From 30aea4ec8cfee1ffc8786955ecb012ef73a68b73 Mon Sep 17 00:00:00 2001 From: eric Date: Sat, 19 Jun 2004 20:19:42 +0000 Subject: started working on the login --- support/schema/aur-schema.sql | 5 +- web/html/index.php | 104 ++++++++++++++++++++++++++++++++++++++++-- web/html/timeout.php | 13 ++++++ web/lang/index_po.inc | 65 ++++++++++++++++++++++++++ web/lang/timeout_po.inc | 24 ++++++++++ web/lib/aur.inc | 80 +++++++++++++++++++++++++++++++- 6 files changed, 285 insertions(+), 6 deletions(-) create mode 100644 web/html/timeout.php create mode 100644 web/lang/timeout_po.inc diff --git a/support/schema/aur-schema.sql b/support/schema/aur-schema.sql index 662552f..ab00845 100644 --- a/support/schema/aur-schema.sql +++ b/support/schema/aur-schema.sql @@ -20,7 +20,7 @@ INSERT INTO AccountTypes (ID, AccountType) VALUES (3, 'Developer'); -- CREATE TABLE Users ( ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, - AccountTypeID TINYINT UNSIGNED NOT NULL DEFAULT 1, + AccountTypeID TINYINT UNSIGNED NOT NULL DEFAULT 1, Suspended TINYINT UNSIGNED NOT NULL DEFAULT 0, Email CHAR(64) NOT NULL, Passwd CHAR(32) NOT NULL, @@ -46,7 +46,8 @@ CREATE TABLE Sessions ( UsersID INTEGER UNSIGNED NOT NULL, SessionID CHAR(32) NOT NULL, LastUpdateTS BIGINT UNSIGNED NOT NULL, - FOREIGN KEY (UsersID) REFERENCES Users(ID) + FOREIGN KEY (UsersID) REFERENCES Users(ID), + UNIQUE (SessionID) ); diff --git a/web/html/index.php b/web/html/index.php index 8038992..3bda551 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -2,12 +2,110 @@ include("index_po.inc"); include("aur.inc"); set_lang(); +check_sid(); + +# Need to do the authentication prior to sending HTML +# +$login_error = ""; +if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { + # Attempting to log in + # + if (!isset($_REQUEST['user'])) { + $login_error = __("You must supply a username."); + } + if (!isset($_REQUEST['pass'])) { + $login_error = __("You must supply a password."); + } + if (!$login_error) { + # Try and authenticate the user + # + $dbh = db_connect(); + $q = "SELECT ID, Suspended FROM Users "; + $q.= "WHERE Email = '" . mysql_escape_string($_REQUEST["user"]) . "' "; + $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'"; + $result = mysql_query($q, $dbh); + if (!$result) { + $login_error = __("Incorrect password for username %s.", + array($_REQUEST["user"])); + } + $row = mysql_fetch_row($result); + if ($row[1]) { + $login_error = __("Your account has been suspended."); + } + + if (!$login_error) { + # Account looks good. Generate a SID and store it. + # + $logged_in = 0; + $num_tries = 0; + while (!$logged_in && $num_tries < 5) { + $new_sid = new_sid(); + $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) "; + $q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())"; + $result = mysql_query($q, $dbh); + # Query will fail if $new_sid is not unique + # + if ($result) { + $logged_in = 1; + break; + } + $num_tries++; + } + if ($logged_in) { + # set our SID cookie + # + setcookie("AURSID", $new_sid, 0, "/"); + header("Location: /index.php"); + } else { + $login_error = __("Error trying to generate session id."); + } + } + } +} + +# Any cookies have been sent, can now display HTML +# html_header(); +print "\n"; +print "\n"; +print " "; +print " "; +print "\n"; +print "
"; +print __("This is where the intro text will go."); +print __("For now, it's just a place holder."); +print __("It's more important to get the login functionality finished."); +print __("After that, this can be filled in with more meaningful text."); +print " "; +if (!isset($_COOKIE["AURSID"])) { + # the user is not logged in, give them login widgets + # + print "
\n"; + if ($login_error) { + print $login_error . "
\n"; + } + print "\n"; + print "\n"; + print ""; + print ""; + print "\n"; + print "\n"; + print ""; + print ""; + print "\n"; + print "\n"; + print ""; + print "\n"; + print "
".__("Username:")."
