- admin password is now stored as <length>:<md5 hash of password> in live.AdminPasswordMD5

(default password keeps 'live', so please re-edit your password via OSD) - new function MD5Hash in tools - changed epgsearch to use MD5Hash of tools
author: Christian Wieninger <cwieninger (at) gmx (dot) de> 2007-05-06 11:07:38 +0000
committer: Christian Wieninger <cwieninger (at) gmx (dot) de> 2007-05-06 11:07:38 +0000
commit: 85565b4b3235b9afa009ac1c52e034fc4c006582 (patch)
tree: 9a0dca573a89bd2f68dd13eea5ae727387b4f262
parent: 2a71cc466e8d0e2ced62549ded8d6e321b0ab5f9 (diff)
download: vdr-plugin-live-85565b4b3235b9afa009ac1c52e034fc4c006582.tar.gz
vdr-plugin-live-85565b4b3235b9afa009ac1c52e034fc4c006582.tar.bz2
7 files changed, 49 insertions, 27 deletions
diff --git a/epgsearch.cpp b/epgsearch.cpp
index c819e5e..2b7b94e 100644
--- a/epgsearch.cpp
+++ b/epgsearch.cpp
@@ -3,7 +3,6 @@
 #include <vdr/channels.h>
 #include <vdr/plugin.h>
 #include <iomanip>
-#include <openssl/md5.h>
 #include "epgsearch/services.h"
 #include "epgsearch.h"
 #include "exception.h"
@@ -506,19 +505,6 @@ void SearchResults::GetByQuery(std::string const& query)
 	m_list.sort();
 }
 
-std::string SearchResults::MD5Hash(std::string const& query)
-{
-	unsigned char md5[MD5_DIGEST_LENGTH];
-	MD5(reinterpret_cast<const unsigned char*>(query.c_str()), query.size(), md5);
-
-	ostringstream hashStr;
-	hashStr << hex;
-	for (size_t i = 0; i < MD5_DIGEST_LENGTH; i++)
-		hashStr << (0 + md5[i]);
-
-	return hashStr.str();
-}
-
 std::string SearchResults::AddQuery(std::string const& query)
 {
 	querySet.insert(query);
diff --git a/epgsearch.h b/epgsearch.h
index b2c0b73..6c38ee1 100644
--- a/epgsearch.h
+++ b/epgsearch.h
@@ -356,7 +356,6 @@ public:
 
 	static std::string AddQuery(std::string const& query);
 	static std::string PopQuery(std::string const& md5);
-	static std::string MD5Hash(std::string const& query);
 private:
 	searchresults m_list;
 };
diff --git a/pages/login.ecpp b/pages/login.ecpp
index c564b9b..9b666bf 100644
--- a/pages/login.ecpp
+++ b/pages/login.ecpp
@@ -19,7 +19,7 @@ bool logged_in(false);
 std::string message;
 
 if (action == "login") {
-	if ((login == LiveSetup().GetAdminLogin()) && (password == LiveSetup().GetAdminPassword())) {
+	if ((login == LiveSetup().GetAdminLogin()) && (MD5Hash(password) == LiveSetup().GetMD5HashAdminPassword())) {
 		logged_in = true;
 	} else {
 		message = "Username oder Passwort falsch";
diff --git a/setup.cpp b/setup.cpp
index 072ae16..5c4af13 100644
--- a/setup.cpp
+++ b/setup.cpp
@@ -14,6 +14,7 @@
 #include <vdr/menuitems.h>
 #include <vdr/plugin.h>
 #include "setup.h"
+#include "tools.h"
 
 namespace vdrlive {
 
@@ -24,9 +25,9 @@ Setup::Setup():
 		m_lastChannel( 0 ),
 		m_screenshotInterval( 1000 ),
 		m_useAuth( 1 ),
-		m_adminLogin("admin"),
-		m_adminPassword("live")
+		m_adminLogin("admin")		
 {
+	m_adminPasswordMD5 = "4:" + MD5Hash("live");
 }
 
 bool Setup::ParseCommandLine( int argc, char* argv[] )
@@ -70,7 +71,7 @@ bool Setup::ParseSetupEntry( char const* name, char const* value )
 	else if ( strcmp( name, "ScreenshotInterval" ) == 0 ) m_screenshotInterval = atoi( value );
 	else if ( strcmp( name, "UseAuth" ) == 0 ) m_useAuth = atoi( value );
 	else if ( strcmp( name, "AdminLogin" ) == 0 ) m_adminLogin = value;
-	else if ( strcmp( name, "AdminPassword" ) == 0 ) m_adminPassword = value;
+	else if ( strcmp( name, "AdminPasswordMD5" ) == 0 ) m_adminPasswordMD5 = value;
 	else return false;
 	return true;
 }
@@ -107,6 +108,28 @@ bool Setup::HaveEPGSearch(void)
 	return cPluginManager::GetPlugin("epgsearch") != NULL;	
 }
 
+std::string Setup::GetMD5HashAdminPassword() const
+{
+	// format is <length>:<md5-hash of password>
+	vector< string > parts = StringSplit( m_adminPasswordMD5, ':' ); 
+	return (parts.size() > 1) ? parts[1] : "";
+}
+
+int Setup::GetAdminPasswordLength() const
+{
+	// format is <length>:<md5-hash of password>
+	vector< string > parts = StringSplit( m_adminPasswordMD5, ':' ); 
+	return (parts.size() > 0) ? lexical_cast< int >( parts[0] ) : 0;
+}
+
+std::string Setup::SetAdminPassword(std::string password) 
+{ 
+	ostringstream passwordStr;
+	passwordStr << password.size() << ":" << MD5Hash(password);
+	m_adminPasswordMD5 = passwordStr.str(); 
+	return m_adminPasswordMD5;
+}
+
 Setup& LiveSetup()
 {
 	static Setup instance;
@@ -119,9 +142,8 @@ cMenuSetupLive::cMenuSetupLive():
 	m_lastChannel = vdrlive::LiveSetup().GetLastChannel();
 	m_useAuth = vdrlive::LiveSetup().UseAuth();
 	strcpy(m_adminLogin, vdrlive::LiveSetup().GetAdminLogin().c_str());
-	strcpy(m_adminPassword, vdrlive::LiveSetup().GetAdminPassword().c_str());
-	
-	string strHidden(strlen(m_adminPassword), '*');
+
+	string strHidden(vdrlive::LiveSetup().GetAdminPasswordLength(), '*');
 	strcpy(m_tmpPassword, strHidden.c_str());
 	Set();
 }
@@ -151,8 +173,8 @@ void cMenuSetupLive::Store(void)
 	vdrlive::LiveSetup().SetAdminLogin(m_adminLogin);
 	SetupStore("AdminLogin",  m_adminLogin);
 	
-	vdrlive::LiveSetup().SetAdminPassword(m_adminPassword);
-	SetupStore("AdminPassword",  m_adminPassword);
+	std::string passwordMD5 = vdrlive::LiveSetup().SetAdminPassword(m_adminPassword);
+	SetupStore("AdminPasswordMD5",  passwordMD5.c_str());
 }
 
 bool cMenuSetupLive::InEditMode(const char* ItemText, const char* ItemName, const char* ItemValue)
diff --git a/setup.h b/setup.h
index ef869c6..535585f 100644
--- a/setup.h
+++ b/setup.h
@@ -29,12 +29,13 @@ public:
 	int GetLastChannel() const { return m_lastChannel == 0 ? std::numeric_limits< int >::max() : m_lastChannel; }
 	int GetScreenshotInterval() const { return m_screenshotInterval; }
 	std::string GetAdminLogin() const { return m_adminLogin; }
-	std::string GetAdminPassword() const { return m_adminPassword; }
+	std::string GetMD5HashAdminPassword() const;
+	int GetAdminPasswordLength() const;
 	bool UseAuth() const { return m_useAuth; }
 	
 	void SetLastChannel(int lastChannel) { m_lastChannel = lastChannel; }
 	void SetAdminLogin(std::string login) { m_adminLogin = login; }
-	void SetAdminPassword(std::string password) { m_adminPassword = password; }
+	std::string SetAdminPassword(std::string password);
 	void SetUseAuth(int auth) { m_useAuth = auth; }
 	void SetScrenshotInterval(int interval) { m_screenshotInterval = interval; }
 
@@ -57,7 +58,7 @@ private:
 	
 	int m_useAuth;
 	std::string m_adminLogin;
-	std::string m_adminPassword;
+	std::string m_adminPasswordMD5;
 
 	bool CheckServerPort();
 	bool CheckServerIps();
diff --git a/tools.cpp b/tools.cpp
index 8959317..da3956f 100644
--- a/tools.cpp
+++ b/tools.cpp
@@ -4,6 +4,7 @@
 #include <tnt/htmlescostream.h>
 #include <tnt/httprequest.h>
 #include <tnt/httpreply.h>
+#include <openssl/md5.h>
 #include "exception.h"
 #include "live.h"
 #include "setup.h"
@@ -130,5 +131,17 @@ string ZeroPad(int number)
    return os.str();
 }
 
+std::string MD5Hash(std::string const& str)
+{
+	unsigned char md5[MD5_DIGEST_LENGTH];
+	MD5(reinterpret_cast<const unsigned char*>(str.c_str()), str.size(), md5);
+
+	ostringstream hashStr;
+	hashStr << hex;
+	for (size_t i = 0; i < MD5_DIGEST_LENGTH; i++)
+		hashStr << (0 + md5[i]);
+
+	return hashStr.str();
+}
 
 } // namespace vdrlive
diff --git a/tools.h b/tools.h
index 817e6f3..1576377 100644
--- a/tools.h
+++ b/tools.h
@@ -31,6 +31,7 @@ std::string StringEscapeAndBreak( std::string const& input );
 std::string StringFormatBreak(std::string const& input);
 std::string StringTrim(const std::string& str);
 std::string ZeroPad(int number);
+std::string MD5Hash(std::string const& str);
 
 struct bad_lexical_cast: std::runtime_error 
 {
author	Christian Wieninger <cwieninger (at) gmx (dot) de>	2007-05-06 11:07:38 +0000
committer	Christian Wieninger <cwieninger (at) gmx (dot) de>	2007-05-06 11:07:38 +0000
commit	85565b4b3235b9afa009ac1c52e034fc4c006582 (patch)
tree	9a0dca573a89bd2f68dd13eea5ae727387b4f262
parent	2a71cc466e8d0e2ced62549ded8d6e321b0ab5f9 (diff)
download	vdr-plugin-live-85565b4b3235b9afa009ac1c52e034fc4c006582.tar.gz vdr-plugin-live-85565b4b3235b9afa009ac1c52e034fc4c006582.tar.bz2