2007-10-11 16:25:56 +00:00
|
|
|
#!/usr/bin/perl
|
2007-10-11 17:06:08 +00:00
|
|
|
require "include.pl";
|
2007-10-12 00:44:24 +00:00
|
|
|
require "functions.pl";
|
2007-10-10 21:48:12 +00:00
|
|
|
|
|
|
|
#initialize session data
|
|
|
|
CGI::Session->name($session_name);
|
|
|
|
$query = new CGI;
|
|
|
|
$session = new CGI::Session;
|
|
|
|
|
|
|
|
#check if action is set
|
2007-10-11 17:26:39 +00:00
|
|
|
if($query->param('action'))
|
|
|
|
{
|
2007-10-10 21:48:12 +00:00
|
|
|
#connect to db
|
|
|
|
$dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass);
|
|
|
|
|
|
|
|
#if login is requested
|
2007-10-11 17:26:39 +00:00
|
|
|
if($query->param('action') eq "login")
|
|
|
|
{
|
2007-10-20 16:32:04 +00:00
|
|
|
#prepare query - empty password are openid users so omit those entries
|
|
|
|
my $sth = $dbh->prepare(qq{select id from users
|
|
|
|
where password = password( ? ) and username = ? and not password = '' limit 1 });
|
2007-10-10 21:48:12 +00:00
|
|
|
|
|
|
|
#execute query
|
2007-10-12 00:34:32 +00:00
|
|
|
$sth->execute($query->param('pass'), $query->param('user'));
|
2007-10-10 21:48:12 +00:00
|
|
|
|
|
|
|
#if something was returned username and password match
|
2007-10-11 17:26:39 +00:00
|
|
|
if($sth->fetchrow_array())
|
|
|
|
{
|
2007-10-10 21:48:12 +00:00
|
|
|
#store session id in database
|
2007-10-12 00:34:32 +00:00
|
|
|
$sth = $dbh->prepare(qq{update users set sid = ? where username = ? });
|
|
|
|
$sth->execute($session->id, $query->param('user'));
|
2007-10-10 21:48:12 +00:00
|
|
|
$sth->finish();
|
|
|
|
print $session->header();
|
|
|
|
print "logged in";
|
2007-10-11 17:26:39 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2007-10-10 21:48:12 +00:00
|
|
|
#if not, print error
|
|
|
|
print $session->header();
|
|
|
|
print "could not log you in";
|
|
|
|
}
|
|
|
|
|
2007-10-11 17:26:39 +00:00
|
|
|
}
|
2007-10-20 16:32:04 +00:00
|
|
|
elsif($query->param('action') eq "openid")
|
|
|
|
{
|
|
|
|
#create our openid consumer object
|
|
|
|
$con = Net::OpenID::Consumer->new(
|
|
|
|
ua => LWP::UserAgent->new, # FIXME - use LWPx::ParanoidAgent
|
|
|
|
cache => undef, # or File::Cache->new,
|
|
|
|
args => $query,
|
|
|
|
consumer_secret => $session->id, #is this save? don't know...
|
|
|
|
required_root => "http://localhost/" );
|
|
|
|
|
|
|
|
#is an openid passed?
|
|
|
|
if($query->param('user'))
|
|
|
|
{
|
|
|
|
#claim identity
|
|
|
|
$claimed = $con->claimed_identity($query->param('user'));
|
|
|
|
if(!defined($claimed))
|
|
|
|
{
|
|
|
|
print $session->header();
|
|
|
|
print "claim failed: ", $con->err;
|
|
|
|
}
|
|
|
|
$check_url = $claimed->check_url(
|
|
|
|
return_to => "http://localhost/gnutube/login.pl?action=openid&ret=true", #on success return to this address
|
|
|
|
trust_root => "http://localhost/"); #this is the string the user will be asked to trust
|
|
|
|
|
|
|
|
#redirect to openid server to check claim
|
|
|
|
print $query->redirect($check_url);
|
|
|
|
}
|
|
|
|
#we return from an identity check
|
|
|
|
elsif($query->param('ret'))
|
|
|
|
{
|
|
|
|
if($setup_url = $con->user_setup_url)
|
|
|
|
{
|
|
|
|
#redirect to setup url - user will give confirmation there
|
|
|
|
print $query->redirect($setup_url);
|
|
|
|
}
|
|
|
|
elsif ($con->user_cancel)
|
|
|
|
{
|
|
|
|
#cancelled - redirect to login form
|
|
|
|
print $session->header();
|
|
|
|
print "cancelled";
|
|
|
|
}
|
|
|
|
elsif ($vident = $con->verified_identity)
|
|
|
|
{
|
|
|
|
#we are verified!!
