summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoreric <eric>2004-06-20 23:26:28 +0000
committereric <eric>2004-06-20 23:26:28 +0000
commit84e15d0463726fe03b0cdb5a690621330034e737 (patch)
treefee94fa1046bfe56095cc4a35b06b033de9ee589
parent30aea4ec8cfee1ffc8786955ecb012ef73a68b73 (diff)
finished the login/logout/session stuff
-rw-r--r--web/html/account.php6
-rw-r--r--web/html/css/containers.css6
-rw-r--r--web/html/css/fonts.css6
-rw-r--r--web/html/hacker.php13
-rw-r--r--web/html/index.php21
-rw-r--r--web/html/logout.php20
-rw-r--r--web/html/pkgmgmnt.php6
-rw-r--r--web/html/pkgsearch.php6
-rw-r--r--web/html/pkgsubmit.php7
-rw-r--r--web/html/pkgvote.php6
-rw-r--r--web/html/template.php1
-rw-r--r--web/lang/hacker_po.inc24
-rw-r--r--web/lang/logout_po.inc5
-rw-r--r--web/lib/aur.inc95
14 files changed, 165 insertions, 57 deletions
diff --git a/web/html/account.php b/web/html/account.php
index 6d402ca..4d2cd9f 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -2,6 +2,7 @@
include("aur.inc"); # access AUR common functions
include("account_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language
+check_sid(); # see if they're still logged in
html_header(); # print out the HTML header
@@ -11,8 +12,5 @@ html_header(); # print out the HTML header
print __("Under construction...")."<br/>\n";
-html_footer("\$Id$"); # Use the $Id$ keyword
- # NOTE: when checking in a new file, use
- # 'svn propset svn:keywords "Id" filename.php'
- # to tell svn to expand the "Id" keyword.
+html_footer("\$Id$");
?>
diff --git a/web/html/css/containers.css b/web/html/css/containers.css
index 7322b3f..69ed1d9 100644
--- a/web/html/css/containers.css
+++ b/web/html/css/containers.css
@@ -174,6 +174,12 @@
vertical-align: top;
padding-left: 5;
}
+ td.text
+ {
+ color: #000;
+ font-family: verdana;
+ font-size: 12px;
+ }
th
{
text-align: left;
diff --git a/web/html/css/fonts.css b/web/html/css/fonts.css
index 55cb226..fcf4644 100644
--- a/web/html/css/fonts.css
+++ b/web/html/css/fonts.css
@@ -40,6 +40,12 @@
font-family: monospace, fixed, terminal;
font-size: 12px;
}
+ span.error /* Content Text */
+ {
+ color: #900;
+ font-family: verdana;
+ font-size: 12px;
+ }
/* Font Attribute Change (#6c83b0)*/
span.blue
diff --git a/web/html/hacker.php b/web/html/hacker.php
new file mode 100644
index 0000000..5d51834
--- /dev/null
+++ b/web/html/hacker.php
@@ -0,0 +1,13 @@
+<?
+include("hacker_po.inc");
+include("aur.inc");
+set_lang();
+html_header();
+
+print __("Your session id is invalid.");
+print "<p>\n";
+print __("If this problem persists, please contact the site administrator.");
+print "</p>\n";
+
+html_footer("\$Id$");
+?>
diff --git a/web/html/index.php b/web/html/index.php
index 3bda551..ad7b73f 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -4,7 +4,7 @@ include("aur.inc");
set_lang();
check_sid();
-# Need to do the authentication prior to sending HTML
+# Need to do the authentication prior to sending any HTML (including header)
#
$login_error = "";
if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
@@ -23,14 +23,15 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
$q = "SELECT ID, Suspended FROM Users ";
$q.= "WHERE Email = '" . mysql_escape_string($_REQUEST["user"]) . "' ";
$q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'";
- $result = mysql_query($q, $dbh);
+ $result = db_query($q, $dbh);
if (!$result) {
$login_error = __("Incorrect password for username %s.",
array($_REQUEST["user"]));
- }
- $row = mysql_fetch_row($result);
- if ($row[1]) {
- $login_error = __("Your account has been suspended.");
+ } else {
+ $row = mysql_fetch_row($result);
+ if ($row[1]) {
+ $login_error = __("Your account has been suspended.");
+ }
}
if (!$login_error) {
@@ -42,7 +43,7 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
$new_sid = new_sid();
$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) ";
$q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())";
- $result = mysql_query($q, $dbh);
+ $result = db_query($q, $dbh);
# Query will fail if $new_sid is not unique
#
if ($result) {
@@ -69,19 +70,19 @@ html_header();
print "<table border='0' cellpadding='0' cellspacing='3' width='90%'>\n";
print "<tr>\n";
-print " <td align='left'>";
+print " <td align='left' valign='top'>&nbsp;<br/>";
print __("This is where the intro text will go.");
print __("For now, it's just a place holder.");
print __("It's more important to get the login functionality finished.");
print __("After that, this can be filled in with more meaningful text.");
print " </td>";
-print " <td align='right'>";
+print " <td align='right'>&nbsp;<br/>\n";
if (!isset($_COOKIE["AURSID"])) {
# the user is not logged in, give them login widgets
#
print "<form action='/index.php' method='post'>\n";
if ($login_error) {
- print $login_error . "<br/>\n";
+ print "<span class='error'>" . $login_error . "</span><br/>\n";
}
print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
print "<tr>\n";
diff --git a/web/html/logout.php b/web/html/logout.php
index 6757784..07a787a 100644
--- a/web/html/logout.php
+++ b/web/html/logout.php
@@ -2,17 +2,19 @@
include("aur.inc"); # access AUR common functions
include("logout_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language
-html_header(); # print out the HTML header
-
-# Any text you print out to the visitor, use the __() function
-# for i18n support. See 'testpo.php' for more details.
