From 92d62685fcc30f05dc01457f9dca526e7e3375c3 Mon Sep 17 00:00:00 2001 From: Mystikfluu Date: Sat, 4 Jun 2022 13:17:35 +0200 Subject: [PATCH] you know what un-base64's your website --- js/posts.js | 2 +- js/user.js | 2 +- server.js | 28 +++++++++++++--------------- 3 files changed, 15 insertions(+), 17 deletions(-) diff --git a/js/posts.js b/js/posts.js index e8c3661..87efe74 100644 --- a/js/posts.js +++ b/js/posts.js @@ -132,7 +132,7 @@ async function main(){ if(!last_10_posts)return; document.getElementById("posts").innerHTML = "" last_10_posts.forEach((item, i) => { - createPost(decodeURIComponent(atob(item.post_user_name)),decodeURIComponent(atob(item.post_text)),item.post_time,item.post_special_text,item.post_id) + createPost(decodeURIComponent(item.post_user_name),decodeURIComponent(item.post_text),item.post_time,item.post_special_text,item.post_id) }); let links = document.getElementsByClassName("insertedlink") diff --git a/js/user.js b/js/user.js index b9559f9..4ea199f 100644 --- a/js/user.js +++ b/js/user.js @@ -8,7 +8,7 @@ async function setuser() { if(user["error"])bio=user["error"]; if(!bio)bio="wow such empty" document.getElementById("user").innerText = `User: ${username}`; - document.getElementById("bio").placeholder = decodeURIComponent(atob(bio)); + document.getElementById("bio").placeholder = decodeURIComponent(bio); } diff --git a/server.js b/server.js index 2409310..29c245f 100644 --- a/server.js +++ b/server.js @@ -269,12 +269,11 @@ router.use("/api/*",async function(req,res,next) { let sql = `select User_Name,User_Bio from zerotwohub.users where User_Name=? and User_PW=?;` let values = unsigned.split(" ") values[1] = SHA256(values[1],values[0],HASHES_DIFF) - values[0] = b64(values[0]) res.locals.bio = "" con.query(sql, values, function (err, result) { if (err) throw err; if(result[0] && result[0].User_Name && result[0].User_Name == values[0]) { - res.locals.username = atob(values[0]); + res.locals.username = values[0]; res.locals.bio = result[0].User_Bio || "" next() } else { @@ -295,7 +294,6 @@ router.get("/api/getalluserinformation",async function(req,res) { let sql = `select * from zerotwohub.users where User_Name=? and User_PW=?;` let values = unsigned.split(" ") values[1] = SHA256(values[1],values[0],HASHES_DIFF) - values[0] = b64(values[0]) con.query(sql, values, function (err, result) { if (err) throw err; if(result[0] && result[0].User_Name && result[0].User_Name == values[0]) { @@ -310,13 +308,13 @@ router.get("/api/getalluserinformation",async function(req,res) { router.get("/api/getotheruser",async function(req,res) { //already counted due to the /api/* handler - let username = b64(req.query.user) + let username = req.query.user let sql = `select User_Name,User_Bio from zerotwohub.users where User_Name=?;` con.query(sql, [username], function (err, result) { if (err) throw err; if(result[0] && result[0].User_Name && result[0].User_Name == username) { - res.json({"username":atob(username),"bio":atob(result[0].User_Bio)}) + res.json({"username":username,"bio":result[0].User_Bio}) } else { res.json({"error":"there is no such user!"}) } @@ -324,14 +322,14 @@ router.get("/api/getotheruser",async function(req,res) { }) router.post("/api/post", async function(req,res) { - req.body.message = b64(encodeURIComponent(req.body.message.trim())) + req.body.message = encodeURIComponent(req.body.message.trim()) if(!req.body.message) { res.json({"error":"no message to post"}) return } let sql = `insert into zerotwohub.posts (post_user_name,post_text,post_time) values (?,?,?);` - let values = [b64(encodeURIComponent(res.locals.username)),req.body.message,Date.now()] + let values = [encodeURIComponent(res.locals.username),req.body.message,Date.now()] con.query(sql, values, function (err, result) { if (err) throw err; @@ -375,7 +373,7 @@ router.post("/api/setBio", async function(req,res) { return } let sql = `update zerotwohub.users set User_Bio=? where User_Name=?