From 41e016d56040e8d136650f9dec52ef475d22d756 Mon Sep 17 00:00:00 2001
From: josch <josch@7eef14d0-6ed0-489d-bf55-20463b2d70db>
Date: Sat, 27 Oct 2007 09:17:30 +0000
Subject: [PATCH] reordered and cleaned up xml generation, added better error
 and information handling, did more checks on login, logout, register, added
 xml attribute indent, added paranoid useragent on openid login, added ssl
 login, did maybe more but my console buffer is too small to view the whole
 diff

git-svn-id: http://yolanda.mister-muffin.de/svn@142 7eef14d0-6ed0-489d-bf55-20463b2d70db
---
 trunk/include.pl       |   2 +
 trunk/index.pl         |   2 +-
 trunk/locale/en-US.xml |   8 ++++
 trunk/login.pl         | 100 ++++++++++++++++++++++++++++-------------
 trunk/register.pl      |  43 +++++++++++-------
 trunk/search.pl        |  19 +++-----
 trunk/site/gnutube.xml |   4 +-
 trunk/upload.pl        |  44 +++++++-----------
 trunk/uploader.pl      |  36 +++++++--------
 trunk/video.pl         |  48 +++++++-------------
 10 files changed, 163 insertions(+), 143 deletions(-)

diff --git a/trunk/include.pl b/trunk/include.pl
index c185c75..a58cdab 100644
--- a/trunk/include.pl
+++ b/trunk/include.pl
@@ -5,6 +5,8 @@ use CGI::Session;
 use DBI;
 use XML::Simple qw(:strict);
 use Digest::SHA qw(sha256_hex);
+use LWPx::ParanoidAgent;
+use Net::OpenID::Consumer;
 
 # change this as you install it somewhere else
 $gnutube_root = '/var/www/gnutube';
diff --git a/trunk/index.pl b/trunk/index.pl
index cf9f84c..1ff765b 100644
--- a/trunk/index.pl
+++ b/trunk/index.pl
@@ -34,5 +34,5 @@ fill_tagcloud;
 print $session->header(-type=>'text/xml', -charset=>'UTF-8');
 
 #print xml
-print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
+print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
 
diff --git a/trunk/locale/en-US.xml b/trunk/locale/en-US.xml
index 071bf24..a806752 100755
--- a/trunk/locale/en-US.xml
+++ b/trunk/locale/en-US.xml
@@ -45,6 +45,12 @@
 	<str id="error_missing_DC.Language">You did not supply a language.</str>
 	<str id="error_missing_DC.Coverage">You did not supply a coverage.</str>
 	<str id="error_missing_DC.Rights">You did not supply a rights holder.</str>
+	<str id="error_already_registered">You seem to be already registered. Please log out to create a new account.</str>
+	<str id="error_already_logged_in">You seem to be already logged in. Please log out to log in again.</str>
+	<str id="error_username_password_do_not_match">Username and password do not match.</str>
+	<str id=""></str>
+	<str id=""></str>
+	<str id=""></str>
 
 	<!-- information -->
 	<str id="information_logged_in">You are now logged in.</str>
@@ -52,6 +58,8 @@
 	<str id="information_metainformation_needed">To put the video into context, additional metainformation is needed.</str>
 	<str id="information_metainformation_rights"></str>
 	<str id="information_comment_created">Your comment has been created.</str>
+	<str id="information_registered">You successfully created yourself an account</str>
+	<str id="information_uploaded">You succcessfully uploaded your file</str>
 
 	<!-- warnings -->
 
diff --git a/trunk/login.pl b/trunk/login.pl
index d7bbfd7..ff32e7c 100644
--- a/trunk/login.pl
+++ b/trunk/login.pl
@@ -7,14 +7,44 @@ CGI::Session->name($session_name);
 $query = new CGI;
 $session = new CGI::Session;
 
+$username = get_username_from_sid($session->id);
+
+%page = ();
+
+$page->{'username'} = $username;
+$page->{'locale'} = $locale;
+$page->{'stylesheet'} = $stylesheet;
+$page->{'xmlns:dc'} = $xmlns_dc;
+$page->{'xmlns:cc'} = $xmlns_cc;
+$page->{'xmlns:rdf'} = $xmlns_rdf;
+
 #check if action is set
 if($query->param('action'))
 {
 	#connect to db
 	$dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass);
 	
