reordered and cleaned up xml generation, added better error and information handling, did more checks on login, logout, register, added xml attribute indent, added paranoid useragent on openid login, added ssl login, did maybe more but my console buffer is too small to view the whole diff

git-svn-id: http://yolanda.mister-muffin.de/svn@142 7eef14d0-6ed0-489d-bf55-20463b2d70db
This commit is contained in:
josch 2007-10-27 09:17:30 +00:00
parent 060b27682f
commit 41e016d560
10 changed files with 163 additions and 143 deletions

View file

@ -5,6 +5,8 @@ use CGI::Session;
use DBI; use DBI;
use XML::Simple qw(:strict); use XML::Simple qw(:strict);
use Digest::SHA qw(sha256_hex); use Digest::SHA qw(sha256_hex);
use LWPx::ParanoidAgent;
use Net::OpenID::Consumer;
# change this as you install it somewhere else # change this as you install it somewhere else
$gnutube_root = '/var/www/gnutube'; $gnutube_root = '/var/www/gnutube';

View file

@ -34,5 +34,5 @@ fill_tagcloud;
print $session->header(-type=>'text/xml', -charset=>'UTF-8'); print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml #print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page'); print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');

View file

@ -45,6 +45,12 @@
<str id="error_missing_DC.Language">You did not supply a language.</str> <str id="error_missing_DC.Language">You did not supply a language.</str>
<str id="error_missing_DC.Coverage">You did not supply a coverage.</str> <str id="error_missing_DC.Coverage">You did not supply a coverage.</str>
<str id="error_missing_DC.Rights">You did not supply a rights holder.</str> <str id="error_missing_DC.Rights">You did not supply a rights holder.</str>
<str id="error_already_registered">You seem to be already registered. Please log out to create a new account.</str>
<str id="error_already_logged_in">You seem to be already logged in. Please log out to log in again.</str>
<str id="error_username_password_do_not_match">Username and password do not match.</str>
<str id=""></str>
<str id=""></str>
<str id=""></str>
<!-- information --> <!-- information -->
<str id="information_logged_in">You are now logged in.</str> <str id="information_logged_in">You are now logged in.</str>
@ -52,6 +58,8 @@
<str id="information_metainformation_needed">To put the video into context, additional metainformation is needed.</str> <str id="information_metainformation_needed">To put the video into context, additional metainformation is needed.</str>
<str id="information_metainformation_rights"></str> <str id="information_metainformation_rights"></str>
<str id="information_comment_created">Your comment has been created.</str> <str id="information_comment_created">Your comment has been created.</str>
<str id="information_registered">You successfully created yourself an account</str>
<str id="information_uploaded">You succcessfully uploaded your file</str>
<!-- warnings --> <!-- warnings -->

