2007-10-12 00:44:24 +00:00
|
|
|
require "functions.pl";
|
2007-10-10 21:48:12 +00:00
|
|
|
|
|
|
|
|
#initialize session data
|
2008-04-15 18:56:13 +00:00
|
|
|
CGI::Session->name($config->{"page_cookie_name"});
|
2007-10-10 21:48:12 +00:00
|
|
|
$query = new CGI;
|
|
|
|
|
$session = new CGI::Session;
|
|
|
|
|
|
2007-10-29 15:00:40 +00:00
|
|
|
@userinfo = get_userinfo_from_sid($session->id);
|
2007-10-27 09:17:30 +00:00
|
|
|
|
2008-04-27 10:39:21 +00:00
|
|
|
#TODO: use $query->http("HTTP_REFERER"); to redirect to the site last visited
|
2007-10-27 09:17:30 +00:00
|
|
|
|
2008-04-03 13:47:12 +00:00
|
|
|
if($query->param('action') eq "logout")
|
2007-10-11 17:26:39 +00:00
|
|
|
{
|
2008-04-03 13:47:12 +00:00
|
|
|
#if logout is requested
|
|
|
|
|
#remove sid from database
|
|
|
|
|
$dbh->do(qq{update users set sid = '' where id = ?}, undef, $userinfo->{'id'}) or die $dbh->errstr;
|
|
|
|
|
$session->delete();
|
2008-04-29 07:02:07 +00:00
|
|
|
|
2008-04-03 13:47:12 +00:00
|
|
|
print $query->redirect("index.pl?information=information_logged_out");
|
|
|
|
|
}
|
|
|
|
|
#check if user is logged in
|
|
|
|
|
elsif($userinfo->{'username'})
|
|
|
|
|
{
|
2008-04-27 00:42:15 +00:00
|
|
|
print $query->redirect("/index.pl?error=error_already_logged_in");
|
2008-04-03 13:47:12 +00:00
|
|
|
}
|
2008-04-04 05:40:21 +00:00
|
|
|
#if password is empty and username begins with http:// then it's an openid login
|
2008-04-03 16:20:52 +00:00
|
|
|
elsif($query->param('pass') eq '' and $query->param('user')=~m/^http:\/\//)
|
2008-04-03 13:47:12 +00:00
|
|
|
{
|
|
|
|
|
#create our openid consumer object
|
|
|
|
|
$con = Net::OpenID::Consumer->new(
|
2008-04-29 07:02:07 +00:00
|
|
|
ua => LWPx::ParanoidAgent->new,
|
|
|
|
|
cache => undef, # or File::Cache->new,
|
|
|
|
|
args => $query,
|
|
|
|
|
consumer_secret => $session->id, #is this save? don't know...
|
|
|
|
|
required_root => $config->{"url_root"}
|
|
|
|
|
);
|
2008-04-27 00:42:15 +00:00
|
|
|
|
|
|
|
|
#claim identity
|
|
|
|
|
$claimed = $con->claimed_identity($query->param('user'));
|
2008-04-29 07:02:07 +00:00
|
|
|
|
|
|
|
|
#if claim failed, redirect
|
2008-04-27 00:42:15 +00:00
|
|
|
if(!defined($claimed))
|
2008-02-14 22:15:38 +00:00
|
|
|
{
|
2008-04-27 00:42:15 +00:00
|
|
|
print $query->redirect("/index.pl?error=error_openid_".$con->errcode);
|
2008-02-14 22:15:38 +00:00
|
|
|
}
|
2008-04-03 16:20:52 +00:00
|
|
|
else
|
2008-02-14 22:15:38 +00:00
|
|
|
{
|
2008-04-27 00:42:15 +00:00
|
|
|
#try to set the check_url
|
|
|
|
|
$check_url = $claimed->check_url(
|
|
|
|
|
return_to => $config->{"url_root"}."login.pl?action=openid", #on success return to this address
|
|
|
|
|
trust_root => $config->{"url_root"}); #this is the string the user will be asked to trust
|
|
|
|
|
|
|
|
|
|
#redirect to openid server to check claim
|
|
|
|
|
print $query->redirect($check_url);
|
2008-04-03 16:20:52 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#we return from an identity check
|
|
|
|
|
elsif($query->param('action') eq 'openid')
|
|
|
|
|
{
|
|
|
|
|
#create our openid consumer object
|
|
|
|
|
$con = Net::OpenID::Consumer->new(
|
2008-04-29 07:02:07 +00:00
|
|
|
ua => LWPx::ParanoidAgent->new,
|
|
|
|
|
cache => undef, # or File::Cache->new,
|
|
|
|
|
args => $query,
|
|
|
|
|
consumer_secret => $session->id, #is this save? don't know...