+	if($query->param('action') eq "logout")
+	{
+		#if logout is requested
+		#remove sid from database
+		$dbh->do(qq{update users set sid = '' where username = ?}, undef, get_username_from_sid($session->id)) or die $dbh->errstr;
+		$session->delete();
+		print $query->redirect("index.pl?information=information_logged_out");
+	}
+	#check if user is logged in
+	elsif($username)
+	{
+		$page->{'message'}->{'type'} = "error";
+		$page->{'message'}->{'text'} = "error_already_logged_in";
+		
+		#print xml http header along with session cookie
+		print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+		print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
+	}
 	#if login is requested
-	if($query->param('action') eq "login")
+	elsif($query->param('action') eq "login")
 	{
 		#prepare query - empty password are openid users so omit those entries
 		my $sth = $dbh->prepare(qq{select id from users
@@ -33,8 +63,13 @@ if($query->param('action'))
 		else
 		{
 			#if not, print error
-			print $session->header();
-			print "could not log you in";
+			$page->{'message'}->{'type'} = "error";
+			$page->{'message'}->{'text'} = "error_username_password_do_not_match";
+			
+			#print xml http header along with session cookie
+			print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+			print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
 		}
 		
 	}
@@ -42,7 +77,7 @@ if($query->param('action'))
 	{
 		#create our openid consumer object
 		$con = Net::OpenID::Consumer->new(
-		ua => LWP::UserAgent->new, # FIXME - use LWPx::ParanoidAgent
+		ua => LWPx::ParanoidAgent->new, # FIXME - use LWPx::ParanoidAgent
 		cache => undef, # or File::Cache->new,
 		args => $query,
 		consumer_secret => $session->id, #is this save? don't know...
@@ -59,7 +94,7 @@ if($query->param('action'))
 				print "claim failed: ", $con->err;
 			}
 			$check_url = $claimed->check_url(
-					return_to  => "http://localhost/gnutube/login.pl?action=openid&ret=true", #on success return to this address
+					return_to  => "$domain/login.pl?action=openid&ret=true", #on success return to this address
 					trust_root => $domain); #this is the string the user will be asked to trust
 					
 			#redirect to openid server to check claim
@@ -110,43 +145,48 @@ if($query->param('action'))
 		else
 		{
 			#someone is messing with the args
-			print $session->header();
-			print "hmm, openid action but no ret or user";
+			$page->{'message'}->{'type'} = "error";
+			$page->{'message'}->{'text'} = "error_202c";
+	
+			#print xml http header along with session cookie
+			print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+			print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
 		}
 	}
-	elsif($query->param('action') eq "logout")
-	{
-		#if logout is requested
-		#remove sid from database
-		$dbh->do(qq{update users set sid = '' where username = ?}, undef, get_username_from_sid($session->id)) or die $dbh->errstr;
-		$session->delete();
-		print $session->header();
-		print "logged out";
-	}
 	else
 	{
 		#something ugly was passed
-		print $session->header();
-		print "wtf?";
+		$page->{'message'}->{'type'} = "error";
+		$page->{'message'}->{'text'} = "error_202c";
+	
+		#print xml http header along with session cookie
+		print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+		print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
 	}
 
 	#disconnect db
 	$dbh->disconnect();
 }
-else
+#check if user is logged in
+elsif($username)
 {
-	#if not, print login form
-
-	%page = ();
-
-	#if a username is associated with session id, username is nonempty
-	$page->{username} = get_username_from_sid($session->id);
-	$page->{locale} = $locale;
-	$page->{stylesheet} = $stylesheet;
-	$page->{loginform} = [''];
-
+	$page->{'message'}->{'type'} = "error";
+	$page->{'message'}->{'text'} = "error_already_logged_in";
+	
 	#print xml http header along with session cookie
 	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
 
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
+	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
+}
+else
+{
+	#if not, print login form
+	$page->{loginform} = [''];
+	
+	#print xml http header along with session cookie
+	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
 }
diff --git a/trunk/register.pl b/trunk/register.pl
index 292c528..9ff2369 100644
--- a/trunk/register.pl
+++ b/trunk/register.pl
@@ -7,8 +7,25 @@ CGI::Session->name($session_name);
 $query = new CGI;
 $session = new CGI::Session;
 
