[quality] Minor security improvement

gbaudic · Nov 5, 2024 · e5a7e81 · e5a7e81
1 parent 2c5c9e1
commit e5a7e81
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/appveyor.yml b/appveyor.yml
@@ -12,7 +12,7 @@ install:
   - bash -lc "git clone https://github.com/gbaudic/guisan.git && pushd guisan && scons prefix=/mingw64 && scons install prefix=/mingw64 && popd"  
 
 build_script:
-  - bash -lc "cd $APPVEYOR_BUILD_FOLDER; export CC=gcc; export CXX=g++; cmake -DRESOURCE_PREFIX=../res -DENABLE_SERVER=ON . && cmake --build . && ctest" 
+  - bash -lc "cd $APPVEYOR_BUILD_FOLDER; export CC=gcc; export CXX=g++; cmake -DRESOURCE_PREFIX=./res -DENABLE_SERVER=ON . && cmake --build . && ctest" 
 
 matrix:
   fast_finish: true

diff --git a/src/chat.hpp b/src/chat.hpp
@@ -9,7 +9,7 @@
  * If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/.
  *
- * This Source Code Form is �Incompatible With Secondary Licenses�,
+ * This Source Code Form is "Incompatible With Secondary Licenses",
  * as defined by the Mozilla Public License, v. 2.0.
  */
 
@@ -25,6 +25,8 @@
 class ChatManager final : public gcn::ActionListener {
 public:
     explicit ChatManager(gcn::Container *topContainer);
+    ChatManager(const ChatManager& other) = delete;
+    ChatManager& operator =(const ChatManager& rhs) = delete;
     ~ChatManager();
     void addMessage(const std::string &sender, const std::string &message);
     void startConversation(const std::string &other);

diff --git a/src/server/database.cpp b/src/server/database.cpp
@@ -82,14 +82,14 @@ int Database::createUser(const std::string& name, const std::string& password) {
  * \brief Try to connect an existing user
  * \param name name for the user
  * \param password provided password for the user, cleartext for the moment
- * \return 0 if success, 1 wrong password, 2 unknown login. Other errors are not computed here. 
+ * \return 0 if success, 1 if login or password is wrong. Other errors are not computed here. 
  */
 int Database::connectUser(const std::string& name, const std::string& password) {
     sqlite3_stmt* stmt = nullptr;
     bool found = false;
     int code = -1;
 
-    int result = sqlite3_prepare_v2(db, "select name, password from USERS where name = :name", -1, &stmt, nullptr);
+    int result = sqlite3_prepare_v2(db, "select name, password, salt from USERS where name = :name", -1, &stmt, nullptr);
     if (result != SQLITE_OK) {
         SDL_LogError(SDL_LOG_CATEGORY_ERROR, "%s", sqlite3_errmsg(db));
         return code;
@@ -107,7 +107,7 @@ int Database::connectUser(const std::string& name, const std::string& password)
 
     if (!found) {
         // Login not found
-        code = 2;
+        code = 1;
     }
 
     sqlite3_finalize(stmt);
@@ -171,7 +171,7 @@ int Database::buyItem(const std::string& name, const int itemCode, ItemType type
     sqlite3_bind_int(stmt, sqlite3_bind_parameter_index(stmt, ":item"), itemCode);
     sqlite3_bind_int(stmt, sqlite3_bind_parameter_index(stmt, ":type"), static_cast<int>(type));
 
-    std::string duration = "+1";
+    std::string duration{"+1"};
     switch (validity) {
     case ItemValidity::ONE_DAY:
         duration += " day";
@@ -349,6 +349,7 @@ void Database::init() {
         "id integer primary key autoincrement, " \
         "name text unique not null, " \
         "password text, " \
+        "salt text," \
         "gold int default 0, " \
         "cash int default 0, " \
         "gp int default 1000, " \