View file

@ -7,14 +7,44 @@ CGI::Session->name($session_name);
$query = new CGI; $query = new CGI;
$session = new CGI::Session; $session = new CGI::Session;
$username = get_username_from_sid($session->id);
%page = ();
$page->{'username'} = $username;
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
#check if action is set #check if action is set
if($query->param('action')) if($query->param('action'))
{ {
#connect to db #connect to db
$dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass); $dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass);
if($query->param('action') eq "logout")
{
#if logout is requested
#remove sid from database
$dbh->do(qq{update users set sid = '' where username = ?}, undef, get_username_from_sid($session->id)) or die $dbh->errstr;
$session->delete();
print $query->redirect("index.pl?information=information_logged_out");
}
#check if user is logged in
elsif($username)
{
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_already_logged_in";
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
}
#if login is requested #if login is requested
if($query->param('action') eq "login") elsif($query->param('action') eq "login")
{ {
#prepare query - empty password are openid users so omit those entries #prepare query - empty password are openid users so omit those entries
my $sth = $dbh->prepare(qq{select id from users my $sth = $dbh->prepare(qq{select id from users
@ -33,8 +63,13 @@ if($query->param('action'))
else else
{ {
#if not, print error #if not, print error
print $session->header(); $page->{'message'}->{'type'} = "error";
print "could not log you in"; $page->{'message'}->{'text'} = "error_username_password_do_not_match";
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
} }
} }
@ -42,7 +77,7 @@ if($query->param('action'))
{ {
#create our openid consumer object #create our openid consumer object
$con = Net::OpenID::Consumer->new( $con = Net::OpenID::Consumer->new(
ua => LWP::UserAgent->new, # FIXME - use LWPx::ParanoidAgent ua => LWPx::ParanoidAgent->new, # FIXME - use LWPx::ParanoidAgent
cache => undef, # or File::Cache->new, cache => undef, # or File::Cache->new,
args => $query, args => $query,
consumer_secret => $session->id, #is this save? don't know... consumer_secret => $session->id, #is this save? don't know...
@ -59,7 +94,7 @@ if($query->param('action'))
print "claim failed: ", $con->err; print "claim failed: ", $con->err;
} }
$check_url = $claimed->check_url( $check_url = $claimed->check_url(
return_to => "http://localhost/gnutube/login.pl?action=openid&ret=true", #on success return to this address return_to => "$domain/login.pl?action=openid&ret=true", #on success return to this address
trust_root => $domain); #this is the string the user will be asked to trust trust_root => $domain); #this is the string the user will be asked to trust
#redirect to openid server to check claim #redirect to openid server to check claim
@ -110,43 +145,48 @@ if($query->param('action'))
else else
{ {
#someone is messing with the args #someone is messing with the args
print $session->header(); $page->{'message'}->{'type'} = "error";
print "hmm, openid action but no ret or user"; $page->{'message'}->{'text'} = "error_202c";
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
} }
} }
elsif($query->param('action') eq "logout")
{
#if logout is requested
#remove sid from database
$dbh->do(qq{update users set sid = '' where username = ?}, undef, get_username_from_sid($session->id)) or die $dbh->errstr;
$session->delete();
print $session->header();
print "logged out";
}
else else
{ {
#something ugly was passed #something ugly was passed
print $session->header(); $page->{'message'}->{'type'} = "error";
print "wtf?"; $page->{'message'}->{'text'} = "error_202c";
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
} }
#disconnect db #disconnect db
$dbh->disconnect(); $dbh->disconnect();
} }
#check if user is logged in
elsif($username)
{
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_already_logged_in";
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
}
else else
{ {
#if not, print login form #if not, print login form
%page = ();
#if a username is associated with session id, username is nonempty
$page->{username} = get_username_from_sid($session->id);
$page->{locale} = $locale;
$page->{stylesheet} = $stylesheet;
$page->{loginform} = ['']; $page->{loginform} = [''];
#print xml http header along with session cookie #print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8'); print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page'); print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
} }

View file

@ -7,8 +7,25 @@ CGI::Session->name($session_name);
$query = new CGI; $query = new CGI;
$session = new CGI::Session; $session = new CGI::Session;
$username = get_username_from_sid($session->id);
%page = ();
$page->{'username'} = $username;
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
#check if user is logged in
if($username)
{
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_already_registered";
}
#if username and password are passed put them into the database #if username and password are passed put them into the database
if($query->param('user') and $query->param('pass')) elsif($query->param('user') and $query->param('pass'))
{ {
#connect to db #connect to db
my $dbh = DBI->connect("DBI:mysql:$database:$host", $dbuser, $dbpass) or die $dbh->errstr; my $dbh = DBI->connect("DBI:mysql:$database:$host", $dbuser, $dbpass) or die $dbh->errstr;
@ -21,23 +38,15 @@ if($query->param('user') and $query->param('pass'))
$dbh->disconnect() or die $dbh->errstr; $dbh->disconnect() or die $dbh->errstr;
#print a little confirmation #print a little confirmation
print $session->header(); $page->{'message'}->{'type'} = "information";
print 'done'; $page->{'message'}->{'text'} = "information_registered";
} }
else else
{ {
#if not, print register form $page->{'registerform'} = [''];
%page = ();
#if a username is associated with session id, username is nonempty
$page->{username} = get_username_from_sid($session->id);
$page->{locale} = $locale;
$page->{stylesheet} = $stylesheet;
$page->{registerform} = [''];
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
} }
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');

View file

@ -143,22 +143,15 @@ if($query->param('query') or $query->param('orderby'))
#close db #close db
$dbh->disconnect() or die $dbh->errstr; $dbh->disconnect() or die $dbh->errstr;
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
} }
else else
{ {
$page->{'message'}->{'type'} = "error"; $page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_202c"; $page->{'message'}->{'text'} = "error_202c";
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
} }
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');

