Forssim

Merge lp:~forsslundsystems/forssim/newhashOpenSSL into lp:forssim

  1. newhashOpenSSL
  2. Merge into development
Proposed by parhe
Status: Merged
Merged at revision: not available
Proposed branch: lp:~forsslundsystems/forssim/newhashOpenSSL
Merge into: lp:forssim
Diff against target: None lines
To merge this branch: bzr merge lp:~forsslundsystems/forssim/newhashOpenSSL
Reviewer Review Type Date Requested Status
Forsslund Systems Pending
Review via email: mp+8739@code.launchpad.net
To post a comment you must log in.
Revision history for this message
parhe (par-hellstrom) wrote :

Removed the home made hash and replaced it with the standard openSSL library routines.
Now user name and password are concatenated and then hashed the resulting hash hex string are then used as user name and password for the database. Proper updates has been made of the web implementation.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'FsWisdom/ApplicationNode.cpp'
2--- FsWisdom/ApplicationNode.cpp 2009-07-10 08:58:08 +0000
3+++ FsWisdom/ApplicationNode.cpp 2009-07-13 16:14:21 +0000
4@@ -209,23 +209,27 @@
5 selectCaseWindow->close();
6 }
7
8-int ApplicationNode::hashUsername(QString original)
9+QString ApplicationNode::hashUsername(QString original)
10 {
11- string cr = original.toStdString();
12- int b = 378551; //Random Ranges I've chosen (can be modified)
13- int a = 63689;
14- int hash = 0; //Output hash
15- int i; //Temp number that scrolls through the string array
16-
17- for(i = 0; i < cr.length(); i++) //Loop to convert each character
18- {
19- hash = hash * a + cr[i]; //Algorithm that hashs
20- a = a * b;
21- }
22-
23- return (hash & 0x7FFFFFFF); //Returns the hashed string
24+ string cr;
25+
26+ cr = original.toStdString();
27+
28+ unsigned char buf[MD5_DIGEST_LENGTH];
29+
30+ MD5((unsigned char *)cr.c_str(), cr.length(), buf);
31+
32+ std::ostringstream stm;
33+
34+ for (int i=0;i<MD5_DIGEST_LENGTH;i++)
35+ stm << hex << setfill('0') << setw(2) << nouppercase << (unsigned short)buf[i];
36+
37+
38+ return QString::fromStdString(stm.str());
39 }
40
41+
42+
43 void ApplicationNode::RegisterUser(QString username, QString password)
44 {
45 this->setOverrideCursor(QCursor(Qt::WaitCursor));
46@@ -234,10 +238,12 @@
47 this->password = password;
48
49 cout << "username: " << username.toStdString() << endl;
50- int temp = hashUsername(username);
51- QString hashUsername = QString::number(temp,10);
52- hashUsername.insert(0,"u");
53+ QString temp = hashUsername(username+password);
54+ QString hashUsername = temp.left(16);
55+ QString hashPassword = temp.right(16);
56+
57 cout << "Hashed Username: " << hashUsername.toStdString() << endl;
58+ cout << "Hashed password: " << hashPassword.toStdString() << endl;
59
60 /* Maybe need to connect to database and make a query instead. It could be other problems than
61 * incorrect user name and password.
62@@ -245,7 +251,7 @@
63 forsDatabase.setHostName(databaseIP);
64 forsDatabase.setDatabaseName(databaseName);
65 forsDatabase.setUserName(hashUsername);
66- forsDatabase.setPassword(password);
67+ forsDatabase.setPassword(hashPassword);
68 if(!forsDatabase.open())
69 {
70 throw ApplicationNodeException("Please check username and password.");
71
72=== modified file 'FsWisdom/ApplicationNode.h'
73--- FsWisdom/ApplicationNode.h 2009-07-07 16:00:07 +0000
74+++ FsWisdom/ApplicationNode.h 2009-07-13 16:14:21 +0000
75@@ -37,6 +37,14 @@
76
77 #include <stdexcept>
78 #include <time.h>
79+#include <openssl/md5.h>
80+#include <iostream>
81+#include <string.h>
82+#include <stdlib.h>
83+#include <iomanip>
84+#include <ios>
85+#include <sstream>
86+
87
88
89 #include "../src/VolumeModel.h"
90@@ -88,7 +96,7 @@
91 * MySQL can only handle 16 character username. Therefore we generate a hashed
92 * username from user-email to be used in mySQL.
93 */
94- int hashUsername(QString cr);
95+ QString hashUsername(QString original);
96
97 /**
98 * Registers a User. This involves creating their logging directory if it doesn't already exist.

Subscribers

People subscribed via source and target branches

to all changes: