From: konekoneko <jbh03215@hotmail.co.jp>
Date: Thu, 22 Nov 2012 13:30:56 +0000 (+0900)
Subject: md5でパスワードを暗号化するようにした
X-Git-Url: http://git.osdn.jp/view?a=commitdiff_plain;h=f319482c5c7ce11832a35e9089ec0a13ff42d1d4;p=webchat%2FWebChat.git

md5でパスワードを暗号化するようにした
---

diff --git a/init.sql b/init.sql
index 6befa87..058468c 100644
--- a/init.sql
+++ b/init.sql
@@ -15,7 +15,7 @@ CREATE TABLE list(
 	weight SMALLINT  UNSIGNED DEFAULT 0,
 	gender VARCHAR(8),
 	race VARCHAR(64),
-	password VARCHAR(16),
+	password VARCHAR(32),
 	etc TEXT,
 	PRIMARY KEY(name_hash));
 
diff --git a/profile.js b/profile.js
index 699d9f8..15547b3 100644
--- a/profile.js
+++ b/profile.js
@@ -207,8 +207,11 @@ function edit_postproc(req, res)
 	}else if(typeof(req.body.edit) != "undefined"){
 		async.waterfall([
 			function(cb){
-				collection.UpdatAsync(req.body.name,req.body,cb);
-			}
+				if(req.body.updatepw == false)
+					collection.UpdatAsync(req.body.name,req.body,null,cb);
+				else
+					collection.UpdatAsync(req.body.name,req.body,req.body.password,cb);
+			},
 		],function(err,result){
 			if(err != null)
 				RenderMessage(res,err,req.session.items);
@@ -279,7 +282,7 @@ function ProfileCollection()
 				pool.query("SELECT * FROM list WHERE name_hash = ? and name = ?",[murmurhash.v3(name),name],next);
 			},
 			function(result,next){
-				if(result[0].password == password)
+				if(result[0].password == md5_hex(password))
 					next(null,true);
 				else
 					next(null,false);
@@ -298,13 +301,13 @@ function ProfileCollection()
 			height:data.height,
 			weight:data.weight,
 			race:data.race,
-			password:data.password,
+			password:md5_hex(data.password),
 			lastmodified:new Date(),
 			etc:data.etc
 		};
 		pool.query("INSERT INTO list SET ?",[item],cb);
 	}
-	this.UpdatAsync = function(name,data,cb){
+	this.UpdatAsync = function(name,data,newpassword,cb){
 		var item = {
 			name_hash:murmurhash.v3(data.name),
 			name:data.name,
@@ -313,10 +316,11 @@ function ProfileCollection()
 			height:data.height,
 			weight:data.weight,
 			race:data.race,
-			password:data.password,
 			lastmodified:new Date(),
 			etc:data.etc
 		};
+		if(newpassword != null)
+			item.password = md5_hex(newpassword);
 		pool.query("UPDATE list SET ? WHERE name = ?",[item,name],cb);
 	}
 	this.ClearAsync = function(cb){
@@ -334,5 +338,13 @@ function ProfileCollection()
 	this.ToArrayAsync = function(start,count,cb){
 		pool.query("SELECT name,age,lastmodified FROM list LIMIT ?,?",[start,count],cb);
 	}
+
+	var crypto = require("crypto");
+	function md5_hex(src)
+	{
+		var md5 = crypto.createHash('md5');
+		md5.update(src, 'utf8');
+	return md5.digest('hex');
+	}
 }
 
diff --git a/public/profile/edit.ejs b/public/profile/edit.ejs
index bddf594..cf4a4f0 100644
--- a/public/profile/edit.ejs
+++ b/public/profile/edit.ejs
@@ -20,7 +20,10 @@
 			</tr>
 			<tr>
 				<td>ãã¹ã¯ã¼ã</td>
-				<td><input type="text" value="<%=list[0].password %>" name="password"/></td>
+				<td>
+					<input type="text" value="" name="password"/><br/>
+					<input type="checkbox" name="updatepw" value="true">ãã¹ã¯ã¼ããæ´æ°ãã</input>
+				</td>
 			</tr>
 			<tr>
 				<td>å¹´é½¢</td>
