mirror of
https://github.com/mt-mods/playerfactions.git
synced 2025-01-09 06:07:33 +01:00
Store hashes of passwords
cleartext password storage is bad practice.
This commit is contained in:
parent
755a780122
commit
b864fcafe1
43
init.lua
43
init.lua
@ -20,12 +20,6 @@ local storage = minetest.get_mod_storage()
|
|||||||
if storage:get_string("facts") ~= "" then
|
if storage:get_string("facts") ~= "" then
|
||||||
facts = minetest.deserialize(storage:get_string("facts"))
|
facts = minetest.deserialize(storage:get_string("facts"))
|
||||||
end
|
end
|
||||||
-- Fix factions
|
|
||||||
for _, fact in pairs(facts) do
|
|
||||||
if fact.members == nil then
|
|
||||||
fact.members = {}
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
factions.mode_unique_faction = minetest.settings:get_bool("player_factions.mode_unique_faction", true)
|
factions.mode_unique_faction = minetest.settings:get_bool("player_factions.mode_unique_faction", true)
|
||||||
factions.max_members_list = tonumber(minetest.settings:get("player_factions.max_members_list")) or 50
|
factions.max_members_list = tonumber(minetest.settings:get("player_factions.max_members_list")) or 50
|
||||||
@ -140,7 +134,7 @@ function factions.register_faction(fname, founder, pw)
|
|||||||
facts[fname] = {
|
facts[fname] = {
|
||||||
name = fname,
|
name = fname,
|
||||||
owner = founder,
|
owner = founder,
|
||||||
password = pw,
|
password256 = factions.hash_password(pw),
|
||||||
members = {[founder] = true}
|
members = {[founder] = true}
|
||||||
}
|
}
|
||||||
save_factions()
|
save_factions()
|
||||||
@ -156,6 +150,17 @@ function factions.disband_faction(fname)
|
|||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
function factions.hash_password(password)
|
||||||
|
return minetest.sha256(password)
|
||||||
|
end
|
||||||
|
|
||||||
|
function factions.valid_password(fname, password)
|
||||||
|
if not facts[fname] then
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
return factions.hash_password(password) == facts[fname].password256
|
||||||
|
end
|
||||||
|
|
||||||
function factions.get_password(fname)
|
function factions.get_password(fname)
|
||||||
if facts[fname] == nil then
|
if facts[fname] == nil then
|
||||||
return false
|
return false
|
||||||
@ -167,7 +172,7 @@ function factions.set_password(fname, password)
|
|||||||
if facts[fname] == nil then
|
if facts[fname] == nil then
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
facts[fname].password = password
|
facts[fname].password256 = factions.hash_password(password)
|
||||||
save_factions()
|
save_factions()
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
@ -243,7 +248,7 @@ local function handle_command(name, param)
|
|||||||
elseif name ~= factions.get_owner(faction_name) and not minetest.get_player_privs(name)[factions.priv] then
|
elseif name ~= factions.get_owner(faction_name) and not minetest.get_player_privs(name)[factions.priv] then
|
||||||
return false, S("Permission denied: You are not the owner of this faction, " ..
|
return false, S("Permission denied: You are not the owner of this faction, " ..
|
||||||
"and don't have the playerfactions_admin privilege.")
|
"and don't have the playerfactions_admin privilege.")
|
||||||
elseif password ~= factions.get_password(faction_name) then
|
elseif not factions.valid_password(faction_name, password) then
|
||||||
return false, S("Permission denied: Wrong password.")
|
return false, S("Permission denied: Wrong password.")
|
||||||
else
|
else
|
||||||
factions.disband_faction(faction_name)
|
factions.disband_faction(faction_name)
|
||||||
@ -344,7 +349,7 @@ local function handle_command(name, param)
|
|||||||
return false, S("Missing faction name.")
|
return false, S("Missing faction name.")
|
||||||
elseif facts[faction_name] == nil then
|
elseif facts[faction_name] == nil then
|
||||||
return false, S("The faction @1 doesn't exist.", faction_name)
|
return false, S("The faction @1 doesn't exist.", faction_name)
|
||||||
elseif factions.get_password(faction_name) ~= password then
|
elseif not factions.valid_password(faction_name, password) then
|
||||||
return false, S("Permission denied: Wrong password.")
|
return false, S("Permission denied: Wrong password.")
|
||||||
else
|
else
|
||||||
if factions.join_faction(faction_name, name) then
|
if factions.join_faction(faction_name, name) then
|
||||||
@ -488,7 +493,7 @@ local function handle_command(name, param)
|
|||||||
"and don't have the playerfactions_admin privilege.")
|
"and don't have the playerfactions_admin privilege.")
|
||||||
elseif not facts[faction_name].members[target] then
|
elseif not facts[faction_name].members[target] then
|
||||||
return false, S("@1 isn't in your faction.", target)
|
return false, S("@1 isn't in your faction.", target)
|
||||||
elseif password ~= factions.get_password(faction_name) then
|
elseif not factions.valid_password(faction_name, password) then
|
||||||
return false, S("Permission denied: Wrong password.")
|
return false, S("Permission denied: Wrong password.")
|
||||||
else
|
else
|
||||||
if factions.chown(faction_name, target) then
|
if factions.chown(faction_name, target) then
|
||||||
@ -543,3 +548,19 @@ minetest.register_chatcommand("factions", {
|
|||||||
privs = {},
|
privs = {},
|
||||||
func = handle_command
|
func = handle_command
|
||||||
})
|
})
|
||||||
|
|
||||||
|
-- Fix factions
|
||||||
|
local save_needed = false
|
||||||
|
for _, fact in pairs(facts) do
|
||||||
|
if not fact.members then
|
||||||
|
fact.members = {}
|
||||||
|
end
|
||||||
|
if fact.password then
|
||||||
|
fact.password256 = factions.hash_password(fact.password)
|
||||||
|
fact.password = nil
|
||||||
|
save_needed = true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
if save_needed then
|
||||||
|
save_factions()
|
||||||
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user