->GetType() == SQL_ROW) + { + Srv->Log(DEBUG,"*********** SQL TEST MODULE - RESULTS *************"); + Srv->Log(DEBUG,"Result, field 'qcount': '" + rowrequest->GetField("qcount")); + Srv->Log(DEBUG,"Result, field 'asked': '" + rowrequest->GetField("asked")); + found = true; + delete rowresult; + } + else + { + // we didn't have a row. + found = false; + } + delete rowrequest; + delete result; + } + else + { + // the query was bad + found = false; + } + query->SetQueryType(SQL_DONE); + query->SetConnID(1); + Request donerequest((char*)query, this, SQLModule); + donerequest.Send(); + delete query; + return found; + } + + virtual bool OnCheckReady(userrec* user) + { + } + + virtual void OnUserDisconnect(userrec* user) + { + } + + virtual ~ModuleSQLAuth() + { + delete Srv; + } + + virtual Version GetVersion() + { + return Version(1,0,0,1,VF_VENDOR); + } + +}; + +class ModuleSQLAuthFactory : public ModuleFactory +{ + public: + ModuleSQLAuthFactory() + { + } + + ~ModuleSQLAuthFactory() + { + } + + virtual Module * CreateModule() + { + return new ModuleSQLAuth; + } + +}; + + +extern "C" void * init_module( void ) +{ + return new ModuleSQLAuthFactory; +} + |