external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Put login into its own function.

Browse source 
Utilise login form template.
Also cleaned up a couple notices.

Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Signed-off-by: Simo Leone <simo@archlinux.org>
This commit is contained in:
Loui Chang 2008-02-06 19:16:21 -05:00 committed by Simo Leone
parent 541ea8aacc
commit a5a8895f49
5 changed files with 33 additions and 114 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
web/html/account.php
View file

@ -3,7 +3,7 @@
set_include_path(get_include_path() . PATH_SEPARATOR . '../lib' . PATH_SEPARATOR . '../lang'); set_include_path(get_include_path() . PATH_SEPARATOR . '../lib' . PATH_SEPARATOR . '../lang');
include("aur.inc"); # access AUR common functions include("aur.inc"); # access AUR common functions
include("acctfuncs.inc"); # access Account specific functions include_once("acctfuncs.inc"); # access Account specific functions
include("pkgfuncs_po.inc"); # Add to handle the i18n of My Packages include("pkgfuncs_po.inc"); # Add to handle the i18n of My Packages
include("account_po.inc"); # use some form of this for i18n support include("account_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language set_lang(); # this sets up the visitor's language

1
web/lib/acctfuncs.inc
View file

@ -603,7 +603,6 @@ function display_account_info($U="",$T="",
/* /*
* Returns SID (Session ID) and error (error message) in an array * Returns SID (Session ID) and error (error message) in an array
* SID of 0 means login failed. * SID of 0 means login failed.
* There should be a better way of doing this...I think
*/ */
function try_login() { function try_login() {
$login_error = ""; $login_error = "";

72
web/lib/aur.inc
View file

@ -9,6 +9,7 @@ include_once("config.inc");
include_once("aur_po.inc"); include_once("aur_po.inc");
// TODO: remove this, move translations over for login form // TODO: remove this, move translations over for login form
include_once("index_po.inc"); include_once("index_po.inc");
include_once("acctfuncs.inc");
# TODO do we need to set the domain on cookies? I seem to remember some # TODO do we need to set the domain on cookies? I seem to remember some
# security concerns about not using domains - but it's not like # security concerns about not using domains - but it's not like
@ -71,7 +72,7 @@ function check_sid() {
global $_COOKIE; global $_COOKIE;
global $LOGIN_TIMEOUT; global $LOGIN_TIMEOUT;
if ($_COOKIE["AURSID"]) { if (isset($_COOKIE["AURSID"])) {
$failed = 0; $failed = 0;
# the visitor is logged in, try and update the session # the visitor is logged in, try and update the session
# #
@ -285,18 +286,18 @@ function set_lang() {
global $SUPPORTED_LANGS; global $SUPPORTED_LANGS;
$update_cookie = 0; $update_cookie = 0;
if ($_REQUEST['setlang']) { if (isset($_REQUEST['setlang'])) {
# visitor is requesting a language change # visitor is requesting a language change
# #
$LANG = $_REQUEST['setlang']; $LANG = $_REQUEST['setlang'];
$update_cookie = 1; $update_cookie = 1;
} elseif ($_COOKIE['AURLANG']) { } elseif (isset($_COOKIE['AURLANG'])) {
# If a cookie is set, use that # If a cookie is set, use that
# #
$LANG = $_COOKIE['AURLANG']; $LANG = $_COOKIE['AURLANG'];
} elseif ($_COOKIE["AURSID"]) { } elseif (isset($_COOKIE["AURSID"])) {
$dbh = db_connect(); $dbh = db_connect();
$q = "SELECT LangPreference FROM Users, Sessions "; $q = "SELECT LangPreference FROM Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "WHERE Users.ID = Sessions.UsersID ";
@ -334,67 +335,8 @@ function html_header($title="") {
global $LANG; global $LANG;
global $SUPPORTED_LANGS; global $SUPPORTED_LANGS;
$login_error = ""; $login = try_login();
if (isset($_POST["user"]) || isset($_POST["pass"])) { $login_error = $login['error'];
# Attempting to log in
#
if (!isset($_POST["user"]) || $_POST['user'] === "") {
$login_error = __("You must supply a username.");
}
if ((!isset($_POST["pass"]) || $_POST['pass'] === "") && empty($login_error)) {
$login_error = __("You must supply a password.");
}
if (!$login_error) {
# Try and authenticate the user
#
#md5 hash it
$_POST["pass"] = md5($_POST["pass"]);
$dbh = db_connect();
$q = "SELECT ID, Suspended FROM Users ";
$q.= "WHERE Username = '" . mysql_real_escape_string($_POST["user"]) . "' ";
$q.= "AND Passwd = '" . mysql_real_escape_string($_POST["pass"]) . "'";
$result = db_query($q, $dbh);
if (!$result) {
$login_error = __("Login failure: Bad user or pass.");
} else {
$row = mysql_fetch_row($result);
if (empty($row)) {
$login_error = __("Login failure: Bad user or pass.");
} elseif ($row[1]) {
$login_error = __("Your account has been suspended.");
}
}
if (!$login_error) {
# Account looks good. Generate a SID and store it.
#
$logged_in = 0;
$num_tries = 0;
while (!$logged_in && $num_tries < 5) {
$new_sid = new_sid();
$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) ";
$q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())";
$result = db_query($q, $dbh);
# Query will fail if $new_sid is not unique
#
if ($result) {
$logged_in = 1;
break;
}
$num_tries++;
}
if ($logged_in) {
# set our SID cookie
#
setcookie("AURSID", $new_sid, 0, "/");
$_COOKIE['AURSID'] = $new_sid;
} else {
$login_error = __("Error trying to generate session id.");
}
}
}
}
$title = htmlspecialchars($title, ENT_QUOTES); $title = htmlspecialchars($title, ENT_QUOTES);