+# if they've got a cookie, log them out - need to do this before
+# sending any HTML output.
#
-print __("Under construction...")."<br/>\n";
+if (isset($_COOKIE["AURSID"])) {
+ $q = "DELETE FROM Sessions WHERE SessionID = '";
+ $q.= mysql_escape_string($_COOKIE["AURSID"]) . "'";
+ setcookie("AURSID", "", time() - (60*60*24*30), "/");
+}
+
+html_header(); # print out the HTML header
+print __("You have been successfully logged out.")."<br/>\n";
-html_footer("\$Id$"); # Use the $Id$ keyword
- # NOTE: when checking in a new file, use
- # 'svn propset svn:keywords "Id" filename.php'
- # to tell svn to expand the "Id" keyword.
+html_footer("\$Id$");
?>
diff --git a/web/html/pkgmgmnt.php b/web/html/pkgmgmnt.php
index 0988e51..b1768db 100644
--- a/web/html/pkgmgmnt.php
+++ b/web/html/pkgmgmnt.php
@@ -2,6 +2,7 @@
include("aur.inc"); # access AUR common functions
include("mgmnt_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language
+check_sid(); # see if they're still logged in
html_header(); # print out the HTML header
@@ -11,8 +12,5 @@ html_header(); # print out the HTML header
print __("Under construction...")."<br/>\n";
-html_footer("\$Id$"); # Use the $Id$ keyword
- # NOTE: when checking in a new file, use
- # 'svn propset svn:keywords "Id" filename.php'
- # to tell svn to expand the "Id" keyword.
+html_footer("\$Id$");
?>
diff --git a/web/html/pkgsearch.php b/web/html/pkgsearch.php
index d23a602..f5ef888 100644
--- a/web/html/pkgsearch.php
+++ b/web/html/pkgsearch.php
@@ -2,6 +2,7 @@
include("aur.inc"); # access AUR common functions
include("search_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language
+check_sid(); # see if they're still logged in
html_header(); # print out the HTML header
@@ -11,8 +12,5 @@ html_header(); # print out the HTML header
print __("Under construction...")."<br/>\n";
-html_footer("\$Id$"); # Use the $Id$ keyword
- # NOTE: when checking in a new file, use
- # 'svn propset svn:keywords "Id" filename.php'
- # to tell svn to expand the "Id" keyword.
+html_footer("\$Id$");
?>
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index fc36da5..c9465a1 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -1,6 +1,8 @@
<?
include("aur.inc"); # access AUR common functions
include("submit_po.inc"); # use some form of this for i18n support
+set_lang(); # this sets up the visitor's language
+check_sid(); # see if they're still logged in
html_header(); # print out the HTML header
@@ -10,8 +12,5 @@ html_header(); # print out the HTML header
print __("Under construction...")."<br/>\n";
-html_footer("\$Id$"); # Use the $Id$ keyword
- # NOTE: when checking in a new file, use
- # 'svn propset svn:keywords "Id" filename.php'
- # to tell svn to expand the "Id" keyword.
