external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

finished the login/logout/session stuff

Browse source
This commit is contained in:
eric 2004-06-20 23:26:28 +00:00
parent 30aea4ec8c
commit 84e15d0463
14 changed files with 165 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
web/html/account.php
View file

@ -2,6 +2,7 @@
include("aur.inc"); # access AUR common functions
include("account_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language
check_sid(); # see if they're still logged in
html_header(); # print out the HTML header
@ -11,8 +12,5 @@ html_header(); # print out the HTML header
print __("Under construction...")."<br/>\n";
html_footer("\$Id$"); # Use the $Id$ keyword
# NOTE: when checking in a new file, use
# 'svn propset svn:keywords "Id" filename.php'
# to tell svn to expand the "Id" keyword.
html_footer("\$Id$");
?>

6
web/html/css/containers.css
View file

@ -174,6 +174,12 @@
vertical-align: top;
padding-left: 5;
}
td.text
{
color: #000;
font-family: verdana;
font-size: 12px;
}
th
{
text-align: left;

6
web/html/css/fonts.css
View file

@ -40,6 +40,12 @@
font-family: monospace, fixed, terminal;
font-size: 12px;
}
span.error /* Content Text */
{
color: #900;
font-family: verdana;
font-size: 12px;
}
/* Font Attribute Change (#6c83b0)*/
span.blue

13
web/html/hacker.php Normal file
View file

@ -0,0 +1,13 @@
<?
include("hacker_po.inc");
include("aur.inc");
set_lang();
html_header();
print __("Your session id is invalid.");
print "<p>\n";
print __("If this problem persists, please contact the site administrator.");
print "</p>\n";
html_footer("\$Id$");
?>

21
web/html/index.php
View file

@ -4,7 +4,7 @@ include("aur.inc");
set_lang();
check_sid();
# Need to do the authentication prior to sending HTML
# Need to do the authentication prior to sending any HTML (including header)
#
$login_error = "";
if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
@ -23,14 +23,15 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
$q = "SELECT ID, Suspended FROM Users ";
$q.= "WHERE Email = '" . mysql_escape_string($_REQUEST["user"]) . "' ";
$q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'";
$result = mysql_query($q, $dbh);
$result = db_query($q, $dbh);
if (!$result) {
$login_error = __("Incorrect password for username %s.",
array($_REQUEST["user"]));
}
$row = mysql_fetch_row($result);
if ($row[1]) {
$login_error = __("Your account has been suspended.");
} else {
$row = mysql_fetch_row($result);
if ($row[1]) {
$login_error = __("Your account has been suspended.");
}
}
if (!$login_error) {
@ -42,7 +43,7 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
$new_sid = new_sid();
$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) ";
$q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())";
$result = mysql_query($q, $dbh);
$result = db_query($q, $dbh);
# Query will fail if $new_sid is not unique
#
if ($result) {
@ -69,19 +70,19 @@ html_header();
print "<table border='0' cellpadding='0' cellspacing='3' width='90%'>\n";
print "<tr>\n";
print " <td align='left'>";
print " <td align='left' valign='top'>&nbsp;<br/>";
print __("This is where the intro text will go.");
print __("For now, it's just a place holder.");
print __("It's more important to get the login functionality finished.");
print __("After that, this can be filled in with more meaningful text.");
print " </td>";
print " <td align='right'>";
print " <td align='right'>&nbsp;<br/>\n";
if (!isset($_COOKIE["AURSID"])) {
# the user is not logged in, give them login widgets
#
print "<form action='/index.php' method='post'>\n";
if ($login_error) {
print $login_error . "<br/>\n";
print "<span class='error'>" . $login_error . "</span><br/>\n";
}
print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
print "<tr>\n";

20
web/html/logout.php
View file

@ -2,17 +2,19 @@
include("aur.inc"); # access AUR common functions
include("logout_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language
html_header(); # print out the HTML header
# Any text you print out to the visitor, use the __() function
# for i18n support. See 'testpo.php' for more details.
# if they've got a cookie, log them out - need to do this before
# sending any HTML output.
#
print __("Under construction...")."<br/>\n";
if (isset($_COOKIE["AURSID"])) {
$q = "DELETE FROM Sessions WHERE SessionID = '";
$q.= mysql_escape_string($_COOKIE["AURSID"]) . "'";
setcookie("AURSID", "", time() - (60*60*24*30), "/");
}
html_header(); # print out the HTML header
print __("You have been successfully logged out.")."<br/>\n";
html_footer("\$Id$"); # Use the $Id$ keyword
# NOTE: when checking in a new file, use
# 'svn propset svn:keywords "Id" filename.php'
# to tell svn to expand the "Id" keyword.
html_footer("\$Id$");
?>

