started working on the login

support/schema/aur-schema.sql

@@ -20,7 +20,7 @@ INSERT INTO AccountTypes (ID, AccountType) VALUES (3, 'Developer');
 --
 CREATE TABLE Users (
 	ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT,
-  AccountTypeID TINYINT UNSIGNED NOT NULL DEFAULT 1,
+	AccountTypeID TINYINT UNSIGNED NOT NULL DEFAULT 1,
 	Suspended TINYINT UNSIGNED NOT NULL DEFAULT 0,
 	Email CHAR(64) NOT NULL,
 	Passwd CHAR(32) NOT NULL,
@@ -46,7 +46,8 @@ CREATE TABLE Sessions (
 	UsersID INTEGER UNSIGNED NOT NULL,
 	SessionID CHAR(32) NOT NULL,
 	LastUpdateTS BIGINT UNSIGNED NOT NULL,
-	FOREIGN KEY (UsersID) REFERENCES Users(ID)
+	FOREIGN KEY (UsersID) REFERENCES Users(ID),
+	UNIQUE (SessionID)
 );
 
 

web/html/index.php

@@ -2,12 +2,110 @@
 include("index_po.inc");
 include("aur.inc");
 set_lang();
+check_sid();
+
+# Need to do the authentication prior to sending HTML
+#
+$login_error = "";
+if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
+	# Attempting to log in
+	#
+	if (!isset($_REQUEST['user'])) {
+		$login_error = __("You must supply a username.");
+	}
+	if (!isset($_REQUEST['pass'])) {
+		$login_error = __("You must supply a password.");
+	}
+	if (!$login_error) {
+		# Try and authenticate the user
+		#
+		$dbh = db_connect();
+		$q = "SELECT ID, Suspended FROM Users ";
+		$q.= "WHERE Email = '" . mysql_escape_string($_REQUEST["user"]) . "' ";
+		$q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'";
+		$result = mysql_query($q, $dbh);
+		if (!$result) {
+			$login_error = __("Incorrect password for username %s.",
+						array($_REQUEST["user"]));
+		}
+		$row = mysql_fetch_row($result);
+		if ($row[1]) {
+			$login_error = __("Your account has been suspended.");
+		}
+
+		if (!$login_error) {
+			# Account looks good.  Generate a SID and store it.
+			#
+			$logged_in = 0;
+			$num_tries = 0;
+			while (!$logged_in && $num_tries < 5) {
+				$new_sid = new_sid();
+				$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) ";
+				$q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())";
+				$result = mysql_query($q, $dbh);
+				# Query will fail if $new_sid is not unique
+				#
+				if ($result) {
+					$logged_in = 1;
+					break;
+				}
+				$num_tries++;
+			}
+			if ($logged_in) {
+				# set our SID cookie
+				#
+				setcookie("AURSID", $new_sid, 0, "/");
+				header("Location: /index.php");
+			} else {
+				$login_error = __("Error trying to generate session id.");
+			}
+		}
+	}
+}
+
+# Any cookies have been sent, can now display HTML
+#
 html_header();
 
+print "<table border='0' cellpadding='0' cellspacing='3' width='90%'>\n";
+print "<tr>\n";
+print "  <td align='left'>";
+print __("This is where the intro text will go.");
+print __("For now, it's just a place holder.");
+print __("It's more important to get the login functionality finished.");
+print __("After that, this can be filled in with more meaningful text.");
+print "  </td>";
+print "  <td align='right'>";
+if (!isset($_COOKIE["AURSID"])) {
+	# the user is not logged in, give them login widgets
+	#
+	print "<form action='/index.php' method='post'>\n";
+	if ($login_error) {
+		print $login_error . "<br/>\n";
+	}
+	print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
+	print "<tr>\n";
+	print "<td>".__("Username:")."</td>";
+	print "<td><input type='text' name='user' size='30' maxlength='64'></td>";
+	print "</tr>\n";
+	print "<tr>\n";
+	print "<td>".__("Password:")."</td>";
+	print "<td><input type='password' name='pass' size='30' maxlength='32'></td>";
+	print "</tr>\n";
+	print "<tr>\n";
+	print "<td colspan='2' align='right'>&nbsp;<br/>";
+	print "<input type='submit' value='".__("Login")."'></td>";
+	print "</tr>\n";
+	print "</table>\n";
+	print "</form>\n";
 