+html_footer("\$Id$");
?>
diff --git a/web/html/pkgvote.php b/web/html/pkgvote.php
index e111937..594ec16 100644
--- a/web/html/pkgvote.php
+++ b/web/html/pkgvote.php
@@ -2,6 +2,7 @@
include("aur.inc"); # access AUR common functions
include("vote_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language
+check_sid(); # see if they're still logged in
html_header(); # print out the HTML header
@@ -11,8 +12,5 @@ html_header(); # print out the HTML header
print __("Under construction...")."<br/>\n";
-html_footer("\$Id$"); # Use the $Id$ keyword
- # NOTE: when checking in a new file, use
- # 'svn propset svn:keywords "Id" filename.php'
- # to tell svn to expand the "Id" keyword.
+html_footer("\$Id$");
?>
diff --git a/web/html/template.php b/web/html/template.php
index a61ba6f..9ae001e 100644
--- a/web/html/template.php
+++ b/web/html/template.php
@@ -2,6 +2,7 @@
include("aur.inc"); # access AUR common functions
include("template_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language
+check_sid(); # see if they're still logged in
html_header(); # print out the HTML header
diff --git a/web/lang/hacker_po.inc b/web/lang/hacker_po.inc
new file mode 100644
index 0000000..183cee6
--- /dev/null
+++ b/web/lang/hacker_po.inc
@@ -0,0 +1,24 @@
+<?
+# INSTRUCTIONS TO TRANSLATORS
+#
+# This file contains the i18n translations for a subset of the
+# Arch Linux User-community Repository (AUR). This is a PHP
+# script, and as such, you MUST pay great attention to the syntax.
+# If your text contains any double-quotes ("), you MUST escape
+# them with the backslash character (\).
+#
+
+include_once("translator.inc");
+global $_t;
+
+$_t["en"]["Your session id is invalid."] = "Your session id is invalid.";
+# $_t["es"]["Your session id is invalid."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Your session id is invalid."] = "--> Traduction française ici. <--";
+# $_t["de"]["Your session id is invalid."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["If this problem persists, please contact the site administrator."] = "If this problem persists, please contact the site administrator.";
+# $_t["es"]["If this problem persists, please contact the site administrator."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["If this problem persists, please contact the site administrator."] = "--> Traduction française ici. <--";
+# $_t["de"]["If this problem persists, please contact the site administrator."] = "--> Deutsche Übersetzung hier. <--";
+
+?> \ No newline at end of file
diff --git a/web/lang/logout_po.inc b/web/lang/logout_po.inc
index 438f50d..dab1dda 100644
--- a/web/lang/logout_po.inc
+++ b/web/lang/logout_po.inc
@@ -16,4 +16,9 @@ $_t["en"]["Under construction..."] = "Under construction...";
# $_t["fr"]["Under construction..."] = "--> Traduction française ici. <--";
# $_t["de"]["Under construction..."] = "--> Deutsche Übersetzung hier. <--";
+$_t["en"]["You have been successfully logged out."] = "You have been successfully logged out.";
+# $_t["es"]["You have been successfully logged out."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["You have been successfully logged out."] = "--> Traduction française ici. <--";
+# $_t["de"]["You have been successfully logged out."] = "--> Deutsche Übersetzung hier. <--";
+
?> \ No newline at end of file
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index a333576..54ec5ef 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -3,18 +3,24 @@ include_once("aur_po.inc");
# Define global variables
#
-$PASS_PHRASE = "Dustyissocool";
-$SUPPORTED_LANGS = array(
+$LOGIN_TIMEOUT = 10; # number of idle seconds before timeout
+$SUPPORTED_LANGS = array( # what languages we have translations for
"en" => 1, # English
"es" => 1, # Español
"de" => 1, # Deutsch
"fr" => 1, # Français
);
+# debugging variables
+#
+$QBUG = 1; # toggle query logging to /tmp/aurq.log
+$DBUG = 1; # use dbug($msg) to log to /tmp/aurd.log
+
# see if the visitor is already logged in
#
function check_sid() {
global $_COOKIE;
+ global $LOGIN_TIMEOUT;
if (isset($_COOKIE["AURSID"])) {
$failed = 0;
@@ -23,28 +29,45 @@ function check_sid() {
$dbh = db_connect();
$q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions ";
$q.= "WHERE SessionID = '" . mysql_escape_string($_COOKIE["AURSID"]) . "'";
- $result = mysql_query($q, $dbh);
+ $result = db_query($q, $dbh);
if (!$result) {
+ # Invalid SessionID - hacker alert!