6
web/html/pkgmgmnt.php
View file

@ -2,6 +2,7 @@
include("aur.inc"); # access AUR common functions
include("mgmnt_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language
check_sid(); # see if they're still logged in
html_header(); # print out the HTML header
@ -11,8 +12,5 @@ html_header(); # print out the HTML header
print __("Under construction...")."<br/>\n";
html_footer("\$Id$"); # Use the $Id$ keyword
# NOTE: when checking in a new file, use
# 'svn propset svn:keywords "Id" filename.php'
# to tell svn to expand the "Id" keyword.
html_footer("\$Id$");
?>

6
web/html/pkgsearch.php
View file

@ -2,6 +2,7 @@
include("aur.inc"); # access AUR common functions
include("search_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language
check_sid(); # see if they're still logged in
html_header(); # print out the HTML header
@ -11,8 +12,5 @@ html_header(); # print out the HTML header
print __("Under construction...")."<br/>\n";
html_footer("\$Id$"); # Use the $Id$ keyword
# NOTE: when checking in a new file, use
# 'svn propset svn:keywords "Id" filename.php'
# to tell svn to expand the "Id" keyword.
html_footer("\$Id$");
?>

7
web/html/pkgsubmit.php
View file

@ -1,6 +1,8 @@
<?
include("aur.inc"); # access AUR common functions
include("submit_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language
check_sid(); # see if they're still logged in
html_header(); # print out the HTML header
@ -10,8 +12,5 @@ html_header(); # print out the HTML header
print __("Under construction...")."<br/>\n";
html_footer("\$Id$"); # Use the $Id$ keyword
# NOTE: when checking in a new file, use
# 'svn propset svn:keywords "Id" filename.php'
# to tell svn to expand the "Id" keyword.
html_footer("\$Id$");
?>

6
web/html/pkgvote.php
View file

@ -2,6 +2,7 @@
include("aur.inc"); # access AUR common functions
include("vote_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language
check_sid(); # see if they're still logged in
html_header(); # print out the HTML header
@ -11,8 +12,5 @@ html_header(); # print out the HTML header
print __("Under construction...")."<br/>\n";
html_footer("\$Id$"); # Use the $Id$ keyword
# NOTE: when checking in a new file, use
# 'svn propset svn:keywords "Id" filename.php'
# to tell svn to expand the "Id" keyword.
html_footer("\$Id$");
?>

1
web/html/template.php
View file

@ -2,6 +2,7 @@
include("aur.inc"); # access AUR common functions
include("template_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language
check_sid(); # see if they're still logged in
html_header(); # print out the HTML header

24
web/lang/hacker_po.inc Normal file
View file

@ -0,0 +1,24 @@
<?
# INSTRUCTIONS TO TRANSLATORS
#
# This file contains the i18n translations for a subset of the
# Arch Linux User-community Repository (AUR). This is a PHP
# script, and as such, you MUST pay great attention to the syntax.
# If your text contains any double-quotes ("), you MUST escape
# them with the backslash character (\).
#
include_once("translator.inc");
global $_t;
$_t["en"]["Your session id is invalid."] = "Your session id is invalid.";
# $_t["es"]["Your session id is invalid."] = "--> Traducción española aquí. <--";
# $_t["fr"]["Your session id is invalid."] = "--> Traduction française ici. <--";
# $_t["de"]["Your session id is invalid."] = "--> Deutsche Übersetzung hier. <--";
$_t["en"]["If this problem persists, please contact the site administrator."] = "If this problem persists, please contact the site administrator.";
# $_t["es"]["If this problem persists, please contact the site administrator."] = "--> Traducción española aquí. <--";
# $_t["fr"]["If this problem persists, please contact the site administrator."] = "--> Traduction française ici. <--";
# $_t["de"]["If this problem persists, please contact the site administrator."] = "--> Deutsche Übersetzung hier. <--";
?>

5
web/lang/logout_po.inc
View file

@ -16,4 +16,9 @@ $_t["en"]["Under construction..."] = "Under construction...";
# $_t["fr"]["Under construction..."] = "--> Traduction française ici. <--";
# $_t["de"]["Under construction..."] = "--> Deutsche Übersetzung hier. <--";
$_t["en"]["You have been successfully logged out."] = "You have been successfully logged out.";
# $_t["es"]["You have been successfully logged out."] = "--> Traducción española aquí. <--";
# $_t["fr"]["You have been successfully logged out."] = "--> Traduction française ici. <--";
# $_t["de"]["You have been successfully logged out."] = "--> Deutsche Übersetzung hier. <--";
?>