".__("Password:")."
 
"; + print "
\n"; + print "
\n"; -#$dbh = db_connect(); -print "Connected...
\n"; -print "My LANG is: " . $LANG . "
\n"; +} else { + print __("Currently logged in as: %h%s%h", + array("", username_from_sid($_COOKIE["AURSID"]), "")); +} +print "
\n"; html_footer("\$Id$"); diff --git a/web/html/timeout.php b/web/html/timeout.php new file mode 100644 index 0000000..6a543c5 --- /dev/null +++ b/web/html/timeout.php @@ -0,0 +1,13 @@ +\n"; +print __("Click on the Home link above to log in."); +print "

\n"; + +html_footer("\$Id$"); +?> diff --git a/web/lang/index_po.inc b/web/lang/index_po.inc index 0b5d1bc..e5bfe70 100644 --- a/web/lang/index_po.inc +++ b/web/lang/index_po.inc @@ -16,4 +16,69 @@ $_t["en"]["Hi, this is worth reading!"] = "Hi, this is worth reading!"; # $_t["fr"]["Hi, this is worth reading!"] = "--> Traduction française ici. <--"; # $_t["de"]["Hi, this is worth reading!"] = "--> Deutsche Übersetzung hier. <--"; +$_t["en"]["You must supply a password."] = "You must supply a password."; +# $_t["es"]["You must supply a password."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["You must supply a password."] = "--> Traduction française ici. <--"; +# $_t["de"]["You must supply a password."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["You must supply a username."] = "You must supply a username."; +# $_t["es"]["You must supply a username."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["You must supply a username."] = "--> Traduction française ici. <--"; +# $_t["de"]["You must supply a username."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Incorrect password for username %s."] = "Incorrect password for username %s."; +# $_t["es"]["Incorrect password for username %s."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Incorrect password for username %s."] = "--> Traduction française ici. <--"; +# $_t["de"]["Incorrect password for username %s."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["After that, this can be filled in with more meaningful text."] = "After that, this can be filled in with more meaningful text."; +# $_t["es"]["After that, this can be filled in with more meaningful text."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["After that, this can be filled in with more meaningful text."] = "--> Traduction française ici. <--"; +# $_t["de"]["After that, this can be filled in with more meaningful text."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Your account has been suspended."] = "Your account has been suspended."; +# $_t["es"]["Your account has been suspended."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Your account has been suspended."] = "--> Traduction française ici. <--"; +# $_t["de"]["Your account has been suspended."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Password:"] = "Password:"; +# $_t["es"]["Password:"] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Password:"] = "--> Traduction française ici. <--"; +# $_t["de"]["Password:"] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Username:"] = "Username:"; +# $_t["es"]["Username:"] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Username:"] = "--> Traduction française ici. <--"; +# $_t["de"]["Username:"] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["It's more important to get the login functionality finished."] = "It's more important to get the login functionality finished."; +# $_t["es"]["It's more important to get the login functionality finished."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["It's more important to get the login functionality finished."] = "--> Traduction française ici. <--"; +# $_t["de"]["It's more important to get the login functionality finished."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Currently logged in as: %h%s%h"] = "Currently logged in as: %h%s%h"; +# $_t["es"]["Currently logged in as: %h%s%h"] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Currently logged in as: %h%s%h"] = "--> Traduction française ici. <--"; +# $_t["de"]["Currently logged in as: %h%s%h"] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["For now, it's just a place holder."] = "For now, it's just a place holder."; +# $_t["es"]["For now, it's just a place holder."