Merge pull request #77 from lomereiter/fix_sql

SQL security fixes
author: zsloan 2015-06-29 10:37:20 -0500
committer: zsloan 2015-06-29 10:37:20 -0500
commit: b8152f98f0d9c2a1ec0d73145a4670153b60a307 (patch)
tree: f2e419a375b87a361c9288a9defd7bb46fade4b2 /wqflask/utility
parent: 1353414114b9595a1b207ae4da28e5e725edc550 (diff)
parent: a41f9323ea5b86be6d2139a927586630b222af68 (diff)
download: genenetwork2-b8152f98f0d9c2a1ec0d73145a4670153b60a307.tar.gz
1 files changed, 0 insertions, 16 deletions
diff --git a/wqflask/utility/webqtlUtil.py b/wqflask/utility/webqtlUtil.py
index 4d7981d9..4b3d0112 100755
--- a/wqflask/utility/webqtlUtil.py
+++ b/wqflask/utility/webqtlUtil.py
@@ -880,22 +880,6 @@ def cmpGenoPos(A,B):
     except:
         return 0
 
-#XZhou: Must use "BINARY" to enable case sensitive comparison.
-def authUser(name,password,db, encrypt=None):
-    try:
-        if encrypt:
-            query = 'SELECT privilege, id,name,password, grpName FROM User WHERE name= BINARY \'%s\' and password= BINARY \'%s\'' % (name,password)
-        else:
-            query = 'SELECT privilege, id,name,password, grpName FROM User WHERE name= BINARY \'%s\' and password= BINARY SHA(\'%s\')' % (name,password)
-        db.execute(query)
-        records = db.fetchone()
-        if not records:
-            raise ValueError
-        return records#(privilege,id,name,password,grpName)
-    except:
-        return (None, None, None, None, None)
-
-
 def hasAccessToConfidentialPhenotypeTrait(privilege, userName, authorized_users):
     access_to_confidential_phenotype_trait = 0
     if webqtlConfig.USERDICT[privilege] > webqtlConfig.USERDICT['user']:
author	zsloan	2015-06-29 10:37:20 -0500
committer	zsloan	2015-06-29 10:37:20 -0500
commit	b8152f98f0d9c2a1ec0d73145a4670153b60a307 (patch)
tree	f2e419a375b87a361c9288a9defd7bb46fade4b2 /wqflask/utility
parent	1353414114b9595a1b207ae4da28e5e725edc550 (diff)
parent	a41f9323ea5b86be6d2139a927586630b222af68 (diff)
download	genenetwork2-b8152f98f0d9c2a1ec0d73145a4670153b60a307.tar.gz