mirror of
https://github.com/KevinMidboe/zoff.git
synced 2025-10-29 18:00:23 +00:00
Merge pull request #415 from zoff-music/security/improved-security
Better hiding of passwords, hiding cookie-logins better
This commit is contained in:
Kasper Rynning-Tønnesen
GitHub
@@ -26,11 +26,13 @@ function get_history(channel, all, socket) {
|
||||
if(!query.all) {
|
||||
Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass) {
|
||||
if(userpass != "" || pass == undefined) {
|
||||
pass = userpass;
|
||||
pass = userpass
|
||||
} else {
|
||||
pass = crypto.createHash('sha256').update(Functions.decrypt_string(pass)).digest('base64')
|
||||
}
|
||||
db.collection(channel + "_settings").find({id: "config"}, function(err, conf) {
|
||||
if(conf.length > 0) {
|
||||
if(conf[0].userpass == "" || conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(pass)).digest('base64')) {
|
||||
if(conf[0].userpass == "" || conf[0].userpass == pass) {
|
||||
getAndSendLogs(channel, all, socket, pass, query);
|
||||
}
|
||||
}
|
||||
@@ -83,9 +85,11 @@ function chat(msg, guid, offline, socket) {
|
||||
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass) {
|
||||
if(userpass != "" || msg.pass == undefined) {
|
||||
msg.pass = userpass;
|
||||
} else {
|
||||
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
|
||||
}
|
||||
db.collection(coll + "_settings").find(function(err, docs){
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) {
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == msg.pass))) {
|
||||
var data = msg.data;
|
||||
|
||||
Functions.check_inlist(coll, guid, socket, offline, function() {
|
||||
@@ -169,6 +173,7 @@ function namechange(data, guid, socket, tried, callback) {
|
||||
var new_password;
|
||||
var first = false;
|
||||
Functions.getSessionChatPass(Functions.getSession(socket), function(name, pass) {
|
||||
var fetched = false;
|
||||
if(data.hasOwnProperty("first") && data.first) {
|
||||
pw = pass;
|
||||
name = name;
|
||||
@@ -179,6 +184,8 @@ function namechange(data, guid, socket, tried, callback) {
|
||||
if(typeof(callback) == "function") callback();
|
||||
return;
|
||||
}
|
||||
fetched = true;
|
||||
password = pw;
|
||||
} else {
|
||||
var name = data.name;
|
||||
if(data.hasOwnProperty("first")) {
|
||||
@@ -191,13 +198,17 @@ function namechange(data, guid, socket, tried, callback) {
|
||||
pw = data.old_password;
|
||||
new_password = Functions.decrypt_string(data.new_password);
|
||||
}
|
||||
password = Functions.decrypt_string(pw);
|
||||
password = Functions.hash_pass(password);
|
||||
doubled = true;
|
||||
}
|
||||
|
||||
if(name == "") {
|
||||
if(typeof(callback) == "function") callback();
|
||||
return;
|
||||
}
|
||||
var password = Functions.decrypt_string(pw);
|
||||
|
||||
|
||||
db.collection("registered_users").find({"_id": name.toLowerCase()}, function(err, docs) {
|
||||
var accepted_password = false;
|
||||
var icon = false;
|
||||
@@ -208,28 +219,30 @@ function namechange(data, guid, socket, tried, callback) {
|
||||
}
|
||||
accepted_password = true;
|
||||
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.password, function() {
|
||||
db.collection("registered_users").update({"_id": name.toLowerCase()}, {$set: {password: Functions.hash_pass(password)}}, {upsert: true}, function() {
|
||||
db.collection("registered_users").update({"_id": name.toLowerCase()}, {$set: {password: password}}, {upsert: true}, function() {
|
||||
});
|
||||
});
|
||||
} else if(docs[0].password == Functions.hash_pass(password)) {
|
||||
} else if(docs[0].password == password) {
|
||||
if(docs[0].icon) {
|
||||
icon = docs[0].icon;
|
||||
}
|
||||
accepted_password = true;
|
||||
if(new_password) {
|
||||
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.new_password, function() {
|
||||
db.collection("registered_users").update({"_id": name.toLowerCase(), password: Functions.hash_pass(password)}, {$set: {password: Functions.hash_pass(new_password)}}, function() {