+$username = get_username_from_sid($session->id);
+
+%page = ();
+
+$page->{'username'} = $username;
+$page->{'locale'} = $locale;
+$page->{'stylesheet'} = $stylesheet;
+$page->{'xmlns:dc'} = $xmlns_dc;
+$page->{'xmlns:cc'} = $xmlns_cc;
+$page->{'xmlns:rdf'} = $xmlns_rdf;
+
+#check if user is logged in
+if($username)
+{
+	$page->{'message'}->{'type'} = "error";
+	$page->{'message'}->{'text'} = "error_already_registered";
+}
 #if username and password are passed put them into the database
-if($query->param('user') and $query->param('pass'))
+elsif($query->param('user') and $query->param('pass'))
 {
 	#connect to db
 	my $dbh = DBI->connect("DBI:mysql:$database:$host", $dbuser, $dbpass) or die $dbh->errstr;
@@ -21,23 +38,15 @@ if($query->param('user') and $query->param('pass'))
 	$dbh->disconnect() or die $dbh->errstr;
 	
 	#print a little confirmation
-	print $session->header();
-	print 'done';
+	$page->{'message'}->{'type'} = "information";
+	$page->{'message'}->{'text'} = "information_registered";
 }
 else
 {
-	#if not, print register form
-
-	%page = ();
-
-	#if a username is associated with session id, username is nonempty
-	$page->{username} = get_username_from_sid($session->id);
-	$page->{locale} = $locale;
-	$page->{stylesheet} = $stylesheet;
-	$page->{registerform} = [''];
-
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
+	$page->{'registerform'} = [''];
 }
+
+#print xml http header along with session cookie
+print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
diff --git a/trunk/search.pl b/trunk/search.pl
index df7705b..6e74128 100644
--- a/trunk/search.pl
+++ b/trunk/search.pl
@@ -143,22 +143,15 @@ if($query->param('query') or $query->param('orderby'))
 	
 	#close db
 	$dbh->disconnect() or die $dbh->errstr;
-	
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	#print xml
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
 }
 else
 {
-	
 	$page->{'message'}->{'type'} = "error";
 	$page->{'message'}->{'text'} = "error_202c";
-	
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	#print xml
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
 }
+
+#print xml http header along with session cookie
+print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+#print xml
+print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
diff --git a/trunk/site/gnutube.xml b/trunk/site/gnutube.xml
index d8be7df..0d2a89d 100755
--- a/trunk/site/gnutube.xml
+++ b/trunk/site/gnutube.xml
@@ -11,7 +11,7 @@
 <!--	<str id=""></str>
 	<str id=""></str>
 	<str id=""></str>-->
-	<str id="page_account">account</str>
+	<str id="page_account">/account.pl</str>
 	<str id="page_bookmarks"></str>
 	<str id="page_login">login.pl</str>
 	<str id="page_login-openid">login-openid.pl</str>
@@ -21,7 +21,7 @@
 	<str id="page_gnutube-source-code">http://mister-muffin.de/proj/browser</str>
 	<str id="page_register">register.pl</str>
 	<str id="page_results">search.pl?query=</str>
-	<str id="page_upload">upload.pl</str>
+	<str id="page_upload">/upload.pl</str>
 	<str id="page_uploader">uploader.pl</str>
 	<str id="page_query_latestadditions">search.pl?query=&amp;orderby=timestamp&amp;sort=desc</str>
 
diff --git a/trunk/upload.pl b/trunk/upload.pl
index ad2235c..f215d8a 100644
--- a/trunk/upload.pl
+++ b/trunk/upload.pl
@@ -8,41 +8,27 @@ my $session = new CGI::Session;
 
 my $username = get_username_from_sid($session->id);
 
+%page = ();
+
+#if a username is associated with session id, username is nonempty
+$page->{'username'} = $username;
+$page->{'locale'} = $locale;
+$page->{'stylesheet'} = $stylesheet;
+$page->{'xmlns:dc'} = $xmlns_dc;
+$page->{'xmlns:cc'} = $xmlns_cc;
+$page->{'xmlns:rdf'} = $xmlns_rdf;
+
 if($username)
 {
-	%page = ();
-
-	#if a username is associated with session id, username is nonempty
-	$page->{'username'} = get_username_from_sid($session->id);
-	$page->{'locale'} = $locale;
-	$page->{'stylesheet'} = $stylesheet;
-	$page->{'xmlns:dc'} = $xmlns_dc;
-	$page->{'xmlns:cc'} = $xmlns_cc;
-	$page->{'xmlns:rdf'} = $xmlns_rdf;
 	$page->{uploadform} = {'page' => '2'};
-
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
 }
 else
 {
-	%page = ();
-	
-	$page->{'username'} = get_username_from_sid($session->id);
-	$page->{'locale'} = $locale;
-	$page->{'stylesheet'} = $stylesheet;
-	$page->{'xmlns:dc'} = $xmlns_dc;
-	$page->{'xmlns:cc'} = $xmlns_cc;
-	$page->{'xmlns:rdf'} = $xmlns_rdf;
-	
 	$page->{'message'}->{'type'} = "error";
 	$page->{'message'}->{'text'} = "error_202c";
-	
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	#print xml
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
 }
+
+#print xml http header along with session cookie
+print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
diff --git a/trunk/uploader.pl b/trunk/uploader.pl
index 4d82b76..6ef7583 100644
--- a/trunk/uploader.pl
+++ b/trunk/uploader.pl
@@ -20,6 +20,16 @@ sub hook
  
 my $userid = get_userid_from_sid($session->id);
 
