From a21f94bb6957a9ad83b8675e65f127b20cfba77c Mon Sep 17 00:00:00 2001
From: groche97 <groche97@gmail.com>
Date: Tue, 26 May 2020 21:58:33 +0200
Subject: [PATCH] hash users paswords

---
 msql_acces.cpp      | 12 ++++++++++--
 session_manager.cpp |  9 ++++++++-
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/msql_acces.cpp b/msql_acces.cpp
index d4c2cc5..7559160 100644
--- a/msql_acces.cpp
+++ b/msql_acces.cpp
@@ -1,5 +1,9 @@
 #include "msql_acces.h"
 #include <iostream>
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <string.h>
+
 msql_acces::msql_acces()
 {
   driver = get_driver_instance();
@@ -103,10 +107,14 @@ bool msql_acces::get_package_exists(std::string package){
 
 void msql_acces::create_user(std::string user, std::string pass, bool admin){
   sql::PreparedStatement *pstmt = con->prepareStatement("insert into users(username, passwd, admin) values(?, ?, ?)");
+  unsigned char hash[SHA512_DIGEST_LENGTH];
+  SHA512(reinterpret_cast<unsigned const char*>(pass.data()), strlen(pass.data()), hash);
+  unsigned char encodedData[200];
+  EVP_EncodeBlock(encodedData, hash, sizeof (hash));
   pstmt->setString(1,user);
-  pstmt->setString(2,pass);
+  pstmt->setString(2,std::string(reinterpret_cast<char*>(encodedData)));
   pstmt->setBoolean(3,admin);
-  sql::ResultSet *res = pstmt->executeQuery();
+  pstmt->executeQuery();
 }
 
 void msql_acces::remove_user(std::string user){
diff --git a/session_manager.cpp b/session_manager.cpp
index 6a32d5f..7ad0507 100644
--- a/session_manager.cpp
+++ b/session_manager.cpp
@@ -5,6 +5,8 @@
 #include <sys/wait.h>
 #include <iostream>
 #include <cstring>
+#include <openssl/sha.h>
+#include <openssl/evp.h>
 
 session_manager::session_manager(int fd)
 {
@@ -17,7 +19,12 @@ bool session_manager::validate_pass(){
   this->read_data(buffer, 256);
   std::string user=buffer;
   this->read_data(buffer, 256);
-  std::string pass=buffer;
+  // std::string pass=buffer;
+  unsigned char hash[SHA512_DIGEST_LENGTH];
+  SHA512(reinterpret_cast<unsigned const char*>(buffer), strlen(buffer), hash);
+  unsigned char encodedData[200];
+  EVP_EncodeBlock(encodedData, hash, sizeof (hash));
+  std::string pass=std::string(reinterpret_cast<char*>(encodedData));
   if(this->data->get_passwd(user)==pass){
       this->write_data("pass");
       if(this->data->get_admin(user)){