|
||||
|
||||
db.collection("registered_users").update({"_id": name.toLowerCase(), password: password}, {$set: {password: Functions.hash_pass(new_password)}}, function() {
|
||||
|
||||
});
|
||||
});
|
||||
} else {
|
||||
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.password, function() {
|
||||
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), fetched ? data.password : Functions.hash_pass(Functions.decrypt_string(data.password)), function() {
|
||||
});
|
||||
}
|
||||
}
|
||||
if(accepted_password) {
|
||||
|
||||
db.collection("user_names").find({"guid": guid}, function(err, names) {
|
||||
if(names.length > 0 || (docs.length != 0 && docs[0].password == Functions.hash_pass(password))) {
|
||||
if(names.length > 0 || (docs.length != 0 && docs[0].password == password)) {
|
||||
var no_name = false;
|
||||
if(names.length == 0) no_name = true;
|
||||
if(!no_name) {
|
||||
@@ -278,7 +291,7 @@ function removename(guid, coll, socket) {
|
||||
Functions.removeSessionChatPass(Functions.getSession(socket), function() {
|
||||
db.collection("user_names").update({"_id": "all_names"}, {$pull: {names: old_name}}, function(err, updated) {
|
||||
db.collection("user_names").remove({"guid": guid}, function(err, removed) {
|
||||
get_name(guid, {announce: true, old_name: old_name, channel: coll});
|
||||
get_name(guid, {announce: true, old_name: old_name, channel: coll, socket: socket});
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -349,7 +362,7 @@ function get_name(guid, announce_payload, first) {
|
||||
function get_name_generate(guid, announce_payload, first, channel) {
|
||||
db.collection("user_names").find({"guid": guid}, function(err, docs) {
|
||||
if(docs.length == 0) {
|
||||
generate_name(guid, announce_payload, channel);
|
||||
generate_name(guid, announce_payload, undefined);
|
||||
} else {
|
||||
name = docs[0].name;
|
||||
}
|
||||
|
||||
@@ -236,6 +236,7 @@ function contains(a, obj) {
|
||||
}
|
||||
|
||||
function hash_pass(adminpass, hex) {
|
||||
if(adminpass == undefined || adminpass == "") return "";
|
||||
if(hex) return crypto.createHash('sha256').update(adminpass).digest('hex');
|
||||
return crypto.createHash('sha256').update(adminpass).digest('base64');
|
||||
}
|
||||
@@ -247,7 +248,7 @@ function setSessionAdminPass(id, adminpass, list, callback) {
|
||||
return;
|
||||
}
|
||||
|
||||
connected_db.collection(id).update({_id: list}, {$set: {adminpass: adminpass}}, {upsert: true}, function(e, d){
|
||||
connected_db.collection(id).update({_id: list}, {$set: {adminpass: hash_pass(decrypt_string(adminpass), true)}}, {upsert: true}, function(e, d){
|
||||
callback();
|
||||
return;
|
||||
});
|
||||
@@ -262,7 +263,6 @@ function setSessionChatPass(id, name, pass, callback) {
|
||||
callback();
|
||||
return;
|
||||
}
|
||||
|
||||
connected_db.collection(id).update({_id: "_chat_"}, {$set: {password: pass, name: name}}, {upsert: true}, function(e) {
|
||||
callback();
|
||||
return;
|
||||
@@ -373,7 +373,7 @@ function removeSessionAdminPass(id, channel, callback) {
|
||||
callback();
|
||||
return;
|
||||
}
|
||||
connected_db.collection(id).remove({_id: channel}, function() {
|
||||
connected_db.collection(id).update({_id: channel}, {$set: {"adminpass": ""}}, function() {
|
||||
callback();
|
||||
return;
|
||||
});
|
||||
|
||||
@@ -698,8 +698,10 @@ module.exports = function() {
|
||||
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
|
||||
if(userpass != "" || obj.pass == undefined) {
|
||||
obj.pass = userpass;
|
||||
} else {
|
||||
obj.pass = crypto.createHash('sha256').update(Functions.decrypt_string(obj.pass)).digest("base64")
|
||||
}
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(obj.pass)).digest("base64")))) {
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == obj.pass))) {
|
||||
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 4");
|
||||
List.send_play(coll, socket);
|
||||
} else {
|
||||
|
||||
