summaryrefslogtreecommitdiff
path: root/lib/RHRD
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2015-07-27 21:26:49 (GMT)
committerChristian Pointner <equinox@spreadspace.org>2015-07-27 21:26:49 (GMT)
commit46acf73e2889842a79a39114263580ee231b32f5 (patch)
tree35adda5ccc4f3542a73266f8243fec0c9b1bc33c /lib/RHRD
parenta7f0146acee4ea6c49d76091d3c8e1beb62a9177 (diff)
explicitly disallow empty tokens
Diffstat (limited to 'lib/RHRD')
-rwxr-xr-xlib/RHRD/rddb.pm9
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/RHRD/rddb.pm b/lib/RHRD/rddb.pm
index dcd5715..6a1d925 100755
--- a/lib/RHRD/rddb.pm
+++ b/lib/RHRD/rddb.pm
@@ -75,6 +75,9 @@ sub get_token
sub set_token
{
my ($dbh, $username, $token) = @_;
+ if(!defined $token || $token eq '') {
+ return (undef, 'ERROR', "empty token is not allowed")
+ }
my $sql = qq{update USERS set PASSWORD = ? where LOGIN_NAME = ?;};
my $rows = $dbh->do($sql, undef, $token, $username)
@@ -89,6 +92,9 @@ sub set_token
sub check_token
{
my ($dbh, $username, $token) = @_;
+ if(!defined $token || $token eq '') {
+ return (undef, 'ERROR', "empty token is not allowed")
+ }
my $sql = qq{select PASSWORD from USERS where LOGIN_NAME = ?;};
my $sth = $dbh->prepare($sql)
@@ -113,6 +119,9 @@ sub check_token
sub add_user
{
my ($dbh, $username, $token) = @_;
+ if(!defined $token || $token eq '') {
+ return (undef, 'ERROR', "empty token is not allowed")
+ }
my $sql = qq{insert into USERS (LOGIN_NAME, FULL_NAME, PHONE_NUMBER, DESCRIPTION, PASSWORD, ENABLE_WEB, ADMIN_USERS_PRIV, ADMIN_CONFIG_PRIV, CREATE_CARTS_PRIV, DELETE_CARTS_PRIV, MODIFY_CARTS_PRIV, EDIT_AUDIO_PRIV, ASSIGN_CART_PRIV, CREATE_LOG_PRIV, DELETE_LOG_PRIV, DELETE_REC_PRIV, PLAYOUT_LOG_PRIV, ARRANGE_LOG_PRIV, MODIFY_TEMPLATE_PRIV, ADDTO_LOG_PRIV, REMOVEFROM_LOG_PRIV, CONFIG_PANELS_PRIV, VOICETRACK_LOG_PRIV, EDIT_CATCHES_PRIV, ADD_PODCAST_PRIV, EDIT_PODCAST_PRIV, DELETE_PODCAST_PRIV) values ( ?, "", "", "", ? , "N", "N", "N", "Y", "Y", "Y", "Y", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N", "N");};
my $sth = $dbh->prepare($sql)