yolanda/trunk/login.pl

84 lines
1.9 KiB
Perl
Raw Normal View History

#!/usr/bin/perl
require "include.pl";
require "functions.pl";
#initialize session data
CGI::Session->name($session_name);
$query = new CGI;
$session = new CGI::Session;
#check if action is set
if($query->param('action'))
{
#connect to db
$dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass);
#if login is requested
if($query->param('action') eq "login")
{
#prepare query
my $sth = $dbh->prepare(qq{select username from users
where password = password( ? )
and username = ?
limit 1 });
#execute query
$sth->execute($query->param('pass'), $query->param('user'));
#if something was returned username and password match
if($sth->fetchrow_array())
{
#store session id in database
$sth = $dbh->prepare(qq{update users set sid = ? where username = ? });
$sth->execute($session->id, $query->param('user'));
$sth->finish();
print $session->header();
print "logged in";
}
else
{
#if not, print error
print $session->header();
print "could not log you in";
}
}
elsif($query->param('action') eq "logout")
{
#if logout is requested
#remove sid from database
$sth = $dbh->prepare(qq{update users set sid = '' where username = ?});
$sth->execute(get_username_from_sid($session->id));
$sth->finish();
$session->delete();
print $session->header();
print "logged out";
}
else
{
#something ugly was passed
print $session->header();
print "wtf?";
}
#disconnect db
$dbh->disconnect();
}
else
{
#if not, print login form
%page = ();
#if a username is associated with session id, username is nonempty
$page->{username} = get_username_from_sid($session->id);
$page->{locale} = $locale;
$page->{stylesheet} = $stylesheet;
$page->{loginform} = [''];
#print xml http header along with session cookie
print $session->header(-type=>'text/xml');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
}