@@ -37,7 +37,10 @@ function list(msg, guid, coll, offline, socket) {
|
||||
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
|
||||
if(gotten && userpass != "" && !msg.hasOwnProperty("pass")) {
|
||||
msg.pass = userpass;
|
||||
} else {
|
||||
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
|
||||
}
|
||||
adminpass = Functions.hash_pass(adminpass);
|
||||
if(!msg.hasOwnProperty('version') || !msg.hasOwnProperty("channel") ||
|
||||
msg.version != VERSION || msg.version == undefined ||
|
||||
typeof(msg.channel) != "string") {
|
||||
@@ -61,7 +64,7 @@ function list(msg, guid, coll, offline, socket) {
|
||||
coll = msg.channel.toLowerCase(); //.replace(/ /g,'');
|
||||
coll = Functions.removeEmojis(coll).toLowerCase();
|
||||
//coll = filter.clean(coll);
|
||||
var pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
|
||||
var pass = msg.pass;
|
||||
db.collection('frontpage_lists').find({"_id": coll}, function(err, frontpage_lists){
|
||||
if(frontpage_lists.length == 1) {
|
||||
db.collection(coll + "_settings").find(function(err, docs) {
|
||||
@@ -70,7 +73,10 @@ function list(msg, guid, coll, offline, socket) {
|
||||
Functions.setSessionUserPass(Functions.getSession(socket), msg.pass, coll, function(){})
|
||||
socket.emit("auth_accepted", {value: true});
|
||||
}
|
||||
if(docs.length > 0 && docs[0].hasOwnProperty("adminpass") && docs[0].adminpass != "" && docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass), true))) {
|
||||
if(docs.length > 0 && docs[0].userpass != pass) {
|
||||
Functions.setSessionUserPass(Functions.getSession(socket), "", coll, function(){})
|
||||
}
|
||||
if(docs.length > 0 && docs[0].hasOwnProperty("adminpass") && docs[0].adminpass != "" && docs[0].adminpass == adminpass) {
|
||||
socket.emit("pw", true);
|
||||
}
|
||||
in_list = true;
|
||||
@@ -161,14 +167,20 @@ function skip(list, guid, coll, offline, socket) {
|
||||
list.id = list.id + "";
|
||||
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
|
||||
if(adminpass != "" || list.pass == undefined) {
|
||||
list.pass = adminpass;
|
||||
list.pass = Functions.hash_pass(adminpass);
|
||||
} else if(list.pass != "") {
|
||||
list.pass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(list.pass),true));;
|
||||
} else {
|
||||
list.pass = "";
|
||||
}
|
||||
if(userpass != "" || list.userpass == undefined) {
|
||||
list.userpass = userpass;
|
||||
} else {
|
||||
list.userpass = crypto.createHash('sha256').update(Functions.decrypt_string(list.userpass)).digest("base64");
|
||||
}
|
||||
|
||||
db.collection(coll + "_settings").find(function(err, docs){
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (list.hasOwnProperty('userpass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(list.userpass)).digest("base64")))) {
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (list.hasOwnProperty('userpass') && docs[0].userpass == list.userpass))) {
|
||||
|
||||
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 12");
|
||||
|
||||
@@ -184,10 +196,7 @@ function skip(list, guid, coll, offline, socket) {
|
||||
error = true;
|
||||
}
|
||||
|
||||
if(adminpass !== undefined && adminpass !== null && adminpass !== "")
|
||||
hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass),true));
|
||||
else
|
||||
hash = "";
|
||||
hash = adminpass;
|
||||
|
||||
//db.collection(coll + "_settings").find(function(err, docs){
|
||||
|
||||
@@ -611,8 +620,10 @@ function end(obj, coll, guid, offline, socket) {
|
||||
callback_function(Functions.getSession(socket), coll, function(userpass) {
|
||||
if(userpass != "" || obj.pass == undefined) {
|
||||
obj.pass = userpass;
|
||||
} else {
|
||||
obj.pass = crypto.createHash('sha256').update(Functions.decrypt_string(obj.pass)).digest("base64");
|
||||
}
|
||||
if(!authentication_needed || (authentication_needed && obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(obj.pass)).digest("base64"))) {
|
||||
if(!authentication_needed || (authentication_needed && obj.hasOwnProperty('pass') && docs[0].userpass == obj.pass)) {
