Diff of /xoonips/AL/commonal.cc

OSDN > Find Software > XooNIps

 Browse CVS Repository



/[OSDN]/xoonips/AL/commonal.cc




Diff of /xoonips/AL/commonal.cc



 Parent Directory

|  Revision Log


|  Revision Graph


|  Patch














revision 1.47 by aga,
Sat Jan 22 02:41:14 2005 UTC




revision 1.48 by aga,
Sat Jan 22 04:18:22 2005 UTC






#

Line 2 



Line 2 













2
  * 
  * 

















3
  * $Revision$
  * $Revision$

















4
  * $Log$
  * $Log$












5
 
  * Revision 1.48  2005/01/22 04:18:22  aga







6
 
  * ・loginUser, insertAccount内ではmd5()を行わないよう修正.







7
 
  *












8
  * Revision 1.47  2005/01/22 02:41:14  aga
  * Revision 1.47  2005/01/22 02:41:14  aga

















9
  * ・amazon補完を作成.
  * ・amazon補完を作成.

















10
  *
  *











#

Line 1292 
 result_t insertAccount( sessionid_t sid,


Line 1295 
 result_t insertAccount( sessionid_t sid,












1295
 
 

















1296
     if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) {
     if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) {

















1297
         string sql;
         string sql;















1298


         sql = "INSERT INTO " + dbprefix + "_users (uname, name, email, url, user_avatar, user_regdate, user_icq, user_from, user_sig, user_viewemail, actkey, user_aim, user_yim, user_msnm, pass, posts, attachsig, rank, level, theme, timezone_offset, last_login, umode, uorder, notify_method, notify_mode, user_occ, bio, user_intrest, user_mailok) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, MD5(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";


         sql = "INSERT INTO " + dbprefix + "_users (uname, name, email, url, user_avatar, user_regdate, user_icq, user_from, user_sig, user_viewemail, actkey, user_aim, user_yim, user_msnm, pass, posts, attachsig, rank, level, theme, timezone_offset, last_login, umode, uorder, notify_method, notify_mode, user_occ, bio, user_intrest, user_mailok) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";















1299
         sqlcode = SQLPrepare(hstmt, (SQLCHAR*)sql.c_str(), SQL_NTS);
         sqlcode = SQLPrepare(hstmt, (SQLCHAR*)sql.c_str(), SQL_NTS);

















1300
         if( sqlcode == SQL_SUCCESS || sqlcode == SQL_SUCCESS_WITH_INFO ){
         if( sqlcode == SQL_SUCCESS || sqlcode == SQL_SUCCESS_WITH_INFO ){

















1301
             SQLBindParameter(hstmt,  1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_LONGVARCHAR, ACCOUNT_UNAME_LEN, 0, uname, 0, &cbUname );
             SQLBindParameter(hstmt,  1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_LONGVARCHAR, ACCOUNT_UNAME_LEN, 0, uname, 0, &cbUname );











#

Line 2852 
 result_t loginUser(const char* uname, co


Line 2855 
 result_t loginUser(const char* uname, co












2855
     SQLRETURN sqlcode;
     SQLRETURN sqlcode;

















2856
     
     

















2857
     // uname, passwd -> uid
     // uname, passwd -> uid














     string escUname = addSlashes( uname );
 










     string escPasswd = addSlashes( passwd );
 










     sql = "SELECT uid FROM " + dbprefix + "_users WHERE uname='" + escUname + "' and pass=md5('" + escPasswd + "')";
 










     
 













2858
     if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) {
     if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) {















2859


         if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), sql.length() ) ) == SQL_SUCCESS ){


         sql = "SELECT uid FROM " + dbprefix + "_users WHERE uname = ? and pass = ? ";













2860


             userid_t uid = 0;


         sqlcode = SQLPrepare(hstmt, (SQLCHAR*)sql.c_str(), SQL_NTS);













2861


 


         SQLINTEGER cbUname = SQL_NTS, cbPasswd = SQL_NTS;













2862


 


         SQLBindParameter(hstmt,  1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_VARCHAR, strlen(uname), 0, (SQLCHAR *)uname, 0, &cbUname );













2863


 


         SQLBindParameter(hstmt,  2, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_VARCHAR, strlen(passwd),0, (SQLCHAR *)passwd,0, &cbPasswd );













