aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--captain/captain.f9025
-rw-r--r--captain/db.f9020
-rw-r--r--captain/web.f9011
3 files changed, 44 insertions, 12 deletions
diff --git a/captain/captain.f90 b/captain/captain.f90
index 46287d9..4d7b17f 100644
--- a/captain/captain.f90
+++ b/captain/captain.f90
@@ -123,6 +123,31 @@ contains
Print *, "Unverify: "//trim(option)//"X", verify_hash(trim(option)//"X", tmp)
stop
+ ! This option shouldn't be public, and it just verifies passwords
+ else if(trim(option) == "--verify") then
+
+ if(config_loaded) then
+ call initialize_db(database_filename)
+ i = i + 1
+ call get_command_argument(i, username)
+
+ i = i + 1
+ call get_command_argument(i, password)
+
+ if(validate_user_db(trim(username), trim(password))) then
+ Print *, "Password accepted!"
+ else
+ Print *, "REJECTED"
+ end if
+
+ else
+
+ Print *, "Please specify the configuration file first"
+
+ end if
+
+ stop
+
! This option also shouldn't be public, and it verifies that
! uuids can be generated
else if(trim(option) == "--uuid") then
diff --git a/captain/db.f90 b/captain/db.f90
index 7500b8a..29c5810 100644
--- a/captain/db.f90
+++ b/captain/db.f90
@@ -1477,27 +1477,23 @@ contains
function validate_user_db(username, password)
use config, only: app_salt
- use m_crypt, only: hash
+ use m_crypt, only: verify_hash
+ use logging
implicit none
character(len=*), intent(in)::username, password
logical::validate_user_db
- character(len=:), pointer::hashed_pass, db_hashed_pass
+ character(len=:), pointer::db_hashed_pass
validate_user_db = .FALSE.
+
+ db_hashed_pass => get_password_hash_pointer_db(username)
+ if(associated(db_hashed_pass)) then
- hashed_pass => hash(trim(password)//trim(app_salt))
- if(associated(hashed_pass)) then
- db_hashed_pass => get_password_hash_pointer_db(username)
- if(associated(db_hashed_pass)) then
+ validate_user_db = verify_hash(trim(password)//trim(app_salt), db_hashed_pass)
- validate_user_db = (hashed_pass == db_hashed_pass)
-
- deallocate(db_hashed_pass)
- end if
-
- deallocate(hashed_pass)
+ deallocate(db_hashed_pass)
end if
end function validate_user_db
diff --git a/captain/web.f90 b/captain/web.f90
index c3841c0..898551c 100644
--- a/captain/web.f90
+++ b/captain/web.f90
@@ -963,6 +963,10 @@ contains
else if(trim(req%location) == "/about.html") then
template_to_use = "about.html"
+
+ else if(trim(req%location) == "/login.html") then
+
+ template_to_use = "login.html"
else
@@ -1056,6 +1060,13 @@ contains
contents => generate_one_group_html(req)
call page%assign('contents', contents)
+ else if(trim(first) == "login.html") then
+
+ call page%assign('title', 'Login')
+ if(associated(req%q%get_value("failed"))) then
+ call page%assign('login_message', "Login Failed.")
+ end if
+
else
call page%assign('title', 'Not Found')