|
||||
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 13");
|
||||
db.collection(coll).find({now_playing:true}, function(err, np){
|
||||
if(err !== null) console.log(err);
|
||||
|
||||
@@ -41,14 +41,20 @@ function addFromOtherList(arr, guid, offline, socket) {
|
||||
Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass, adminpass) {
|
||||
if(userpass != "" || arr.userpass == undefined) {
|
||||
arr.userpass = userpass;
|
||||
} else {
|
||||
arr.userpass = crypto.createHash('sha256').update(Functions.decrypt_string(arr.userpass)).digest('base64')
|
||||
}
|
||||
if(adminpass != "" || arr.adminpass == undefined) {
|
||||
arr.adminpass = adminpass;
|
||||
arr.adminpass = Functions.hash_pass(adminpass);
|
||||
} else {
|
||||
arr.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true));
|
||||
}
|
||||
Functions.getSessionAdminUser(Functions.getSession(socket), new_channel, function(userpass) {
|
||||
var otheruser = "";
|
||||
if(userpass != "") {
|
||||
otheruser = userpass;
|
||||
} else {
|
||||
otheruser = crypto.createHash('sha256').update(Functions.decrypt_string(otheruser)).digest("base64");
|
||||
}
|
||||
db.collection(channel).find({now_playing: true}, function(e, np) {
|
||||
|
||||
@@ -72,10 +78,10 @@ function addFromOtherList(arr, guid, offline, socket) {
|
||||
to_set_np = false;
|
||||
}
|
||||
db.collection(new_channel + "_settings").find({id: "config"}, function(e, this_conf) {
|
||||
if(this_conf.length > 0 && (this_conf[0].userpass == "" || !this_conf[0].userpass || this_conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(otheruser)).digest("base64"))) {
|
||||
if(this_conf.length > 0 && (this_conf[0].userpass == "" || !this_conf[0].userpass || this_conf[0].userpass == otheruser)) {
|
||||
db.collection(channel + "_settings").find({id: "config"}, function(e, this_conf) {
|
||||
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true));
|
||||
if((this_conf[0].userpass == "" || !this_conf[0].userpass || this_conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(arr.userpass)).digest("base64"))) {
|
||||
var hash = arr.adminpass;
|
||||
if((this_conf[0].userpass == "" || !this_conf[0].userpass || this_conf[0].userpass == arr.userpass)) {
|
||||
if(((this_conf[0].addsongs === true && (hash == this_conf[0].adminpass || this_conf[0].adminpass === "")) ||
|
||||
this_conf[0].addsongs === false)) {
|
||||
db.collection(new_channel).aggregate([
|
||||
@@ -105,8 +111,7 @@ function addFromOtherList(arr, guid, offline, socket) {
|
||||
db.collection(channel).find({now_playing: true}, function(e, np_docs) {
|
||||
to_change.id = np_docs[0].id;
|
||||
to_change.title = np_docs[0].title;
|
||||
|
||||
db.collection("frontpage_lists").find({_id: coll}, function(e, doc) {
|
||||
db.collection("frontpage_lists").find({_id: new_channel}, function(e, doc) {
|
||||
if(doc.length > 0 && ((doc[0].thumbnail != "" && doc[0].thumbnail != undefined && (doc[0].thumbnail.indexOf("https://i1.sndcdn.com") > -1 || doc[0].thumbnail.indexOf("https://w1.sndcdn.com") > -1)) || (doc[0].thumbnail == "" || doc[0].thumbnail == undefined))) {
|
||||
to_change.thumbnail = np_docs[0].thumbnail;
|
||||
}
|
||||
@@ -181,9 +186,13 @@ function addPlaylist(arr, guid, offline, socket) {
|
||||
Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass, adminpass) {
|
||||
if(userpass != "" || arr.userpass == undefined) {
|
||||
arr.userpass = userpass;
|
||||
} else {
|
||||
arr.userpass = crypto.createHash('sha256').update(Functions.decrypt_string(arr.userpass)).digest("base64");
|
||||
}
|
||||
if(adminpass != "" || arr.adminpass == undefined) {
|
||||
arr.adminpass = adminpass;
|
||||
arr.adminpass = Functions.hash_pass(adminpass);
|
||||
} else {
|
||||
arr.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true))
|
||||
}
|
||||
db.collection(channel).find({now_playing: true}, function(e, np) {
|
||||
var now_playing = false;
|
||||