2864


 


         if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), strlen( sql.c_str() ) ) ) == SQL_SUCCESS ){













2865


 


             SQLUINTEGER sUID = 0;















2866
             SQLINTEGER len = 0;
             SQLINTEGER len = 0;















2867


             SQLBindCol( hstmt, 1, SQL_C_ULONG, &uid, 0, &len );


             SQLBindCol( hstmt, 1, SQL_C_ULONG, &sUID, 0, &len );













2868


             sqlcode = SQLFetch( hstmt );


             if ( ( sqlcode = SQLFetch( hstmt ) ) == SQL_SUCCESS ){













2869


             if( sqlcode == SQL_SUCCESS ){


                 ret = addSession( (userid_t)sUID, session );













2870


                 ret = addSession( uid, session );


             }else if ( sqlcode == SQL_NO_DATA ){
















             }else {


 















2871
                 string s( "SQLFetch in loginUser" );
                 string s( "SQLFetch in loginUser" );

















2872
                 setLastErrorString( s.c_str( ) );
                 setLastErrorString( s.c_str( ) );

















2873
                 ret = RES_LOGIN_FAILURE;//illegal loginname or password
                 ret = RES_LOGIN_FAILURE;//illegal loginname or password












2874
 
             }else{







2875
 
                 string s( "SQLFetch in loginUser " );







2876
 
                 s += odbcDiagString( SQL_HANDLE_STMT, hstmt, sqlcode );







2877
 
                 s += "sql=";







2878
 
                 s += sql;







2879
 
                 setLastErrorString( s.c_str( ) );







2880
 
                 ret = RES_ERROR;












2881
             }
             }

















2882
         }else{
         }else{















2883


             setLastErrorString( "SQLExecDirect in loginUser" );


             string s( "SQLExecDirect in loginUser " );













2884


 


             s += odbcDiagString( SQL_HANDLE_STMT, hstmt, sqlcode );













2885


 


             s += "sql=";













2886


 


             s += sql;













2887


 


             setLastErrorString( s.c_str( ) );















2888
             ret = RES_DB_QUERY_ERROR;
             ret = RES_DB_QUERY_ERROR;

















2889
         }
         }

















2890
         SQLFreeHandle( SQL_HANDLE_STMT, hstmt );
         SQLFreeHandle( SQL_HANDLE_STMT, hstmt );

















2891
     }else{
     }else{















2892


         setLastErrorString( "SQLAllocHandle(SQL_HANDLE_STMT,...) in loginUser" );


         setLastErrorString( "SQLAllocHandle(SQL_HANDLE_STMT,...) in loginUser " );















2893
         ret = RES_ERROR;
         ret = RES_ERROR;

















2894
     }
     }

















2895
     
     





























Legend:



