diff options
author | Christian Pointner <equinox@spreadspace.org> | 2015-07-27 21:26:49 (GMT) |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2015-07-27 21:26:49 (GMT) |
commit | 46acf73e2889842a79a39114263580ee231b32f5 (patch) | |
tree | 35adda5ccc4f3542a73266f8243fec0c9b1bc33c /lib/RHRD | |
parent | a7f0146acee4ea6c49d76091d3c8e1beb62a9177 (diff) |
explicitly disallow empty tokens
Diffstat (limited to 'lib/RHRD')
-rwxr-xr-x | lib/RHRD/rddb.pm | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/RHRD/rddb.pm b/lib/RHRD/rddb.pm index dcd5715..6a1d925 100755 --- a/lib/RHRD/rddb.pm +++ b/lib/RHRD/rddb.pm @@ -75,6 +75,9 @@ sub get_token sub set_token { my ($dbh, $username, $token) = @_; + if(!defined $token || $token eq '') { + return (undef, 'ERROR', "empty token is not allowed") + } my $sql = qq{update USERS set PASSWORD = ? where LOGIN_NAME = ?;}; my $rows = $dbh->do($sql, undef, $token, $username) @@ -89,6 +92,9 @@ sub set_token sub check_token { my ($dbh, $username, $token) = @_; + if(!defined $token || $token eq '') { + return (undef, 'ERROR', "empty token is not allowed") + } my $sql = qq{select PASSWORD from USERS where LOGIN_NAME = ?;}; my $sth = $dbh->prepare($sql) @@ -113,6 +119,9 @@ sub check_token sub add_user { my ($dbh, $username, $token) = @_; + if(!defined $token || $token eq '') { + return (undef, 'ERROR', "empty token is not allowed") + } my $sql = qq{insert into USERS (LOGIN_NAME, FULL_NAME, PHONE_NUMBER, DESCRIPTION, PASSWORD, ENABLE_WEB, ADMIN_USERS_PRIV, ADMIN_CONFIG_PRIV, CREATE_CARTS_PRIV, DELETE_CARTS_PRIV, MODIFY_CARTS_PRIV, EDIT_AUDIO_PRIV, ASSIGN_CART_PRIV, CREATE_LOG_PRIV, DELETE_LOG_PRIV, DELETE_REC_PRIV, PLAYOUT_LOG_PRIV, ARRANGE_LOG_PRIV, MODIFY_TEMPLATE_PRIV, ADDTO_LOG_PRIV, REMOVEFROM_LOG_PRIV, CONFIG_PANELS_PRIV, VOICETRACK_LOG_PRIV, EDIT_CATCHES_PRIV, ADD_PODCAST_PRIV, EDIT_PODCAST_PRIV, DELETE_PODCAST_PRIV) values ( ?, "", "", "", ? , "N", "N", "N", "Y", "Y", "Y", "Y", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N");}; my $sth = $dbh->prepare($sql) |