+%page = ();
+	
+#if a username is associated with session id, username is nonempty
+$page->{'username'} = get_username_from_sid($session->id);
+$page->{'locale'} = $locale;
+$page->{'stylesheet'} = $stylesheet;
+$page->{'xmlns:dc'} = $xmlns_dc;
+$page->{'xmlns:cc'} = $xmlns_cc;
+$page->{'xmlns:rdf'} = $xmlns_rdf;
+
 if($userid)
 {
 	#connect to db
@@ -49,31 +59,19 @@ if($userid)
 	}
 	close TEMPFILE;
 	
-	print $session->header();
-	print "passt";
-	print $id;
+	$page->{'message'}->{'type'} = "information";
+	$page->{'message'}->{'text'} = "information_uploaded";
 	
 	#disconnect db
 	$dbh->disconnect() or die $dbh->errstr;
 }
 else
 {
-	%page = ();
-	
-	#if a username is associated with session id, username is nonempty
-	$page->{'username'} = get_username_from_sid($session->id);
-	$page->{'locale'} = $locale;
-	$page->{'stylesheet'} = $stylesheet;
-	$page->{'xmlns:dc'} = $xmlns_dc;
-	$page->{'xmlns:cc'} = $xmlns_cc;
-	$page->{'xmlns:rdf'} = $xmlns_rdf;
-	
 	$page->{'message'}->{'type'} = "error";
 	$page->{'message'}->{'text'} = "error_202c";
-	
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	#print xml
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
 }
+#print xml http header along with session cookie
+print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+#print xml
+print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
diff --git a/trunk/video.pl b/trunk/video.pl
index 83db627..f3d4195 100644
--- a/trunk/video.pl
+++ b/trunk/video.pl
@@ -6,19 +6,19 @@ CGI::Session->name($session_name);
 $query = new CGI;
 $session = new CGI::Session;
 
+%page = ();
+
+#if a username is associated with session id, username is nonempty
+$page->{'username'} = get_username_from_sid($session->id);
+$page->{'locale'} = $locale;
+$page->{'stylesheet'} = $stylesheet;
+$page->{'xmlns:dc'} = $xmlns_dc;
+$page->{'xmlns:cc'} = $xmlns_cc;
+$page->{'xmlns:rdf'} = $xmlns_rdf;
+
 #check if id or title is passed
 if($query->url_param('title') or $query->url_param('id'))
 {
-	%page = ();
-	
-	#if a username is associated with session id, username is nonempty
-	$page->{'username'} = get_username_from_sid($session->id);
-	$page->{'locale'} = $locale;
-	$page->{'stylesheet'} = $stylesheet;
-	$page->{'xmlns:dc'} = $xmlns_dc;
-	$page->{'xmlns:cc'} = $xmlns_cc;
-	$page->{'xmlns:rdf'} = $xmlns_rdf;
-	
 	#connect to db
 	my $dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass) or die $dbh->errstr;
 	
@@ -209,31 +209,15 @@ if($query->url_param('title') or $query->url_param('id'))
 	
 	#close db
 	$dbh->disconnect() or die $dbh->errstr;
-	
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	#print xml
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => 1);
 }
 else
 {
-	%page = ();
-	
-	#if a username is associated with session id, username is nonempty
-	$page->{'username'} = get_username_from_sid($session->id);
-	$page->{'locale'} = $locale;
-	$page->{'stylesheet'} = $stylesheet;
-	$page->{'xmlns:dc'} = $xmlns_dc;
-	$page->{'xmlns:cc'} = $xmlns_cc;
-	$page->{'xmlns:rdf'} = $xmlns_rdf;
-	
 	$page->{'message'}->{'type'} = "error";
 	$page->{'message'}->{'text'} = "error_202c";
-	
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	#print xml
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
 }
+
+#print xml http header along with session cookie
+print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+#print xml
+print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');