Removed from v.1.47
 


changed lines


 
Added in v.1.48













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[OSDN]/xoonips/AL/commonal.cc
-revision 1.47 by aga,
Sat Jan 22 02:41:14 2005 UTC
+revision 1.48 by aga,
Sat Jan 22 04:18:22 2005 UTC
 Line 2
   *
   * $Revision$
   * $Log$
+  * Revision 1.48  2005/01/22 04:18:22  aga
+  * ・loginUser, insertAccount内ではmd5()を行わないよう修正.
+  *
   * Revision 1.47  2005/01/22 02:41:14  aga
   * ・amazon補完を作成.
   *
-Line 1292 
 result_t insertAccount( sessionid_t sid,
+Line 1295 
 result_t insertAccount( sessionid_t sid,
      if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) {
          string sql;
-         sql = "INSERT INTO " + dbprefix + "_users (uname, name, email, url, user_avatar, user_regdate, user_icq, user_from, user_sig, user_viewemail, actkey, user_aim, user_yim, user_msnm, pass, posts, attachsig, rank, level, theme, timezone_offset, last_login, umode, uorder, notify_method, notify_mode, user_occ, bio, user_intrest, user_mailok) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, MD5(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+         sql = "INSERT INTO " + dbprefix + "_users (uname, name, email, url, user_avatar, user_regdate, user_icq, user_from, user_sig, user_viewemail, actkey, user_aim, user_yim, user_msnm, pass, posts, attachsig, rank, level, theme, timezone_offset, last_login, umode, uorder, notify_method, notify_mode, user_occ, bio, user_intrest, user_mailok) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
          sqlcode = SQLPrepare(hstmt, (SQLCHAR*)sql.c_str(), SQL_NTS);
          if( sqlcode == SQL_SUCCESS || sqlcode == SQL_SUCCESS_WITH_INFO ){
              SQLBindParameter(hstmt,  1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_LONGVARCHAR, ACCOUNT_UNAME_LEN, 0, uname, 0, &cbUname );
-Line 2852 
 result_t loginUser(const char* uname, co
+Line 2855 
 result_t loginUser(const char* uname, co
      SQLRETURN sqlcode;
      // uname, passwd -> uid
-     string escUname = addSlashes( uname );
-     string escPasswd = addSlashes( passwd );
-     sql = "SELECT uid FROM " + dbprefix + "_users WHERE uname='" + escUname + "' and pass=md5('" + escPasswd + "')";
      if( ( sqlcode = SQLAllocHandle( SQL_HANDLE_STMT, hdbc, &hstmt ) ) == SQL_SUCCESS ) {
-         if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), sql.length() ) ) == SQL_SUCCESS ){
+         sql = "SELECT uid FROM " + dbprefix + "_users WHERE uname = ? and pass = ? ";
-             userid_t uid = 0;
+         sqlcode = SQLPrepare(hstmt, (SQLCHAR*)sql.c_str(), SQL_NTS);
+         SQLINTEGER cbUname = SQL_NTS, cbPasswd = SQL_NTS;
+         SQLBindParameter(hstmt,  1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_VARCHAR, strlen(uname), 0, (SQLCHAR *)uname, 0, &cbUname );
+         SQLBindParameter(hstmt,  2, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_VARCHAR, strlen(passwd),0, (SQLCHAR *)passwd,0, &cbPasswd );
+         if( ( sqlcode = SQLExecDirect( hstmt, (SQLCHAR*)sql.c_str(), strlen( sql.c_str() ) ) ) == SQL_SUCCESS ){
+             SQLUINTEGER sUID = 0;
              SQLINTEGER len = 0;
-             SQLBindCol( hstmt, 1, SQL_C_ULONG, &uid, 0, &len );
+             SQLBindCol( hstmt, 1, SQL_C_ULONG, &sUID, 0, &len );
-             sqlcode = SQLFetch( hstmt );
+             if ( ( sqlcode = SQLFetch( hstmt ) ) == SQL_SUCCESS ){
-             if( sqlcode == SQL_SUCCESS ){
+                 ret = addSession( (userid_t)sUID, session );
-                 ret = addSession( uid, session );
+             }else if ( sqlcode == SQL_NO_DATA ){
-             }else {
                  string s( "SQLFetch in loginUser" );
                  setLastErrorString( s.c_str( ) );
                  ret = RES_LOGIN_FAILURE;//illegal loginname or password
+             }else{
+                 string s( "SQLFetch in loginUser " );
+                 s += odbcDiagString( SQL_HANDLE_STMT, hstmt, sqlcode );
+                 s += "sql=";
+                 s += sql;
+                 setLastErrorString( s.c_str( ) );
+                 ret = RES_ERROR;
              }
          }else{
-             setLastErrorString( "SQLExecDirect in loginUser" );
+             string s( "SQLExecDirect in loginUser " );
+             s += odbcDiagString( SQL_HANDLE_STMT, hstmt, sqlcode );
+             s += "sql=";
+             s += sql;
+             setLastErrorString( s.c_str( ) );
              ret = RES_DB_QUERY_ERROR;
          }
          SQLFreeHandle( SQL_HANDLE_STMT, hstmt );
      }else{
-         setLastErrorString( "SQLAllocHandle(SQL_HANDLE_STMT,...) in loginUser" );
+         setLastErrorString( "SQLAllocHandle(SQL_HANDLE_STMT,...) in loginUser " );
          ret = RES_ERROR;
      }
 Legend:



Removed from v.1.47
 


changed lines


 
Added in v.1.48
 Legend:



Removed from v.1.47
 


changed lines


 
Added in v.1.48
-Removed from v.1.47
+Added in v.1.48
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

Develop and Download Open Source Software

XooNIps

Browse CVS Repository