reordered and cleaned up xml generation, added better error and information handling, did more checks on login, logout, register, added xml attribute indent, added paranoid useragent on openid login, added ssl login, did maybe more but my console buffer is too small to view the whole diff

git-svn-id: http://yolanda.mister-muffin.de/svn@142 7eef14d0-6ed0-489d-bf55-20463b2d70db
This commit is contained in:
josch 2007-10-27 09:17:30 +00:00
parent 060b27682f
commit 41e016d560
10 changed files with 163 additions and 143 deletions

View file

@ -5,6 +5,8 @@ use CGI::Session;
use DBI;
use XML::Simple qw(:strict);
use Digest::SHA qw(sha256_hex);
use LWPx::ParanoidAgent;
use Net::OpenID::Consumer;
# change this as you install it somewhere else
$gnutube_root = '/var/www/gnutube';

View file

@ -34,5 +34,5 @@ fill_tagcloud;
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');

View file

@ -45,6 +45,12 @@
<str id="error_missing_DC.Language">You did not supply a language.</str>
<str id="error_missing_DC.Coverage">You did not supply a coverage.</str>
<str id="error_missing_DC.Rights">You did not supply a rights holder.</str>
<str id="error_already_registered">You seem to be already registered. Please log out to create a new account.</str>
<str id="error_already_logged_in">You seem to be already logged in. Please log out to log in again.</str>
<str id="error_username_password_do_not_match">Username and password do not match.</str>
<str id=""></str>
<str id=""></str>
<str id=""></str>
<!-- information -->
<str id="information_logged_in">You are now logged in.</str>
@ -52,6 +58,8 @@
<str id="information_metainformation_needed">To put the video into context, additional metainformation is needed.</str>
<str id="information_metainformation_rights"></str>
<str id="information_comment_created">Your comment has been created.</str>
<str id="information_registered">You successfully created yourself an account</str>
<str id="information_uploaded">You succcessfully uploaded your file</str>
<!-- warnings -->

View file

@ -7,14 +7,44 @@ CGI::Session->name($session_name);
$query = new CGI;
$session = new CGI::Session;
$username = get_username_from_sid($session->id);
%page = ();
$page->{'username'} = $username;
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
#check if action is set
if($query->param('action'))
{
#connect to db
$dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass);
if($query->param('action') eq "logout")
{
#if logout is requested
#remove sid from database
$dbh->do(qq{update users set sid = '' where username = ?}, undef, get_username_from_sid($session->id)) or die $dbh->errstr;
$session->delete();
print $query->redirect("index.pl?information=information_logged_out");
}
#check if user is logged in
elsif($username)
{
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_already_logged_in";
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
}
#if login is requested
if($query->param('action') eq "login")
elsif($query->param('action') eq "login")
{
#prepare query - empty password are openid users so omit those entries
my $sth = $dbh->prepare(qq{select id from users
@ -33,8 +63,13 @@ if($query->param('action'))
else
{
#if not, print error
print $session->header();
print "could not log you in";
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_username_password_do_not_match";
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
}
}
@ -42,7 +77,7 @@ if($query->param('action'))
{
#create our openid consumer object
$con = Net::OpenID::Consumer->new(
ua => LWP::UserAgent->new, # FIXME - use LWPx::ParanoidAgent
ua => LWPx::ParanoidAgent->new, # FIXME - use LWPx::ParanoidAgent
cache => undef, # or File::Cache->new,
args => $query,
consumer_secret => $session->id, #is this save? don't know...
@ -59,7 +94,7 @@ if($query->param('action'))
print "claim failed: ", $con->err;
}
$check_url = $claimed->check_url(
return_to => "http://localhost/gnutube/login.pl?action=openid&ret=true", #on success return to this address
return_to => "$domain/login.pl?action=openid&ret=true", #on success return to this address
trust_root => $domain); #this is the string the user will be asked to trust
#redirect to openid server to check claim
@ -110,43 +145,48 @@ if($query->param('action'))
else
{
#someone is messing with the args
print $session->header();
print "hmm, openid action but no ret or user";
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_202c";
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
}
}
elsif($query->param('action') eq "logout")
{
#if logout is requested
#remove sid from database
$dbh->do(qq{update users set sid = '' where username = ?}, undef, get_username_from_sid($session->id)) or die $dbh->errstr;
$session->delete();
print $session->header();
print "logged out";
}
else
{
#something ugly was passed
print $session->header();
print "wtf?";
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_202c";
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
}
#disconnect db
$dbh->disconnect();
}
#check if user is logged in
elsif($username)
{
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_already_logged_in";
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
}
else
{
#if not, print login form
%page = ();
#if a username is associated with session id, username is nonempty
$page->{username} = get_username_from_sid($session->id);
$page->{locale} = $locale;
$page->{stylesheet} = $stylesheet;
$page->{loginform} = [''];
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
}

