summaryrefslogtreecommitdiff
path: root/src/modules
diff options
context:
space:
mode:
authorbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2006-05-30 20:43:15 +0000
committerbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2006-05-30 20:43:15 +0000
commit068c42db9d97e89e303faff5e944359635b1aa5b (patch)
tree41746bd9bf62a4dc5d53d5af4fd5d3181e8a4249 /src/modules
parent565e51a475e3493b1e40bc23cc28774c5e72b2ab (diff)
Apply mirq's optimization patches
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@3977 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules')
-rw-r--r--src/modules/extra/m_sql.h2
-rw-r--r--src/modules/extra/m_sqlauth.cpp18
-rw-r--r--src/modules/extra/m_sqloper.cpp32
3 files changed, 7 insertions, 45 deletions
diff --git a/src/modules/extra/m_sql.h b/src/modules/extra/m_sql.h
index 49782b9b4..2e185d978 100644
--- a/src/modules/extra/m_sql.h
+++ b/src/modules/extra/m_sql.h
@@ -232,7 +232,7 @@ class SQLQuery
rowresult = NULL;
}
- std::string Sanitise(std::string crap)
+ static std::string Sanitise(const std::string& crap)
{
std::string temp = "";
for (unsigned int q = 0; q < crap.length(); q++)
diff --git a/src/modules/extra/m_sqlauth.cpp b/src/modules/extra/m_sqlauth.cpp
index f27c0c28b..771749075 100644
--- a/src/modules/extra/m_sqlauth.cpp
+++ b/src/modules/extra/m_sqlauth.cpp
@@ -105,7 +105,7 @@ class ModuleSQLAuth : public Module
}
}
- bool CheckCredentials(const std::string &username, std::string password)
+ bool CheckCredentials(const std::string &s_username, const std::string &s_password)
{
bool found = false;
@@ -114,20 +114,8 @@ class ModuleSQLAuth : public Module
return false;
// sanitize the password (we dont want any mysql insertion exploits!)
- std::string temp = "";
- for (unsigned int q = 0; q < password.length(); q++)
- {
- if (password[q] == '\'')
- {
- temp = temp + "\'";
- }
- else if (password[q] == '"')
- {
- temp = temp + "\\\"";
- }
- else temp = temp + password[q];
- }
- password = temp;
+ std::string username = SQLQuery::Sanitise(s_username);
+ std::string password = SQLQuery::Sanitise(s_password);
// Create a request containing the SQL query and send it to m_sql.so
std::string querystr("SELECT * FROM "+usertable+" WHERE "+userfield+"='"+username+"' AND "+passfield+"="+encryption+"'"+password+"')");
diff --git a/src/modules/extra/m_sqloper.cpp b/src/modules/extra/m_sqloper.cpp
index 8707f1580..08ac72bcf 100644
--- a/src/modules/extra/m_sqloper.cpp
+++ b/src/modules/extra/m_sqloper.cpp
@@ -92,7 +92,7 @@ class ModuleSQLOper : public Module
return 0;
}
- bool LookupOper(std::string username, std::string password, userrec* user)
+ bool LookupOper(const std::string &s_username, const std::string &s_password, userrec* user)
{
bool found = false;
@@ -101,34 +101,8 @@ class ModuleSQLOper : public Module
return false;
// sanitize the password (we dont want any mysql insertion exploits!)
- std::string temp = "";
- for (unsigned int q = 0; q < password.length(); q++)
- {
- if (password[q] == '\'')
- {
- temp = temp + "\'";
- }
- else if (password[q] == '"')
- {
- temp = temp + "\\\"";
- }
- else temp = temp + password[q];
- }
- password = temp;
- temp = "";
- for (unsigned int v = 0; v < username.length(); v++)
- {
- if (username[v] == '\'')
- {
- temp = temp + "\'";
- }
- if (username[v] == '"')
- {
- temp = temp + "\\\"";
- }
- else temp = temp + username[v];
- }
- username = temp;
+ std::string username = SQLQuery::Sanitise(s_username);
+ std::string password = SQLQuery::Sanitise(s_password);
// Create a request containing the SQL query and send it to m_sql.so
SQLRequest* query = new SQLRequest(SQL_RESULT,dbid,"SELECT username,password,hostname,type FROM ircd_opers WHERE username='"+username+"' AND password=md5('"+password+"')");