-#$dbh = db_connect();
-print "Connected...<br>\n";
-print "My LANG is: " . $LANG . "<br>\n";
+} else {
+	print __("Currently logged in as: %h%s%h",
+			array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
+}
+print "  </td>";
+print "</tr>\n";
+print "</table>\n";
 
 
 html_footer("\$Id$");

web/html/timeout.php

@@ -0,0 +1,13 @@
+<?
+include("timeout_po.inc");
+include("aur.inc");
+set_lang();
+html_header();
+
+print __("Your session has timed out.  You must log in again.");
+print "<p>\n";
+print __("Click on the Home link above to log in.");
+print "</p>\n";
+
+html_footer("\$Id$");
+?>

web/lang/index_po.inc

@@ -16,4 +16,69 @@ $_t["en"]["Hi, this is worth reading!"] = "Hi, this is worth reading!";
 # $_t["fr"]["Hi, this is worth reading!"] = "--> Traduction française ici. <--";
 # $_t["de"]["Hi, this is worth reading!"] = "--> Deutsche Übersetzung hier. <--";
 
+$_t["en"]["You must supply a password."] = "You must supply a password.";
+# $_t["es"]["You must supply a password."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["You must supply a password."] = "--> Traduction française ici. <--";
+# $_t["de"]["You must supply a password."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["You must supply a username."] = "You must supply a username.";
+# $_t["es"]["You must supply a username."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["You must supply a username."] = "--> Traduction française ici. <--";
+# $_t["de"]["You must supply a username."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Incorrect password for username %s."] = "Incorrect password for username %s.";
+# $_t["es"]["Incorrect password for username %s."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Incorrect password for username %s."] = "--> Traduction française ici. <--";
+# $_t["de"]["Incorrect password for username %s."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["After that, this can be filled in with more meaningful text."] = "After that, this can be filled in with more meaningful text.";
+# $_t["es"]["After that, this can be filled in with more meaningful text."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["After that, this can be filled in with more meaningful text."] = "--> Traduction française ici. <--";
+# $_t["de"]["After that, this can be filled in with more meaningful text."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Your account has been suspended."] = "Your account has been suspended.";
+# $_t["es"]["Your account has been suspended."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Your account has been suspended."] = "--> Traduction française ici. <--";
+# $_t["de"]["Your account has been suspended."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Password:"] = "Password:";
+# $_t["es"]["Password:"] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Password:"] = "--> Traduction française ici. <--";
+# $_t["de"]["Password:"] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Username:"] = "Username:";
+# $_t["es"]["Username:"] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Username:"] = "--> Traduction française ici. <--";
+# $_t["de"]["Username:"] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["It's more important to get the login functionality finished."] = "It's more important to get the login functionality finished.";
+# $_t["es"]["It's more important to get the login functionality finished."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["It's more important to get the login functionality finished."] = "--> Traduction française ici. <--";
+# $_t["de"]["It's more important to get the login functionality finished."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Currently logged in as: %h%s%h"] = "Currently logged in as: %h%s%h";
+# $_t["es"]["Currently logged in as: %h%s%h"] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Currently logged in as: %h%s%h"] = "--> Traduction française ici. <--";
+# $_t["de"]["Currently logged in as: %h%s%h"] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["For now, it's just a place holder."] = "For now, it's just a place holder.";
+# $_t["es"]["For now, it's just a place holder."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["For now, it's just a place holder."] = "--> Traduction française ici. <--";
+# $_t["de"]["For now, it's just a place holder."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["This is where the intro text will go."] = "This is where the intro text will go.";
+# $_t["es"]["This is where the intro text will go."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["This is where the intro text will go."] = "--> Traduction française ici. <--";
+# $_t["de"]["This is where the intro text will go."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Error trying to generate session id."] = "Error trying to generate session id.";
+# $_t["es"]["Error trying to generate session id."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Error trying to generate session id."] = "--> Traduction française ici. <--";
+# $_t["de"]["Error trying to generate session id."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Login"] = "Login";
+# $_t["es"]["Login"] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Login"] = "--> Traduction française ici. <--";
+# $_t["de"]["Login"] = "--> Deutsche Übersetzung hier. <--";
+
 ?>