|
|
|
|
my $verified_url = $vident->url;
|
|
|
|
print $session->header();
|
|
|
|
print "success $verified_url";
|
|
|
|
|
|
|
|
#check if this openid user already is in database
|
|
|
|
my $sth = $dbh->prepare(qq{select id from users where username = ? limit 1 });
|
|
|
|
$sth->execute($verified_url);
|
|
|
|
if($sth->fetchrow_array())
|
|
|
|
{
|
|
|
|
#store session id in database
|
|
|
|
$sth = $dbh->prepare(qq{update users set sid = ? where username = ? });
|
|
|
|
$sth->execute($session->id, $verified_url);
|
|
|
|
$sth->finish();
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
#add openid user to dabase
|
|
|
|
$sth = $dbh->prepare(qq{insert into users (username, sid) values ( ?, ? ) });
|
|
|
|
$sth->execute($verified_url, $session->id);
|
|
|
|
$sth->finish();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
#an error occured
|
|
|
|
print $session->header();
|
|
|
|
print "error validating identity: ", $con->err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
#someone is messing with the args
|
|
|
|
print $session->header();
|
|
|
|
print "hmm, openid action but no ret or user";
|
|
|
|
}
|
|
|
|
}
|
2007-10-11 17:26:39 +00:00
|
|
|
elsif($query->param('action') eq "logout")
|
|
|
|
{
|
2007-10-10 21:48:12 +00:00
|
|
|
#if logout is requested
|
|
|
|
#remove sid from database
|
2007-10-12 00:34:32 +00:00
|
|
|
$sth = $dbh->prepare(qq{update users set sid = '' where username = ?});
|
|
|
|
$sth->execute(get_username_from_sid($session->id));
|
2007-10-10 21:48:12 +00:00
|
|
|
$sth->finish();
|
|
|
|
$session->delete();
|
|
|
|
print $session->header();
|
|
|
|
print "logged out";
|
2007-10-11 17:26:39 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2007-10-10 21:48:12 +00:00
|
|
|
#something ugly was passed
|
|
|
|
print $session->header();
|
|
|
|
print "wtf?";
|
|
|
|
}
|
|
|
|
|
|
|
|
#disconnect db
|
|
|
|
$dbh->disconnect();
|
2007-10-11 17:26:39 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2007-10-12 00:44:24 +00:00
|
|
|
#if not, print login form
|
|
|
|
|
2007-10-12 11:04:34 +00:00
|
|
|
%page = ();
|
2007-10-12 00:44:24 +00:00
|
|
|
|
|
|
|
#if a username is associated with session id, username is nonempty
|
|
|
|
$page->{username} = get_username_from_sid($session->id);
|
2007-10-12 11:04:34 +00:00
|
|
|
$page->{locale} = $locale;
|
|
|
|
$page->{stylesheet} = $stylesheet;
|
|
|
|
$page->{loginform} = [''];
|
2007-10-12 00:44:24 +00:00
|
|
|
|
|
|
|
#print xml http header along with session cookie
|
|
|
|
print $session->header(-type=>'text/xml');
|
|
|
|
|
|
|
|
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
|
2007-10-10 21:48:12 +00:00
|
|
|
}
|