@@ -194,8 +203,8 @@ function addPlaylist(arr, guid, offline, socket) {
|
||||
return;
|
||||
}
|
||||
if(conf.length > 0) {
|
||||
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true));
|
||||
if((conf[0].userpass == "" || !conf[0].userpass || conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(arr.userpass)).digest("base64"))) {
|
||||
var hash = arr.adminpass;
|
||||
if((conf[0].userpass == "" || !conf[0].userpass || conf[0].userpass == arr.userpass)) {
|
||||
if(((conf[0].addsongs === true && (hash == conf[0].adminpass || conf[0].adminpass === "")) ||
|
||||
conf[0].addsongs === false)) {
|
||||
var path = require('path');
|
||||
@@ -386,18 +395,22 @@ function add_function(arr, coll, guid, offline, socket) {
|
||||
//coll = coll.replace(/ /g,'');
|
||||
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
|
||||
if(adminpass != "" || arr.adminpass == undefined) {
|
||||
arr.adminpass = adminpass;
|
||||
arr.adminpass = Functions.hash_pass(adminpass);
|
||||
} else {
|
||||
arr.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true));
|
||||
}
|
||||
if(userpass != "" || arr.userpass == undefined) {
|
||||
arr.userpass = userpass;
|
||||
if(userpass != "" || arr.pass == undefined) {
|
||||
arr.pass = userpass;
|
||||
} else {
|
||||
arr.pass = crypto.createHash('sha256').update(Functions.decrypt_string(arr.pass)).digest("base64");
|
||||
}
|
||||
db.collection(coll + "_settings").find(function(err, docs){
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (arr.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(arr.pass)).digest("base64")))) {
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (arr.hasOwnProperty('pass') && docs[0].userpass == arr.pass))) {
|
||||
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 5");
|
||||
|
||||
var id = arr.id + "";
|
||||
var title = arr.title;
|
||||
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true));
|
||||
var hash = arr.adminpass;
|
||||
var duration = parseInt(arr.duration);
|
||||
var source = arr.source;
|
||||
/*db.collection(coll + "_settings").find(function(err, docs)
|
||||
@@ -541,14 +554,18 @@ function add_function(arr, coll, guid, offline, socket) {
|
||||
//coll = filter.clean(coll);
|
||||
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
|
||||
if(adminpass != "" || msg.adminpass == undefined) {
|
||||
msg.adminpass = adminpass;
|
||||
msg.adminpass = Functions.hash_pass(adminpass);
|
||||
} else {
|
||||
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass), true));
|
||||
}
|
||||
if(userpass != "" || msg.pass == undefined) {
|
||||
msg.pass = userpass;
|
||||
} else if(msg.hasOwnProperty("pass")){
|
||||
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
|
||||
}
|
||||
|
||||
db.collection(coll + "_settings").find({id: "config"}, function(err, docs){
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) {
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == msg.pass))) {
|
||||
|
||||
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 6");
|
||||
|
||||
@@ -556,7 +573,7 @@ function add_function(arr, coll, guid, offline, socket) {
|
||||
del(msg, socket, socketid);
|
||||
} else {
|
||||
var id = msg.id;
|
||||
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass), true));
|
||||
var hash = msg.adminpass;
|
||||
if(docs !== null && docs.length !== 0 && ((docs[0].vote === true && (hash == docs[0].adminpass || docs[0].adminpass === "")) ||
|
||||
docs[0].vote === false)) {
|
||||
vote(coll, id, guid, socket);
|
||||
@@ -605,10 +622,16 @@ function add_function(arr, coll, guid, offline, socket) {
|
||||
//coll = filter.clean(coll);
|
||||
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
|
||||
if(adminpass != "" || msg.adminpass == undefined) {
|
||||
msg.adminpass = adminpass;
|
||||
msg.adminpass = Functions.hash_pass(adminpass);
|
||||
} else if(msg.adminpass != ""){
|
||||
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
|
||||
} else {
|
||||
msg.adminpass = "";
|
||||
}
|
||||
