WebSVN – RepoView – Diff – /trunk/CGI/db/sqlite.c

-/* $Id: sqlite.c 3 2024-08-20 21:05:24Z nishi $ */
+/* $Id: sqlite.c 5 2024-08-20 22:43:56Z nishi $ */
 #include "rv_db.h"
 #include "../../config.h"
 #include "rv_util.h"
+#include "rv_sha512.h"
 #include <sqlite3.h>
+#include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdbool.h>
 sqlite3* sql;
 void rv_close_db(void) { sqlite3_close(sql); }
 int count = 0;
+struct user {
+	char* username;
+	char* password;
+	bool valid;
+};
 int sqlcount(void* param, int ncol, char** row, char** col) {
 	count = ncol;
-	fprintf(stderr, "%d\n", ncol);
 	return 0;
+}
+int sqlgetpasswd(void* param, int ncol, char** row, char** col) {
+	struct user* user = (struct user*)param;
+	if(strcmp(row[0], user->username) == 0) {
+		char* hash = rv_sha512(user->password);
+		if(strcmp(row[1], hash) == 0) {
+			user->valid = true;
+		}
+		free(hash);
+	}
+	return 0;
+}
-bool rv_has_user(const char* username) {
+char* escape_sql(const char* input) {
+	char* query = malloc(1);
-	char* err;
+	query[0] = 0;
 	char cbuf[2];
 	cbuf[1] = 0;
-	char* query = rv_strdup("select * from users where user = '");
 	int i;
-	for(i = 0; username[i] != 0; i++) {
+	for(i = 0; input[i] != 0; i++) {
-		if(username[i] == '\'') {
+		if(input[i] == '\'') {
-			cbuf[0] = username[i];
+			cbuf[0] = input[i];
 			char* tmp = query;
 			tmp = rv_strcat(tmp, cbuf);
 			free(tmp);
-			cbuf[0] = username[i];
+			cbuf[0] = input[i];
 			tmp = query;
 			query = rv_strcat(tmp, cbuf);
 			free(tmp);
 		} else {
-			cbuf[0] = username[i];
+			cbuf[0] = input[i];
 			char* tmp = query;
 			query = rv_strcat(tmp, cbuf);
 			free(tmp);
+		}
+	}
-	char* tmp = query;
+	return query;
+}
+bool rv_check_password(const char* username, const char* password) {
+	char* err;
+	int ret;
+	struct user user;
+	user.username = (char*)username;
+	user.password = (char*)password;
+	user.valid = false;
+	char* esc = escape_sql(username);
+	char* query = rv_strcat3("select * from users where user = '", esc, "'");
+	free(esc);
+	ret = sqlite3_exec(sql, query, sqlgetpasswd, (void*)&user, &err);
+	if(ret != SQLITE_OK) {
+		sqlite3_free(err);
+	}
+	return user.valid;
+}
+void rv_save_token(const char* username, const char* token) {
+	char* err;
+	int ret;
+	char* esc = escape_sql(username);
+	char* tmp = rv_strcat3("insert into tokens values('", esc, "', '");
-	query = rv_strcat(tmp, "'");
+	char* query = rv_strcat3(tmp, token, "')");
 	free(tmp);
+	free(esc);
+	ret = sqlite3_exec(sql, query, NULL, NULL, &err);
+	free(query);
+	if(ret != SQLITE_OK) {
+		sqlite3_free(err);
+	}
+}
+char* has_username;
+int sqlget(void* param, int ncol, char** row, char** col) {
+	has_username = rv_strdup(row[0]);
+	return 0;
+}
+char* rv_who_has_token(const char* token) {
+	char* err;
+	char cbuf[2];
+	cbuf[1] = 0;
+	count = 0;
+	char* query = rv_strcat3("select * from tokens where token = '", token, "'");
+	int ret;
+	has_username = NULL;
+	ret = sqlite3_exec(sql, query, sqlget, (void*)token, &err);
+	free(query);
+	if(ret != SQLITE_OK) {
+		sqlite3_free(err);
+		return NULL;
+	}
+	return has_username;
+}
+bool rv_has_token(const char* token) {
+	char* err;
+	char cbuf[2];
+	cbuf[1] = 0;
+	count = 0;
+	char* query = rv_strcat3("select * from tokens where token = '", token, "'");
+	int ret;
+	ret = sqlite3_exec(sql, query, sqlcount, NULL, &err);
+	free(query);
+	if(ret != SQLITE_OK) {
+		sqlite3_free(err);
+	}
+	return count > 0;
+}
+bool rv_has_user(const char* username) {
+	char* err;
+	char cbuf[2];
+	cbuf[1] = 0;
+	count = 0;
+	char* esc = escape_sql(username);
+	char* query = rv_strcat3("select * from users where user = '", esc, "'");
+	free(esc);
 	int ret;
-	fprintf(stderr, "%s\n", query);
 	ret = sqlite3_exec(sql, query, sqlcount, NULL, &err);
 	free(query);
 	if(ret != SQLITE_OK) {
 		sqlite3_free(err);
+	}

Subversion Repositories RepoView

(root)/trunk/CGI/db/sqlite.c – Rev 3 → 5