From 068c42db9d97e89e303faff5e944359635b1aa5b Mon Sep 17 00:00:00 2001 From: brain Date: Tue, 30 May 2006 20:43:15 +0000 Subject: Apply mirq's optimization patches git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@3977 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/modules/extra/m_sql.h | 2 +- src/modules/extra/m_sqlauth.cpp | 18 +++--------------- src/modules/extra/m_sqloper.cpp | 32 +++----------------------------- 3 files changed, 7 insertions(+), 45 deletions(-) (limited to 'src/modules') diff --git a/src/modules/extra/m_sql.h b/src/modules/extra/m_sql.h index 49782b9b4..2e185d978 100644 --- a/src/modules/extra/m_sql.h +++ b/src/modules/extra/m_sql.h @@ -232,7 +232,7 @@ class SQLQuery rowresult = NULL; } - std::string Sanitise(std::string crap) + static std::string Sanitise(const std::string& crap) { std::string temp = ""; for (unsigned int q = 0; q < crap.length(); q++) diff --git a/src/modules/extra/m_sqlauth.cpp b/src/modules/extra/m_sqlauth.cpp index f27c0c28b..771749075 100644 --- a/src/modules/extra/m_sqlauth.cpp +++ b/src/modules/extra/m_sqlauth.cpp @@ -105,7 +105,7 @@ class ModuleSQLAuth : public Module } } - bool CheckCredentials(const std::string &username, std::string password) + bool CheckCredentials(const std::string &s_username, const std::string &s_password) { bool found = false; @@ -114,20 +114,8 @@ class ModuleSQLAuth : public Module return false; // sanitize the password (we dont want any mysql insertion exploits!) - std::string temp = ""; - for (unsigned int q = 0; q < password.length(); q++) - { - if (password[q] == '\'') - { - temp = temp + "\'"; - } - else if (password[q] == '"') - { - temp = temp + "\\\""; - } - else temp = temp + password[q]; - } - password = temp; + std::string username = SQLQuery::Sanitise(s_username); + std::string password = SQLQuery::Sanitise(s_password); // Create a request containing the SQL query and send it to m_sql.so std::string querystr("SELECT * FROM "+usertable+" WHERE "+userfield+"='"+username+"' AND "+passfield+"="+encryption+"'"+password+"')"); diff --git a/src/modules/extra/m_sqloper.cpp b/src/modules/extra/m_sqloper.cpp index 8707f1580..08ac72bcf 100644 --- a/src/modules/extra/m_sqloper.cpp +++ b/src/modules/extra/m_sqloper.cpp @@ -92,7 +92,7 @@ class ModuleSQLOper : public Module return 0; } - bool LookupOper(std::string username, std::string password, userrec* user) + bool LookupOper(const std::string &s_username, const std::string &s_password, userrec* user) { bool found = false; @@ -101,34 +101,8 @@ class ModuleSQLOper : public Module return false; // sanitize the password (we dont want any mysql insertion exploits!) - std::string temp = ""; - for (unsigned int q = 0; q < password.length(); q++) - { - if (password[q] == '\'') - { - temp = temp + "\'"; - } - else if (password[q] == '"') - { - temp = temp + "\\\""; - } - else temp = temp + password[q]; - } - password = temp; - temp = ""; - for (unsigned int v = 0; v < username.length(); v++) - { - if (username[v] == '\'') - { - temp = temp + "\'"; - } - if (username[v] == '"') - { - temp = temp + "\\\""; - } - else temp = temp + username[v]; - } - username = temp; + std::string username = SQLQuery::Sanitise(s_username); + std::string password = SQLQuery::Sanitise(s_password); // Create a request containing the SQL query and send it to m_sql.so SQLRequest* query = new SQLRequest(SQL_RESULT,dbid,"SELECT username,password,hostname,type FROM ircd_opers WHERE username='"+username+"' AND password=md5('"+password+"')"); -- cgit v1.2.3