[SithNet--Patches] gnuworld/mod.cservice ADDUSERIDCommand.cc,NONE,1.1

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/sithnet-dev/gnuworld/mod.cservice
In directory sc8-pr-cvs1:/tmp/cvs-serv26788

Added Files:
	ADDUSERIDCommand.cc 
Log Message:
Addition of OUTsider's ADDUSERIDCommand.cc to the repository

--- NEW FILE: ADDUSERIDCommand.cc ---
/* ADDUSERIDCommand.cc
 * Adds a user to the database, usefull should pages not be available or obsolete
 */

#include        <string>
#include        <iomanip.h>

#include        "md5hash.h"
#include        "StringTokenizer.h"
#include        "ELog.h"
#include        "cservice.h"
#include        "responses.h"
#include        "networkData.h"
#include	"levels.h"
#include        "libpq++.h"
#include        "responses.h"
#include        "Network.h"


const char ADDUSERIDCommand_cc_rcsId[] = "$Id: ADDUSERIDCommand.cc,v 1.1 2003/06/30 19:48:56 darthsidious_ Exp $" ;

namespace gnuworld
{

using namespace gnuworld;

bool ADDUSERIDCommand::Exec( iClient* theClient, const string& Message )
{

        const char validChars[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.$*_";

        StringTokenizer st( Message ) ;
        if( st.size() < 4 )
        {
                Usage(theClient);
                return true;
        }


        /*
         *  Fetch the sqlUser record attached to this client. If there isn't one,
         *  they aren't logged in - tell them they should be.
         */

        sqlUser* theUser = bot->isAuthed(theClient, true);
        if (!theUser) return false;


        /*
         *  Check Command access
         */
        int level = bot->getAdminAccessLevel(theUser);
        if (level < level::adduserid)
        {
                bot->Notice(theClient,
                        bot->getResponse(theUser,
                                language::insuf_access,
                                string("You have insufficient access to perform that command.")));
                return false;
        }

        /*
         *  User exists?! Bail out, we don't want clones!
         */        
	sqlUser* Target = bot->getUserRecord(st[1]);
	if(Target)
        {
        bot->Notice(theClient, "Sorry, %s is already present in the database" ,st[1].c_str());
        return false;
        }
        
        /* Try and stop people using an invalid syntax.. */
        if (string_lower(st[1]) == string_lower(st[2]) )
        {
        bot->Notice(theClient, "The passphrase cannot be the same as the username");
        return false;
        }

        /* Work out some salt. */
        string salt;

        // TODO: Why calling srand() here?
        srand(clock() * 1000000);

        // TODO: What is the significance of '8' here?
        // Schema states a fixed 8 bytes of random salt are used in generating the
        // password.
        for ( unsigned short int i = 0 ; i < 8; i++)
                {
                int randNo = 1+(int) (64.0*rand()/(RAND_MAX+1.0));
                salt += validChars[randNo];
                }

        /* Work out a MD5 hash of our salt + password */

        md5     hash; // MD5 hash algorithm object.
        md5Digest digest; // MD5Digest algorithm object.

        // Prepend the salt to the password
        string newPass = salt + st[2];

        // Take the md5 hash of this newPass string
        hash.update( (const unsigned char *)newPass.c_str(), newPass.size() );
        hash.report( digest );

        /* Convert to Hex */

        int data[ MD5_DIGEST_LENGTH ] = { 0 } ;
        for( size_t i = 0 ; i < MD5_DIGEST_LENGTH ; ++i )
                {
                data[ i ] = digest[ i ] ;
                }

        strstream output;
        output << hex;
        output.fill('0');
        for( size_t ii = 0; ii < MD5_DIGEST_LENGTH; ii++ )
                {
                output << setw(2) << data[ii];
                }
        output << ends;

        // Prepend the md5 hash to the salt
        string finalPassword = salt + output.str();

	/*
         * Check if the email is a correct one
         */
        StringTokenizer st2( st[ 3 ], '@' ) ;
	
        if( (st2.size() != 2) || (st2[ 1 ].size() > 128 ) )
        {
        bot->Notice(theClient, "Sorry, this email address is not valid.");
        return false ;
        }

	/*
         * Finally done, let's rock and roll....
         */

        strstream theQuery ;
        theQuery  << "INSERT INTO users (user_name, password, email, language_id, last_updated_by, last_updated ) " 
	          << "VALUES ("
                  << "'" << st[1] << "',"
		  << "'" << finalPassword.c_str() << "',"
                  << "'" << st[3] << "',1,"
                  << "'(" << theUser->getUserName() << ") "
                  << theClient->getNickUserHost() << "',"
                  << bot->currentTime()
                  << ");"
                  << ends;

#ifdef LOG_SQL
          elog    << "ADDUSERID::sqlQuery> "
                  << theQuery.str()
                  << endl;
#endif

	  ExecStatusType status = bot->SQLDb->Exec(theQuery.str()) ;
	  delete[] theQuery.str() ;

	  if( PGRES_COMMAND_OK != status )
	          {
                  bot->dbErrorMessage(theClient);
                  return false ;
                  }

          bot->Notice(theClient, "%s has been added to the database with email address %s and password %s" ,st[1].c_str(), st[3].c_str(), st[2].c_str());
 
  delete[] output.str() ;
  return true;
  }


} // namespace gnuworld