Fixed errors from security update

2025-10-29 18:00:23 +00:00 · 2015-11-23 21:09:23 +01:00
parent abf77a27d6
commit 94bb7c4ceb
4 changed files with 14 additions and 11 deletions
--- a/server/server.js
+++ b/server/server.js
@@ -323,7 +323,7 @@ io.on('connection', function(socket){
            else
            {
                var id = msg[1];
-                var hash = hash_pass(msg[3]);
+                var hash = hash_pass(decrypt_password(socket.id, msg[3]));
                db.collection(coll).find({views:{$exists:true}}, function(err, docs){
                    if(docs !== null && docs.length != 0 && ((docs[0]["vote"] == true && (hash == docs[0]["adminpass"] || docs[0]["adminpass"] == ""))
                        || docs[0]["vote"] == false))
@@ -392,7 +392,7 @@ io.on('connection', function(socket){
            }

            if(adminpass !== undefined && adminpass !== null && adminpass != "")
-                var hash = hash_pass(adminpass);
+                var hash = hash_pass(decrypt_password(socket.id, adminpass));
            else
                var hash = "";

@@ -446,7 +446,7 @@ io.on('connection', function(socket){
            if(params.length == 10) description = params[9];

            if(adminpass != "")
-                var hash = hash_pass(adminpass);
+                var hash = hash_pass(decrypt_password(socket.id, adminpass));
            else
                var hash = adminpass;

@@ -484,7 +484,7 @@ io.on('connection', function(socket){
            check_inlist(coll, guid, socket, name);

            if(pass == "") var hash = pass;
-            else var hash = hash_pass(pass);
+            else var hash = hash_pass(decrypt_password(socket.id, pass));
            db.collection(coll).find({views:{$exists:true}}, function(err, docs){
                if(docs !== null && docs.length != 0 && ((docs[0]["adminpass"] == hash || docs[0]["adminpass"] == "") || docs[0]["shuffle"] == false))
                {