` - con.query(sql, [b64(encodeURIComponent(bio)),b64(encodeURIComponent(res.locals.username))], function (err, result) { + con.query(sql, [encodeURIComponent(bio),encodeURIComponent(res.locals.username)], function (err, result) { if (err) throw err; res.json({"success":"updated bio"}) }); @@ -392,12 +390,12 @@ router.post("/api/changePW", async function(req,res) { let hashed_new_pw = SHA256(req.body.newPW,res.locals.username,HASHES_DB) let sql = `select * from zerotwohub.users where User_Name=? and User_PW=?;` - let values = [b64(res.locals.username),hashed_pw] + let values = [res.locals.username,hashed_pw] con.query(sql, values, function (err, result) { if (err) throw err; if(result[0] && result[0].User_Name && result[0].User_Name == res.locals.username) { let sql = `update zerotwohub.users set User_PW=? where User_Name=? and User_PW=?;` - let values = [hashed_new_pw,b64(res.locals.username),hashed_pw] + let values = [hashed_new_pw,res.locals.username,hashed_pw] con.query(sql, values, function (err, result) { if (err) throw err; let ip = req.socket.remoteAddress @@ -506,7 +504,7 @@ router.post("/register",async function(req,res) { return } let userexistssql = `SELECT User_Name from zerotwohub.users where User_Name = ?` - con.query(userexistssql,[b64(encodeURIComponent(username))],function(error,result) { + con.query(userexistssql,[encodeURIComponent(username)],function(error,result) { if(result && result[0] && result[0].User_Name) { res.status(400) res.redirect("/register?success=false&reason=already_exists") @@ -517,7 +515,7 @@ router.post("/register",async function(req,res) { let setTo = username + " " + SHA256(password,username,HASHES_COOKIE) let cookiesigned = signature.sign(setTo, cookiesecret+ip); ip = SHA256(ip,setTo,HASHES_DB) - let values = [b64(encodeURIComponent(username)),hashed_pw, Date.now(), ip, ip] + let values = [encodeURIComponent(username),hashed_pw, Date.now(), ip, ip] let sql = `INSERT INTO zerotwohub.users (User_Name, User_PW, User_CreationStamp, User_CreationIP, User_LastIP) VALUES (?, ?, ?, ? ,?);` con.query(sql, values, function (err, result) { if (err) throw err; @@ -568,8 +566,8 @@ router.post("/login",async function(req,res) { let hashed_pw = SHA256(password,username,HASHES_DB) let userexistssql = `SELECT User_Name,User_PW,User_LastIP from zerotwohub.users where User_Name = ? and User_PW = ?;` - con.query(userexistssql,[b64(encodeURIComponent(username)),hashed_pw],function(error,result) { - if(result && result[0] && result[0].User_Name && result[0].User_Name==b64(encodeURIComponent(username)) && result[0].User_PW && result[0].User_PW == hashed_pw) { + con.query(userexistssql,[encodeURIComponent(username),hashed_pw],function(error,result) { + if(result && result[0] && result[0].User_Name && result[0].User_Name==encodeURIComponent(username) && result[0].User_PW && result[0].User_PW == hashed_pw) { let ip = req.socket.remoteAddress let setTo = username + " " + SHA256(password,username,HASHES_COOKIE) let cookiesigned = signature.sign(setTo, cookiesecret+ip); @@ -580,7 +578,7 @@ router.post("/login",async function(req,res) { if(result[0].User_LastIP != ip) { let sql = `update zerotwohub.users set User_LastIP = ? where User_Name = ?;` - con.query(sql,[ip,b64(encodeURIComponent(username))],function(error,result) { + con.query(sql,[ip,encodeURIComponent(username)],function(error,result) { if(error)throw error }) }