I am trying to authenticate over a MySQL DB via socketIO. I have established the connection and can query results without an issue, but for some reason I cannot pass whether or not the user is authenticated into the connection
part of socketio. The idea is my app has hosts and viewers. If connecting to the app without sending a password in the QueryString
the app assumes its a viewer and accepts connection. If a password is sent, it is checked against the DB and accepts/rejects the connection. I want a variable to pass into the connection
so I can use it inside of my apps events. Here's what I have so far but apparently the data.query['ishost']
isn't passing into the app.
sio.configure(function() {
sio.set('authorization', function (data, accept) {
UserID = data.query['username'];
try {
UserID = UserID.toLowerCase();
} catch(err) {
return accept("No WebBot Specified. ("+err+")", false);
}
// if not sending a password, skip authorization and connect as a viewer
if (data.query['password'] === 'undefined')
{
return accept(null, true);
}
// if sending a password, attempt authorization and connect as a host
else
{
client.query(
'SELECT * FROM web_users WHERE username = "'+UserID+'" LIMIT 1',
function selectCb(err, results, fields) {
if (err) {
throw err;
}
// Found match, hash password and check against DB
if (results.length != 0)
{
// Passwords match, authenticate.
if (hex_md5(data.query['password']) == results[0]['password'])
{
data.query['ishost'] = true;
accept(null, true);
}
// Passwords don't match, do not authenticate
else
{
data.query['ishost'] = false;
return accept("Invalid Password", false);
}
}
// No match found, add to DB then authenticate
else
{
client.query(
'INSERT INTO web_users (username, password) VALUES ("'+UserID+'", "'+hex_md5(data.query['password'])+'")', null);
data.query['ishost'] = "1";
accept(null, true);
}
client.end();
}
);
// Should never reach this
return accept("Hacking Attempt", false);
}
// Definitely should never reach this
return accept("Hacking Attempt", false);
});
});
Writing to the data.query
makes it accessible through handshakeData. But for some reason its not passing it through the app. Any help is appreciated, thank you.