19
web/template/header.php
View file

@ -82,24 +82,7 @@ foreach ($SUPPORTED_LANGS as $lang => $lang_name) {
?> ?>
</ul> </ul>
</span> </span>
<span id="login_bar"> <?php include("login_form.php"); ?>
<?php
if (isset($_COOKIE["AURSID"])) {
print __("Logged-in as: %h%s%h",
array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
} else {
if ($login_error) {
print "<span class='error'>" . $login_error . "</span><br />\n";
} ?>
<form method='post'>
<?php print __("Username:"); ?>
<input type='text' name='user' size='30' maxlength='64' value='<?php if (isset($_POST['user'])) { print htmlspecialchars($_POST['user'], ENT_QUOTES); } ?>'>
<?php print __("Password:"); ?>
<input type='password' name='pass' size='30' maxlength='32'>
<input type='submit' class='button' value='<?php print __("Login"); ?>'>
</form>
<?php } ?>
</span>
</div> </div>
</div> </div>
<div id="maincontent"> <div id="maincontent">

53
web/template/login_form.php
View file

@ -1,33 +1,28 @@
<span id="login_bar">
<?php <?php
# Now present the user login stuff if (isset($_COOKIE["AURSID"])) {
if (!isset($_COOKIE["AURSID"])):
# the user is not logged in, give them login widgets
#
if (!empty($login['error'])) {
print '<div class="error">' . $login['error']
. '</div>';
}
?>
<form action="<?php print $_SERVER['PHP_SELF']; ?>" method="post">
<label class="lbox"><?php print __("Username"); ?><br />
<input type="text" name="user" size="30"
maxlength="<?php print USERNAME_MAX_LEN;?>"></label>
<label class="lbox"><?php print __("Password"); ?><br />
<input type="password" name="passwd" size="30"
maxlength="<?php print PASSWD_MAX_LEN; ?>"></label>
<br />
<input type="submit" class="button"
value="<?php print __("Login"); ?>">
</form>
<?php
else:
print __("Logged-in as: %h%s%h", print __("Logged-in as: %h%s%h",
array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>")); array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
endif; }
else {
if ($login_error) {
print "<span class='error'>" . $login_error . "</span><br />\n";
} ?>
<form method='post'>
<?php print __("Username:"); ?>
<input type='text' name='user' size='30'
maxlength="<?php print USERNAME_MAX_LEN; ?>"
value='<?php
if (isset($_POST['user'])) {
print htmlspecialchars($_POST['user'], ENT_QUOTES);
} ?>'>
<?php print __("Password:"); ?>
<input type='password' name='passwd' size='30'
maxlength="<?php print PASSWD_MAX_LEN; ?>">
<input type='submit' class='button'
value='<?php print __("Login"); ?>'>
</form>
<?php } ?>
</span>
# vim: ts=2 sw=2 noet ft=php
?>