if(userpass != "" || msg.pass == undefined) {
|
||||
msg.pass = userpass;
|
||||
} else if(msg.hasOwnProperty("pass")) {
|
||||
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
|
||||
}
|
||||
db.collection("timeout_api").find({
|
||||
type: "shuffle",
|
||||
@@ -633,11 +656,10 @@ function add_function(arr, coll, guid, offline, socket) {
|
||||
},
|
||||
}, {upsert: true}, function(err, docs) {
|
||||
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 7");
|
||||
var hash;
|
||||
if(msg.adminpass === "") hash = msg.adminpass;
|
||||
else hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
|
||||
var hash = msg.adminpass;
|
||||
|
||||
db.collection(coll + "_settings").find(function(err, docs){
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) {
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == msg.pass))) {
|
||||
if(docs !== null && docs.length !== 0 && ((docs[0].adminpass == hash && docs[0].adminpass != "") || docs[0].shuffle === false))
|
||||
{
|
||||
db.collection(coll).find({now_playing:false}).forEach(function(err, docs){
|
||||
@@ -677,7 +699,7 @@ function add_function(arr, coll, guid, offline, socket) {
|
||||
|
||||
//coll = filter.clean(coll);
|
||||
db.collection(coll + "_settings").find(function(err, docs){
|
||||
if(docs !== null && docs.length !== 0 && docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(params.adminpass),true)))
|
||||
if(docs !== null && docs.length !== 0 && docs[0].adminpass == params.adminpass)
|
||||
{
|
||||
db.collection(coll).find({id:params.id}, function(err, docs){
|
||||
var dont_increment = false;
|
||||
@@ -727,13 +749,17 @@ function add_function(arr, coll, guid, offline, socket) {
|
||||
//coll = filter.clean(coll);
|
||||
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
|
||||
if(adminpass != "" || msg.adminpass == undefined) {
|
||||
msg.adminpass = adminpass;
|
||||
msg.adminpass = Functions.hash_pass(adminpass);
|
||||
} else if(msg.adminpass != "") {
|
||||
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
|
||||
}
|
||||
if(userpass != "" || msg.pass == undefined) {
|
||||
msg.pass = userpass;
|
||||
} else {
|
||||
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
|
||||
}
|
||||
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
|
||||
var hash_userpass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
|
||||
var hash = msg.adminpass;
|
||||
var hash_userpass = msg.pass;
|
||||
db.collection(coll + "_settings").find(function(err, conf) {
|
||||
if(conf.length == 1 && conf) {
|
||||
conf = conf[0];
|
||||
|
||||
@@ -45,7 +45,7 @@ function password(inp, coll, guid, offline, socket) {
|
||||
pw = Functions.hash_pass(Functions.decrypt_string(pw), true);
|
||||
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 8");
|
||||
Functions.getSessionAdminUser(sessionId, coll, function(userpass, adminpass) {
|
||||
|
||||
adminpass = Functions.hash_pass(adminpass);
|
||||
db.collection(coll + "_settings").find(function(err, docs){
|
||||
if(docs !== null && docs.length !== 0)
|
||||
{
|
||||
@@ -61,7 +61,7 @@ function password(inp, coll, guid, offline, socket) {
|
||||
socket.emit("pw", true);
|
||||
});
|
||||
});
|
||||
} else if(docs[0].adminpass === "" || docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass), true))) {
|
||||
} else if(docs[0].adminpass === "" || docs[0].adminpass == adminpass) {
|
||||
Functions.setSessionAdminPass(sessionId, inp.password, coll, function() {
|
||||
db.collection(coll + "_settings").update({ id: "config" }, {$set:{adminpass:Functions.hash_pass(pw)}}, function(err, docs){
|
||||
if(adminpass != pw) {
|
||||
@@ -117,7 +117,6 @@ function conf_function(params, coll, guid, offline, socket) {
|
||||
if(gotten) {
|
||||
params.adminpass = adminpass;
|
||||
if(!params.userpass_changed) params.userpass = userpass;
|
||||
|
||||
}
|
||||
if(!params.hasOwnProperty('voting') || !params.hasOwnProperty('addsongs') ||
|
||||
!params.hasOwnProperty('longsongs') || !params.hasOwnProperty('frontpage') ||