View file

@ -11,7 +11,7 @@
<!-- <str id=""></str> <!-- <str id=""></str>
<str id=""></str> <str id=""></str>
<str id=""></str>--> <str id=""></str>-->
<str id="page_account">account</str> <str id="page_account">/account.pl</str>
<str id="page_bookmarks"></str> <str id="page_bookmarks"></str>
<str id="page_login">login.pl</str> <str id="page_login">login.pl</str>
<str id="page_login-openid">login-openid.pl</str> <str id="page_login-openid">login-openid.pl</str>
@ -21,7 +21,7 @@
<str id="page_gnutube-source-code">http://mister-muffin.de/proj/browser</str> <str id="page_gnutube-source-code">http://mister-muffin.de/proj/browser</str>
<str id="page_register">register.pl</str> <str id="page_register">register.pl</str>
<str id="page_results">search.pl?query=</str> <str id="page_results">search.pl?query=</str>
<str id="page_upload">upload.pl</str> <str id="page_upload">/upload.pl</str>
<str id="page_uploader">uploader.pl</str> <str id="page_uploader">uploader.pl</str>
<str id="page_query_latestadditions">search.pl?query=&amp;orderby=timestamp&amp;sort=desc</str> <str id="page_query_latestadditions">search.pl?query=&amp;orderby=timestamp&amp;sort=desc</str>

View file

@ -8,41 +8,27 @@ my $session = new CGI::Session;
my $username = get_username_from_sid($session->id); my $username = get_username_from_sid($session->id);
%page = ();
#if a username is associated with session id, username is nonempty
$page->{'username'} = $username;
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
if($username) if($username)
{ {
%page = ();
#if a username is associated with session id, username is nonempty
$page->{'username'} = get_username_from_sid($session->id);
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
$page->{uploadform} = {'page' => '2'}; $page->{uploadform} = {'page' => '2'};
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
} }
else else
{ {
%page = ();
$page->{'username'} = get_username_from_sid($session->id);
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
$page->{'message'}->{'type'} = "error"; $page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_202c"; $page->{'message'}->{'text'} = "error_202c";
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
} }
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');

View file

@ -20,6 +20,16 @@ sub hook
my $userid = get_userid_from_sid($session->id); my $userid = get_userid_from_sid($session->id);
%page = ();
#if a username is associated with session id, username is nonempty
$page->{'username'} = get_username_from_sid($session->id);
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
if($userid) if($userid)
{ {
#connect to db #connect to db
@ -49,31 +59,19 @@ if($userid)
} }
close TEMPFILE; close TEMPFILE;
print $session->header(); $page->{'message'}->{'type'} = "information";
print "passt"; $page->{'message'}->{'text'} = "information_uploaded";
print $id;
#disconnect db #disconnect db
$dbh->disconnect() or die $dbh->errstr; $dbh->disconnect() or die $dbh->errstr;
} }
else else
{ {
%page = ();
#if a username is associated with session id, username is nonempty
$page->{'username'} = get_username_from_sid($session->id);
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
$page->{'message'}->{'type'} = "error"; $page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_202c"; $page->{'message'}->{'text'} = "error_202c";
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
} }
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');

View file

@ -6,19 +6,19 @@ CGI::Session->name($session_name);
$query = new CGI; $query = new CGI;
$session = new CGI::Session; $session = new CGI::Session;
%page = ();
#if a username is associated with session id, username is nonempty
$page->{'username'} = get_username_from_sid($session->id);
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
#check if id or title is passed #check if id or title is passed
if($query->url_param('title') or $query->url_param('id')) if($query->url_param('title') or $query->url_param('id'))
{ {
%page = ();
#if a username is associated with session id, username is nonempty
$page->{'username'} = get_username_from_sid($session->id);
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
#connect to db #connect to db
my $dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass) or die $dbh->errstr; my $dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass) or die $dbh->errstr;
@ -209,31 +209,15 @@ if($query->url_param('title') or $query->url_param('id'))
#close db #close db
$dbh->disconnect() or die $dbh->errstr; $dbh->disconnect() or die $dbh->errstr;
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => 1);
} }
else else
{ {
%page = ();
#if a username is associated with session id, username is nonempty
$page->{'username'} = get_username_from_sid($session->id);
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
$page->{'message'}->{'type'} = "error"; $page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_202c"; $page->{'message'}->{'text'} = "error_202c";
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
} }
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');