hello,
I've been having problems using the xdb_sql module.
It looks like the problem is within the XML parser code of the jabber
server.
When the jabber server is started, it reads the xdb_sql XML configuration,
which has a few text elements like the following:
<text>
DELETE FROM users WHERE username = '$$user$$'
</text>
When the xdb_sql module attempts to get the element node data, it makes
a call to xmlnode_get_data() which returns an empty string with a new line
character.
The xdb_sql module is expecting the following string to be returned:
"DELETE FROM users WHERE username = '$$user$$'"
I had to change the text of the XML configuration to the following to make
it work.
<text>DELETE FROM users WHERE username = '$$user$$'</text>
This may be the correct behaviour, as the first element may be incorrectly
formatted XML?
The next problem is related to the XML parser code too.
When the xdb_sql is parsing the following XML segment,
<!-- Authentication set query for new user -->
<querydef name="auth0k-set">
<text>INSERT INTO users0k (username, hash, token, sequence) VALUES
('$$username$$', '$$hash$$', '$$token$$', '$$sequence$$')</text>
<bindvar name="user">$$username$$</bindvar>
<bindvar name="hash">$$hash$$</bindvar>
<bindvar name="token">$$token$$</bindvar>
<bindvar name="sequence">$$sequence$$</bindvar>
</querydef>
It tries to read the data for the bindvar elements. It should read four
strings,
$$username$$, $$hash$$, $$token$$ and $$sequence$$.
However, what it actually reads is:
$$username$$, $$ha, $$token$$ and $$sequence$$
Where the $$hash$$ text has not been read in completely.
This causes the xdb_sql module to replace the $$ha in the SQL command with
the hash value
BUT leaves the sh$$ on the end, thus storing an invalid hash value in the
database,
and this in turn does not allow the user to log back in again cause
authentication fails.
I replaced $$username$$ with $$user$$ and it worked - but that's just
bizarre.
Has anyone else noticed this?
My setup is:
jabber server 1.4.1
xdb_sql version 1.2
platform: Sun solaris 2.7
compiler: gcc version 2.95.2
This e-mail and any attachment is for authorised use by the intended recipient(s)
only. It may contain proprietary material, confidential information and/or be subject
to legal privilege. It should not be copied, disclosed to, retained or used by, any
other party. If you are not an intended recipient then please promptly delete this
e-mail and any attachment and all copies and inform the sender. Thank you.
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mailman.jabber.org/listinfo/jdev