|
||||
@@ -191,14 +190,20 @@ function conf_function(params, coll, guid, offline, socket) {
|
||||
var description = "";
|
||||
var hash;
|
||||
if(params.description) description = params.description;
|
||||
if(adminpass !== "") {
|
||||
if(adminpass !== "" && !gotten) {
|
||||
hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass), true));
|
||||
} else if(adminpass !== "" && gotten) {
|
||||
hash = Functions.hash_pass(adminpass);
|
||||
} else {
|
||||
hash = adminpass;
|
||||
}
|
||||
if(userpass != "") {
|
||||
if(!params.userpass_changed && gotten) {
|
||||
|
||||
} else {
|
||||
userpass = crypto.createHash('sha256').update(userpass).digest("base64");
|
||||
}
|
||||
}
|
||||
db.collection(coll + "_settings").find({id: "config"}, function(err, docs){
|
||||
if(docs !== null && docs.length !== 0 && (docs[0].adminpass === "" || docs[0].adminpass == hash)) {
|
||||
var obj = {
|
||||
@@ -221,7 +226,7 @@ function conf_function(params, coll, guid, offline, socket) {
|
||||
db.collection(coll + "_settings").update({ id: "config" }, {
|
||||
$set:obj
|
||||
}, function(err, docs){
|
||||
Functions.setSessionUserPass(Functions.getSession(socket), params.userpass, coll, function() {
|
||||
Functions.setSessionUserPass(Functions.getSession(socket), crypto.createHash('sha256').update(Functions.decrypt_string(params.userpass)).digest('base64'), coll, function() {
|
||||
db.collection(coll + "_settings").find(function(err, docs){
|
||||
if(docs[0].adminpass !== "") docs[0].adminpass = true;
|
||||
if(docs[0].hasOwnProperty("userpass") && docs[0].userpass != "") docs[0].userpass = true;
|
||||
|
||||
@@ -30,20 +30,24 @@ function thumbnail(msg, coll, guid, offline, socket) {
|
||||
}
|
||||
//coll = coll.replace(/ /g,'');
|
||||
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
|
||||
if(userpass != "" || msg.userpass == undefined) {
|
||||
msg.userpass = userpass;
|
||||
if(userpass != "" || msg.pass == undefined) {
|
||||
msg.pass = userpass;
|
||||
} else if(msg.hasOwnProperty("pass")){
|
||||
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
|
||||
}
|
||||
if(adminpass != "" || msg.adminpass == undefined) {
|
||||
msg.adminpass = adminpass;
|
||||
msg.adminpass = Functions.hash_pass(adminpass);
|
||||
} else {
|
||||
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
|
||||
}
|
||||
if(msg.thumbnail != "") {
|
||||
msg.thumbnail = msg.thumbnail.replace(/^https?\:\/\//i, "");
|
||||
if(msg.thumbnail.substring(0,2) != "//") msg.thumbnail = "//" + msg.thumbnail;
|
||||
}
|
||||
var channel = msg.channel.toLowerCase();
|
||||
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
|
||||
var hash = msg.adminpass;
|
||||
db.collection(channel + "_settings").find({id: "config"}, function(err, docs){
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) {
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == msg.pass))) {
|
||||
if(docs !== null && docs.length !== 0 && docs[0].adminpass !== "" && docs[0].adminpass == hash){
|
||||
db.collection("suggested_thumbnails").update({channel: channel}, {$set:{thumbnail: msg.thumbnail}}, {upsert:true}, function(err, docs){
|
||||
Notifications.requested_change("thumbnail", msg.thumbnail, channel);
|
||||
@@ -86,16 +90,20 @@ function description(msg, coll, guid, offline, socket) {
|
||||
}
|
||||
//coll = coll.replace(/ /g,'');
|
||||
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
|
||||
if(userpass != "" || msg.userpass == undefined) {
|
||||
msg.userpass = userpass;
|
||||
if(userpass != "" || msg.pass == undefined) {
|
||||
msg.pass = userpass;
|
||||
} else if(msg.hasOwnProperty("pass")) {
|
||||
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
|
||||
}
|
||||
if(adminpass != "" || msg.adminpass == undefined) {
|
||||
msg.adminpass = adminpass;
|
||||
msg.adminpass = Functions.hash_pass(adminpass);
|
||||
} else {
|
||||
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass), true));
|
||||
}
|
||||