|
|
|
|
|
required_root => $config->{"url_root"}
|
|
|
|
|
);
|
2008-04-03 16:20:52 +00:00
|
|
|
|
2008-04-29 07:02:07 +00:00
|
|
|
#redirect to setup url
|
2008-04-03 16:20:52 +00:00
|
|
|
if($setup_url = $con->user_setup_url)
|
|
|
|
|
{
|
|
|
|
|
#redirect to setup url - user will give confirmation there
|
|
|
|
|
print $query->redirect($setup_url);
|
|
|
|
|
}
|
2008-04-29 07:02:07 +00:00
|
|
|
#or cancel process
|
2008-04-03 16:20:52 +00:00
|
|
|
elsif ($con->user_cancel)
|
|
|
|
|
{
|
|
|
|
|
#cancelled - redirect to login form
|
2008-04-04 05:40:21 +00:00
|
|
|
print $query->redirect("index.pl");
|
2008-04-03 16:20:52 +00:00
|
|
|
}
|
2008-04-29 07:02:07 +00:00
|
|
|
#or verify identity
|
2008-04-03 16:20:52 +00:00
|
|
|
elsif ($vident = $con->verified_identity)
|
|
|
|
|
{
|
|
|
|
|
#we are verified!!
|
|
|
|
|
my $verified_url = $vident->url;
|
|
|
|
|
|
|
|
|
|
#check if this openid user already is in database
|
|
|
|
|
my $sth = $dbh->prepare(qq{select 1 from users where username = ? limit 1 });
|
|
|
|
|
$sth->execute($verified_url);
|
2008-04-29 07:02:07 +00:00
|
|
|
|
2008-04-03 16:20:52 +00:00
|
|
|
if($sth->fetchrow_array())
|
2008-02-14 22:15:38 +00:00
|
|
|
{
|
2008-04-03 16:20:52 +00:00
|
|
|
#store session id in database
|
|
|
|
|
$dbh->do(qq{update users set sid = ? where username = ? }, undef, $session->id, $verified_url) or die $dbh->errstr;
|
2008-04-03 13:47:12 +00:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2008-04-03 16:20:52 +00:00
|
|
|
#add openid user to dabase
|
|
|
|
|
$dbh->do(qq{insert into users (username, sid) values ( ?, ? ) }, undef, $verified_url, $session->id) or die $dbh->errstr;
|
2008-02-14 22:15:38 +00:00
|
|
|
}
|
2008-04-03 16:20:52 +00:00
|
|
|
|
|
|
|
|
print $query->redirect("index.pl?information=information_logged_in");
|
2008-02-14 22:15:38 +00:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2008-04-03 16:20:52 +00:00
|
|
|
#an error occured
|
|
|
|
|
print $session->header();
|
2008-04-04 05:40:21 +00:00
|
|
|
print "error validating identity: ", $con->errcode;
|
2008-02-14 22:15:38 +00:00
|
|
|
}
|
2007-10-11 17:26:39 +00:00
|
|
|
}
|
2008-04-03 13:47:12 +00:00
|
|
|
#else it's a normal login
|
2008-04-29 07:02:07 +00:00
|
|
|
#check if password is not empty and username is neither beginning with http nor empty
|
2008-04-03 13:47:12 +00:00
|
|
|
elsif($query->param('pass') ne '' and $query->param('user')!~m/^http:\/\// and $query->param('user') ne '')
|
2007-10-27 09:17:30 +00:00
|
|
|
{
|
2008-04-29 07:02:07 +00:00
|
|
|
#prepare query
|
2008-04-03 13:47:12 +00:00
|
|
|
my $sth = $dbh->prepare(qq{select id from users
|
|
|
|
|
where password = password( ? ) and username = ? limit 1 });
|
|
|
|
|
|
|
|
|
|
#execute query
|
|
|
|
|
$sth->execute($query->param('pass'), $query->param('user'));
|
2008-02-14 22:15:38 +00:00
|
|
|
|
2008-04-03 13:47:12 +00:00
|
|
|
#if something was returned username and password match
|
|
|
|
|
if($sth->fetchrow_array())
|
|
|
|
|
{
|
|
|
|
|
#store session id in database
|
|
|
|
|
$dbh->do(qq{update users set sid = ? where username = ? }, undef, $session->id, $query->param('user')) or die $dbh->errstr;
|
|
|
|
|
print $query->redirect("index.pl?information=information_logged_in");
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2008-04-27 00:42:15 +00:00
|
|
|
print $query->redirect("index.pl?error=error_username_password_do_not_match");
|
2008-04-03 13:47:12 +00:00
|
|
|
}
|
2007-10-27 09:17:30 +00:00
|
|
|
}
|
2007-10-11 17:26:39 +00:00
|
|
|
else
|
|
|
|
|
{
|
2008-04-27 00:42:15 +00:00
|
|
|
print $query->redirect("index.pl");
|
2007-10-10 21:48:12 +00:00
|
|
|
}
|