+ #
$failed = 1;
} else {
- if ($row[0] + 10 >= $row[1]) {
- $failed = 1;
+ $row = mysql_fetch_row($result);
+ if ($row[0] + $LOGIN_TIMEOUT <= $row[1]) {
+ dbug("login timeout reached");
+ $failed = 2;
}
}
- if ($failed) {
+ if ($failed == 1) {
+ # clear out the hacker's cookie, and send them to a naughty page
+ #
+ setcookie("AURSID", "", time() - (60*60*24*30), "/");
+ header("Location: /hacker.php");
+
+ } elseif ($failed == 2) {
# visitor's session id either doesn't exist, or the timeout
# was reached and they must login again, send them back to
# the main page where they can log in again.
#
$q = "DELETE FROM Sessions WHERE SessionID = '";
$q.= mysql_escape_string($_COOKIE["AURSID"]) . "'";
- mysql_query($q, $dbh);
+ db_query($q, $dbh);
setcookie("AURSID", "", time() - (60*60*24*30), "/");
header("Location: /timeout.php");
+
+ } else {
+ # still logged in and haven't reached the timeout, go ahead
+ # and update the idle timestamp
+ #
+ $q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() ";
+ $q.= "WHERE SessionID = '".mysql_escape_string($_COOKIE["AURSID"])."'";
+ db_query($q, $dbh);
}
}
-
return;
}
@@ -81,7 +104,7 @@ function username_from_sid($sid="") {
$q.= "FROM Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
$q.= "AND SessionID = '" . mysql_escape_string($sid) . "'";
- $result = mysql_query($q, $dbh);
+ $result = db_query($q, $dbh);
if (!$result) {
return "";
}
@@ -111,6 +134,26 @@ function db_connect() {
return $handle;
}
+# wrapper function around db_query in case we want to put
+# query logging/debuggin in.
+#
+function db_query($query="", $db_handle="") {
+ global $QBUG;
+ if (!$query) {
+ return FALSE;
+ }
+ if (!$db_handle) {
+ $db_handle = db_connect();
+ }
+ if ($QBUG) {
+ $fp = fopen("/tmp/aurq.log", "a");
+ fwrite($fp, $query . "\n");
+ fclose($fp);
+ }
+ $result = mysql_query($query, $db_handle);
+ return $result;
+}
+
# set up the visitor's language
#
function set_lang() {
@@ -152,6 +195,7 @@ function set_lang() {
# common header
#
function html_header() {
+ global $_COOKIE;
print "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
print "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n";
print "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">";
@@ -205,14 +249,20 @@ function html_header() {
print " <a href='/account.php'>".__("Accounts")."</a> ";
print " <span class='black'> - </span> ";
print " <a href='/pkgsearch.php'>".__("Packages")."</a> ";
- print " <span class='black'> - </span> ";
- print " <a href='/pkgvote.php'>".__("Vote")."</a> ";
- print " <span class='black'> - </span> ";
- print " <a href='/pkgmgmnt.php'>".__("Manage")."</a> ";
- print " <span class='black'> - </span> ";
- print " <a href='/pkgsubmit.php'>".__("Submit")."</a> ";
- print " <span class='black'> - </span> ";
- print " <a href='/logout.php'>".__("Logout")."</a> ";
+ if (isset($_COOKIE["AURSID"])) {
+ # Only display these items if the visitor is logged in. This should
+ # be a safe check because check_sid() has been called prior to
+ # html_header().
+ #
+ print " <span class='black'> - </span> ";
+ print " <a href='/pkgvote.php'>".__("Vote")."</a> ";
+ print " <span class='black'> - </span> ";
+ print " <a href='/pkgmgmnt.php'>".__("Manage")."</a> ";
+ print " <span class='black'> - </span> ";
+ print " <a href='/pkgsubmit.php'>".__("Submit")."</a> ";
+ print " <span class='black'> - </span> ";
+ print " <a href='/logout.php'>".__("Logout")."</a> ";
+ }
print " <span class='black'>:.</span></span>";
print " </td>";
print " </tr>";
@@ -237,10 +287,19 @@ function html_footer($ver="") {
print "<tr><td align='right'><span class='fix'>".$ver."</span></td></tr>\n";
print "</table>\n";
}
- print "<\p>\n";
+ print "</p>\n";
print "</body>\n</html>";
return;
}
+# debug logging
+#
+function dbug($msg) {
+ $fp = fopen("/tmp/aurd.log", "a");
+ fwrite($fp, $msg . "\n");
+ fclose($fp);
+ return;
+}
+
# vim: ts=2 sw=2 noet ft=php
?>