var channel = msg.channel.toLowerCase();
|
||||
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass), true));
|
||||
var hash = msg.adminpass;
|
||||
db.collection(channel + "_settings").find({id: "config"}, function(err, docs){
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) {
|
||||
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == msg.pass))) {
|
||||
if(docs !== null && docs.length !== 0 && docs[0].adminpass !== "" && docs[0].adminpass == hash){
|
||||
db.collection("suggested_descriptions").update({channel: channel}, {$set:{description: msg.description}}, {upsert:true}, function(err, docs){
|
||||
Notifications.requested_change("description", msg.description, channel);
|
||||
|
||||
@@ -1646,6 +1646,7 @@ function addDynamicListeners() {
|
||||
document.querySelector("#import") != document.activeElement &&
|
||||
document.querySelector("#find_input") != document.activeElement &&
|
||||
document.querySelector("#import_spotify") != document.activeElement &&
|
||||
document.querySelector("#import_zoff") != document.activeElement &&
|
||||
document.querySelector("#import_soundcloud") != document.activeElement) {
|
||||
if(chromecastAvailable) {
|
||||
event.preventDefault();
|
||||
|
||||
@@ -189,10 +189,10 @@ router.route('/api/list/:channel_name/:video_id').delete(function(req, res) {
|
||||
|
||||
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
|
||||
if(req.body.adminpass == "") {
|
||||
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex"));
|
||||
adminpass = Functions.hash_pass(_a);
|
||||
}
|
||||
if(req.body.userpass == "") {
|
||||
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
|
||||
userpass = _u;
|
||||
}
|
||||
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
|
||||
var authorized = false;
|
||||
@@ -344,10 +344,10 @@ router.route('/api/conf/:channel_name').put(function(req, res) {
|
||||
var cookie = req.cookies._uI;
|
||||
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
|
||||
if(req.body.adminpass == "") {
|
||||
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex"));
|
||||
adminpass = Functions.hash_pass(_a);
|
||||
}
|
||||
if(req.body.userpass == "") {
|
||||
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
|
||||
userpass = _u;
|
||||
}
|
||||
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
|
||||
var authorized = false;
|
||||
@@ -470,10 +470,10 @@ router.route('/api/list/:channel_name/:video_id').put(function(req,res) {
|
||||
var cookie = req.cookies._uI;
|
||||
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
|
||||
if(req.body.adminpass == "") {
|
||||
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex"));
|
||||
adminpass = Functions.hash_pass(_a);
|
||||
}
|
||||
if(req.body.userpass == "") {
|
||||
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
|
||||
userpass = _u;
|
||||
}
|
||||
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
|
||||
var authorized = false;
|
||||
@@ -703,10 +703,10 @@ router.route('/api/list/:channel_name/:video_id').post(function(req,res) {
|
||||
var cookie = req.cookies._uI;
|
||||
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
|
||||
if(req.body.adminpass == "") {
|
||||
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex"));
|
||||
adminpass = Functions.hash_pass(_a);
|
||||
}
|
||||
if(req.body.userpass == "") {
|
||||
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
|
||||
userpass = _u;
|
||||
}
|
||||
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
|
||||
var authorized = false;
|
||||
@@ -1102,7 +1102,7 @@ router.route('/api/list/:channel_name').post(function(req, res) {
|
||||
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
|
||||
if(req.body.userpass == "") {
|
||||
//userpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(_u)))
|
||||
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
|
||||
userpass = _u;
|
||||
}
|
||||
|
||||
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
|
||||
|
||||
Reference in New Issue
Block a user