- SQLrequest req = SQLreq(this, target, databaseid, "SELECT username, password, hostname, type FROM ircd_opers WHERE username = '?' AND password=md5('?')", username, password);
+ hashymodules::iterator x = hashers.find(hashtype);
+ if (x == hashers.end())
+ return false;
+
+ /* Reset hash module first back to MD5 standard state */
+ HashResetRequest(this, x->second).Send();
+ /* Make an MD5 hash of the password for using in the query */
+ std::string md5_pass_hash = HashSumRequest(this, x->second, password.c_str()).Send();
+
+ /* We generate our own sum here because some database providers (e.g. SQLite) dont have a builtin md5/sha256 function,
+ * also hashing it in the module and only passing a remote query containing a hash is more secure.
+ */
+ SQLrequest req = SQLrequest(this, target, databaseid,
+ SQLquery("SELECT username, password, hostname, type FROM ircd_opers WHERE username = '?' AND password='?'") % username % md5_pass_hash);