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["For now, it's just a place holder."] = "--> Traduction française ici. <--"; +# $_t["de"]["For now, it's just a place holder."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["This is where the intro text will go."] = "This is where the intro text will go."; +# $_t["es"]["This is where the intro text will go."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["This is where the intro text will go."] = "--> Traduction française ici. <--"; +# $_t["de"]["This is where the intro text will go."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Error trying to generate session id."] = "Error trying to generate session id."; +# $_t["es"]["Error trying to generate session id."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Error trying to generate session id."] = "--> Traduction française ici. <--"; +# $_t["de"]["Error trying to generate session id."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Login"] = "Login"; +# $_t["es"]["Login"] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Login"] = "--> Traduction française ici. <--"; +# $_t["de"]["Login"] = "--> Deutsche Übersetzung hier. <--"; + ?> \ No newline at end of file diff --git a/web/lang/timeout_po.inc b/web/lang/timeout_po.inc new file mode 100644 index 0000000..09748d9 --- /dev/null +++ b/web/lang/timeout_po.inc @@ -0,0 +1,24 @@ + Traducción española aquí. <--"; +# $_t["fr"]["Click on the Home link above to log in."] = "--> Traduction française ici. <--"; +# $_t["de"]["Click on the Home link above to log in."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Your session has timed out. You must log in again."] = "Your session has timed out. You must log in again."; +# $_t["es"]["Your session has timed out. You must log in again."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Your session has timed out. You must log in again."] = "--> Traduction française ici. <--"; +# $_t["de"]["Your session has timed out. You must log in again."] = "--> Deutsche Übersetzung hier. <--"; + +?> \ No newline at end of file diff --git a/web/lib/aur.inc b/web/lib/aur.inc index d809ace..a333576 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -11,6 +11,84 @@ $SUPPORTED_LANGS = array( "fr" => 1, # Français ); +# see if the visitor is already logged in +# +function check_sid() { + global $_COOKIE; + + if (isset($_COOKIE["AURSID"])) { + $failed = 0; + # the visitor is logged in, try and update the session + # + $dbh = db_connect(); + $q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions "; + $q.= "WHERE SessionID = '" . mysql_escape_string($_COOKIE["AURSID"]) . "'"; + $result = mysql_query($q, $dbh); + if (!$result) { + $failed = 1; + } else { + if ($row[0] + 10 >= $row[1]) { + $failed = 1; + } + } + if ($failed) { + # visitor's session id either doesn't exist, or the timeout + # was reached and they must login again, send them back to + # the main page where they can log in again. + # + $q = "DELETE FROM Sessions WHERE SessionID = '"; + $q.= mysql_escape_string($_COOKIE["AURSID"]) . "'"; + mysql_query($q, $dbh); + + setcookie("AURSID", "", time() - (60*60*24*30), "/"); + header("Location: /timeout.php"); + } + } + + return; +} + +# a new seed value for mt_srand() +# +function make_seed() { + list($usec, $sec) = explode(' ', microtime()); + return (float) $sec + ((float) $usec * 10000); +} + +# generate a (hopefully) unique session id +# +function new_sid() { + mt_srand(make_seed()); + $ts = time(); + $pid = getmypid(); + + $rand_num = mt_rand(); + mt_srand(make_seed()); + $rand_str = substr(md5(mt_rand()),2, 20); + + $id = $rand_str . strtolower(md5($ts.$pid)) . $rand_num; + return strtoupper(md5($id)); +} + +# obtain the username if given their current SID +# +function username_from_sid($sid="") { + if (!$sid) { + return ""; + } + $dbh = db_connect(); + $q = "SELECT Email "; + $q.= "FROM Users, Sessions "; + $q.= "WHERE Users.ID = Sessions.UsersID "; + $q.= "AND SessionID = '" . mysql_escape_string($sid) . "'"; + $result = mysql_query($q, $dbh); + if (!$result) { + return ""; + } + $row = mysql_fetch_row($result); + + return $row[0]; +} # connect to the database # @@ -155,7 +233,7 @@ function html_footer($ver="") { print "\n"; print "

\n"; if ($ver) { - print "\n"; + print "
\n"; print "\n"; print "
".$ver."
\n"; } -- cgit v1.2.3-70-g09d2