From d28f3b35855c8f8de0be9589334004b30d1ac394 Mon Sep 17 00:00:00 2001
From: Wilmer van der Gaast <wilmer@gaast.net>
Date: Mon, 19 Jun 2006 01:07:28 +0200
Subject: Now saving the password's md5sum instead of the plaintext version.

---
 storage_xml.c | 36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)

(limited to 'storage_xml.c')

diff --git a/storage_xml.c b/storage_xml.c
index 5eda46cc..12afe472 100644
--- a/storage_xml.c
+++ b/storage_xml.c
@@ -25,6 +25,7 @@
 
 #define BITLBEE_CORE
 #include "bitlbee.h"
+#include "md5.h"
 
 typedef enum
 {
@@ -80,16 +81,35 @@ static void xml_start_element( GMarkupParseContext *ctx, const gchar *element_na
 			g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
 			             "Missing attributes for %s element", element_name );
 		}
-		else if( strcmp( nick, xd->given_nick ) == 0 &&
-		         strcmp( pass, xd->given_pass ) == 0 )
-		{
-			if( xd->pass_st != XML_PASS_CHECK_ONLY )
-				xd->pass_st = XML_PASS_OK;
-		}
 		else
 		{
-			g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
-			             XML_PASS_ERRORMSG );
+			md5_byte_t pass_md5[16];
+			md5_state_t md5_state;
+			int pass_match, i, j;
+			
+			md5_init( &md5_state );
+			md5_append( &md5_state, xd->given_pass, strlen( xd->given_pass ) );
+			md5_finish( &md5_state, pass_md5 );
+			
+			for( i = 0; i < 16 && pass[i*2] && pass[i*2+1]; i ++ )
+			{
+				sscanf( pass + i * 2, "%2x", &j );
+				if( j != pass_md5[i] )
+					break;
+			}
+			/* If we reached the end of the loop, it was a match! */
+			pass_match = i == 16;
+			
+			if( strcmp( nick, xd->given_nick ) == 0 && pass_match )
+			{
+				if( xd->pass_st != XML_PASS_CHECK_ONLY )
+					xd->pass_st = XML_PASS_OK;
+			}
+			else
+			{
+				g_set_error( error, G_MARKUP_ERROR, G_MARKUP_ERROR_INVALID_CONTENT,
+				             XML_PASS_ERRORMSG );
+			}
 		}
 	}
 	else if( xd->pass_st < XML_PASS_OK )
-- 
cgit v1.2.3