95
web/lib/aur.inc
View file

@ -3,18 +3,24 @@ include_once("aur_po.inc");
# Define global variables
#
$PASS_PHRASE = "Dustyissocool";
$SUPPORTED_LANGS = array(
$LOGIN_TIMEOUT = 10; # number of idle seconds before timeout
$SUPPORTED_LANGS = array( # what languages we have translations for
"en" => 1, # English
"es" => 1, # Español
"de" => 1, # Deutsch
"fr" => 1, # Français
);
# debugging variables
#
$QBUG = 1; # toggle query logging to /tmp/aurq.log
$DBUG = 1; # use dbug($msg) to log to /tmp/aurd.log
# see if the visitor is already logged in
#
function check_sid() {
global $_COOKIE;
global $LOGIN_TIMEOUT;
if (isset($_COOKIE["AURSID"])) {
$failed = 0;
@ -23,28 +29,45 @@ function check_sid() {
$dbh = db_connect();
$q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions ";
$q.= "WHERE SessionID = '" . mysql_escape_string($_COOKIE["AURSID"]) . "'";
$result = mysql_query($q, $dbh);
$result = db_query($q, $dbh);
if (!$result) {
# Invalid SessionID - hacker alert!
#
$failed = 1;
} else {
if ($row[0] + 10 >= $row[1]) {
$failed = 1;
$row = mysql_fetch_row($result);
if ($row[0] + $LOGIN_TIMEOUT <= $row[1]) {
dbug("login timeout reached");
$failed = 2;
}
}
if ($failed) {
if ($failed == 1) {
# clear out the hacker's cookie, and send them to a naughty page
#
setcookie("AURSID", "", time() - (60*60*24*30), "/");
header("Location: /hacker.php");
} elseif ($failed == 2) {
# visitor's session id either doesn't exist, or the timeout
# was reached and they must login again, send them back to
# the main page where they can log in again.
#
$q = "DELETE FROM Sessions WHERE SessionID = '";
$q.= mysql_escape_string($_COOKIE["AURSID"]) . "'";
mysql_query($q, $dbh);
db_query($q, $dbh);
setcookie("AURSID", "", time() - (60*60*24*30), "/");
header("Location: /timeout.php");
} else {
# still logged in and haven't reached the timeout, go ahead
# and update the idle timestamp
#
$q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() ";
$q.= "WHERE SessionID = '".mysql_escape_string($_COOKIE["AURSID"])."'";
db_query($q, $dbh);
}
}
return;
}
@ -81,7 +104,7 @@ function username_from_sid($sid="") {
$q.= "FROM Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
$q.= "AND SessionID = '" . mysql_escape_string($sid) . "'";
$result = mysql_query($q, $dbh);
$result = db_query($q, $dbh);
if (!$result) {
return "";
}
@ -111,6 +134,26 @@ function db_connect() {
return $handle;
}
# wrapper function around db_query in case we want to put
# query logging/debuggin in.
#
function db_query($query="", $db_handle="") {
global $QBUG;
if (!$query) {
return FALSE;
}
if (!$db_handle) {
$db_handle = db_connect();
}
if ($QBUG) {
$fp = fopen("/tmp/aurq.log", "a");
fwrite($fp, $query . "\n");
fclose($fp);
}
$result = mysql_query($query, $db_handle);
return $result;
}
# set up the visitor's language
#
function set_lang() {
@ -152,6 +195,7 @@ function set_lang() {
# common header
#
function html_header() {
global $_COOKIE;
print "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
print "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n";
print "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">";
@ -205,14 +249,20 @@ function html_header() {
print " <a href='/account.php'>".__("Accounts")."</a> ";
print " <span class='black'> - </span> ";
print " <a href='/pkgsearch.php'>".__("Packages")."</a> ";
print " <span class='black'> - </span> ";
print " <a href='/pkgvote.php'>".__("Vote")."</a> ";
print " <span class='black'> - </span> ";
print " <a href='/pkgmgmnt.php'>".__("Manage")."</a> ";
print " <span class='black'> - </span> ";
print " <a href='/pkgsubmit.php'>".__("Submit")."</a> ";
print " <span class='black'> - </span> ";
print " <a href='/logout.php'>".__("Logout")."</a> ";
if (isset($_COOKIE["AURSID"])) {
# Only display these items if the visitor is logged in. This should
# be a safe check because check_sid() has been called prior to
# html_header().
#
print " <span class='black'> - </span> ";
print " <a href='/pkgvote.php'>".__("Vote")."</a> ";
print " <span class='black'> - </span> ";
print " <a href='/pkgmgmnt.php'>".__("Manage")."</a> ";
print " <span class='black'> - </span> ";
print " <a href='/pkgsubmit.php'>".__("Submit")."</a> ";
print " <span class='black'> - </span> ";
print " <a href='/logout.php'>".__("Logout")."</a> ";
}
print " <span class='black'>:.</span></span>";
print " </td>";
print " </tr>";
@ -237,10 +287,19 @@ function html_footer($ver="") {
print "<tr><td align='right'><span class='fix'>".$ver."</span></td></tr>\n";
print "</table>\n";
}
print "<\p>\n";
print "</p>\n";
print "</body>\n</html>";
return;
}
# debug logging
#
function dbug($msg) {
$fp = fopen("/tmp/aurd.log", "a");
fwrite($fp, $msg . "\n");
fclose($fp);
return;
}
# vim: ts=2 sw=2 noet ft=php
?>