Merge pull request #126 from AttorneyOnline/password-changing

Add /changepass

include/aoclient.h

@@ -787,6 +787,16 @@ class AOClient : public QObject {
      */
     void cmdLogout(int argc, QStringList argv);
 
+    /**
+     * @brief Changes a moderator's password.
+     *
+     * @details If it is called with **one argument**, that argument is the **new password** to change to.
+     *
+     * If it is called with **two arguments**, the first argument is the **new password** to change to,
+     * and the second argument is the **username** of the moderator to change the password of.
+     */
+    void cmdChangePassword(int argc, QStringList argv);
+
     ///@}
 
     /**
@@ -2019,6 +2029,7 @@ class AOClient : public QObject {
         {"kickuid",            {ACLFlags.value("KICK"),         2, &AOClient::cmdKickUid}},
         {"kick_uid",           {ACLFlags.value("KICK"),         2, &AOClient::cmdKickUid}},
         {"firstperson",        {ACLFlags.value("NONE"),         0, &AOClient::cmdFirstPerson}},
+        {"changepass",         {ACLFlags.value("NONE"),         1, &AOClient::cmdChangePassword}},
     };
 
     /**

include/db_manager.h

@@ -252,6 +252,17 @@ public:
      */
     QList<BanInfo> getBanInfo(QString lookup_type, QString id);
 
+    /**
+     * @brief Updates the password of the given user.
+     *
+     * @param username The username to change.
+     *
+     * @param password The new password to change to.
+     *
+     * @return True if the password change was successful.
+     */
+    bool updatePassword(QString username, QString password);
+
 private:
     /**
      * @brief The name of the database connection driver.

src/commands/authentication.cpp

@@ -232,3 +232,33 @@ void AOClient::cmdLogout(int argc, QStringList argv)
     moderator_name = "";
     sendPacket("AUTH", {"-1"}); // Client: "You were logged out."
 }
+
+void AOClient::cmdChangePassword(int argc, QStringList argv)
+{
+    QString username;
+    QString password;
+    if (argc == 1) {
+        if (moderator_name.isEmpty()) {
+            sendServerMessage("You are not logged in.");
+            return;
+        }
+        username = moderator_name;
+        password = argv[0];
+    }
+    else if (argc == 2 && checkAuth(ACLFlags.value("SUPER"))) {
+        username = argv[0];
+        password = argv[1];
+    }
+    else {
+        sendServerMessage("Invalid command syntax.");
+        return;
+    }
+
+    if (server->db_manager->updatePassword(username, password)) {
+        sendServerMessage("Successfully changed password.");
+    }
+    else {
+        sendServerMessage("There was an error changing the password.");
+        return;
+    }
+}

src/db_manager.cpp

@@ -368,6 +368,34 @@ QList<DBManager::BanInfo> DBManager::getBanInfo(QString lookup_type, QString id)
     return return_list;
 }
 
+bool DBManager::updatePassword(QString username, QString password)
+{
+    QString salt;
+    QSqlQuery salt_check;
+    salt_check.prepare("SELECT SALT FROM users WHERE USERNAME = ?");
+    salt_check.addBindValue(username);
+    salt_check.exec();
+
+    if (!salt_check.first())
+        return false;
+    else
+        salt = salt_check.value(0).toString();
+
+    QSqlQuery query;
+
+    QString salted_password;
+    QMessageAuthenticationCode hmac(QCryptographicHash::Sha256);
+    hmac.setKey(salt.toUtf8());
+    hmac.addData(password.toUtf8());
+    salted_password = hmac.result().toHex();
+
+    query.prepare("UPDATE users SET PASSWORD = ? WHERE USERNAME = ?");
+    query.addBindValue(salted_password);
+    query.addBindValue(username);
+    query.exec();
+    return true;
+}
+
 int DBManager::checkVersion()
 {
     QSqlQuery query;