web/lang/timeout_po.inc

@@ -0,0 +1,24 @@
+<?
+# INSTRUCTIONS TO TRANSLATORS
+#
+# This file contains the i18n translations for a subset of the
+# Arch Linux User-community Repository (AUR).  This is a PHP
+# script, and as such, you MUST pay great attention to the syntax.
+# If your text contains any double-quotes ("), you MUST escape
+# them with the backslash character (\).
+#
+
+include_once("translator.inc");
+global $_t;
+
+$_t["en"]["Click on the Home link above to log in."] = "Click on the Home link above to log in.";
+# $_t["es"]["Click on the Home link above to log in."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Click on the Home link above to log in."] = "--> Traduction française ici. <--";
+# $_t["de"]["Click on the Home link above to log in."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Your session has timed out.  You must log in again."] = "Your session has timed out.  You must log in again.";
+# $_t["es"]["Your session has timed out.  You must log in again."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Your session has timed out.  You must log in again."] = "--> Traduction française ici. <--";
+# $_t["de"]["Your session has timed out.  You must log in again."] = "--> Deutsche Übersetzung hier. <--";
+
+?>

web/lib/aur.inc

@@ -11,6 +11,84 @@ $SUPPORTED_LANGS = array(
 	"fr" => 1, # Français
 );
 
+# see if the visitor is already logged in
+#
+function check_sid() {
+	global $_COOKIE;
+
+	if (isset($_COOKIE["AURSID"])) {
+		$failed = 0;
+		# the visitor is logged in, try and update the session
+		#
+		$dbh = db_connect();
+		$q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions ";
+		$q.= "WHERE SessionID = '" . mysql_escape_string($_COOKIE["AURSID"]) . "'";
+		$result = mysql_query($q, $dbh);
+		if (!$result) {
+			$failed = 1;
+		} else {
+			if ($row[0] + 10 >= $row[1]) {
+				$failed = 1;
+			}
+		}
+		if ($failed) {
+			# visitor's session id either doesn't exist, or the timeout
+			# was reached and they must login again, send them back to
+			# the main page where they can log in again.
+			#
+			$q = "DELETE FROM Sessions WHERE SessionID = '";
+			$q.= mysql_escape_string($_COOKIE["AURSID"]) . "'";
+			mysql_query($q, $dbh);
+
+			setcookie("AURSID", "", time() - (60*60*24*30), "/");
+			header("Location: /timeout.php");
+		}
+	}
+
+	return;
+}
+
+# a new seed value for mt_srand()
+#
+function make_seed() {
+	list($usec, $sec) = explode(' ', microtime());
+	return (float) $sec + ((float) $usec * 10000);
+}
+
+# generate a (hopefully) unique session id
+#
+function new_sid() {
+	mt_srand(make_seed());
+	$ts = time();
+	$pid = getmypid();
+
+	$rand_num = mt_rand();
+	mt_srand(make_seed());
+	$rand_str = substr(md5(mt_rand()),2, 20);
+
+	$id = $rand_str . strtolower(md5($ts.$pid)) . $rand_num;
+	return strtoupper(md5($id));
+}
+
+# obtain the username if given their current SID
+#
+function username_from_sid($sid="") {
+	if (!$sid) {
+		return "";
+	}
+	$dbh = db_connect();
+	$q = "SELECT Email ";
+	$q.= "FROM Users, Sessions ";
+	$q.= "WHERE Users.ID = Sessions.UsersID ";
+	$q.= "AND SessionID = '" . mysql_escape_string($sid) . "'";
+	$result = mysql_query($q, $dbh);
+	if (!$result) {
+		return "";
+	}
+	$row = mysql_fetch_row($result);
+
+	return $row[0];
+}
 
 # connect to the database
 #
@@ -155,7 +233,7 @@ function html_footer($ver="") {
 	print "</table>\n";
 	print "<p>\n";
 	if ($ver) {
-		print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
+		print "<table border='0' cellpadding='0' cellspacing='0' width='97%'>\n";
 		print "<tr><td align='right'><span class='fix'>".$ver."</span></td></tr>\n";
 		print "</table>\n";
 	}