View file

@ -7,8 +7,25 @@ CGI::Session->name($session_name);
$query = new CGI;
$session = new CGI::Session;
$username = get_username_from_sid($session->id);
%page = ();
$page->{'username'} = $username;
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
#check if user is logged in
if($username)
{
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_already_registered";
}
#if username and password are passed put them into the database
if($query->param('user') and $query->param('pass'))
elsif($query->param('user') and $query->param('pass'))
{
#connect to db
my $dbh = DBI->connect("DBI:mysql:$database:$host", $dbuser, $dbpass) or die $dbh->errstr;
@ -21,23 +38,15 @@ if($query->param('user') and $query->param('pass'))
$dbh->disconnect() or die $dbh->errstr;
#print a little confirmation
print $session->header();
print 'done';
$page->{'message'}->{'type'} = "information";
$page->{'message'}->{'text'} = "information_registered";
}
else
{
#if not, print register form
%page = ();
#if a username is associated with session id, username is nonempty
$page->{username} = get_username_from_sid($session->id);
$page->{locale} = $locale;
$page->{stylesheet} = $stylesheet;
$page->{registerform} = [''];
$page->{'registerform'} = [''];
}
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
}
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');

View file

@ -143,22 +143,15 @@ if($query->param('query') or $query->param('orderby'))
#close db
$dbh->disconnect() or die $dbh->errstr;
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
}
else
{
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_202c";
}
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
}
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');

View file

@ -11,7 +11,7 @@
<!-- <str id=""></str>
<str id=""></str>
<str id=""></str>-->
<str id="page_account">account</str>
<str id="page_account">/account.pl</str>
<str id="page_bookmarks"></str>
<str id="page_login">login.pl</str>
<str id="page_login-openid">login-openid.pl</str>
@ -21,7 +21,7 @@
<str id="page_gnutube-source-code">http://mister-muffin.de/proj/browser</str>
<str id="page_register">register.pl</str>
<str id="page_results">search.pl?query=</str>
<str id="page_upload">upload.pl</str>
<str id="page_upload">/upload.pl</str>
<str id="page_uploader">uploader.pl</str>
<str id="page_query_latestadditions">search.pl?query=&amp;orderby=timestamp&amp;sort=desc</str>

View file

@ -8,41 +8,27 @@ my $session = new CGI::Session;
my $username = get_username_from_sid($session->id);
if($username)
{
%page = ();
#if a username is associated with session id, username is nonempty
$page->{'username'} = get_username_from_sid($session->id);
$page->{'username'} = $username;
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
if($username)
{
$page->{uploadform} = {'page' => '2'};
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
}
else
{
%page = ();
$page->{'username'} = get_username_from_sid($session->id);
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_202c";
}
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
}
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');

View file

@ -20,6 +20,16 @@ sub hook
my $userid = get_userid_from_sid($session->id);
%page = ();
#if a username is associated with session id, username is nonempty
$page->{'username'} = get_username_from_sid($session->id);
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
if($userid)
{
#connect to db
@ -49,31 +59,19 @@ if($userid)
}
close TEMPFILE;
print $session->header();
print "passt";
print $id;
$page->{'message'}->{'type'} = "information";
$page->{'message'}->{'text'} = "information_uploaded";
#disconnect db
$dbh->disconnect() or die $dbh->errstr;
}
else
{
%page = ();
#if a username is associated with session id, username is nonempty
$page->{'username'} = get_username_from_sid($session->id);
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_202c";
}
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
}
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');

View file

@ -6,9 +6,6 @@ CGI::Session->name($session_name);
$query = new CGI;
$session = new CGI::Session;
#check if id or title is passed
if($query->url_param('title') or $query->url_param('id'))
{
%page = ();
#if a username is associated with session id, username is nonempty
@ -19,6 +16,9 @@ if($query->url_param('title') or $query->url_param('id'))
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
#check if id or title is passed
if($query->url_param('title') or $query->url_param('id'))
{
#connect to db
my $dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass) or die $dbh->errstr;
@ -209,31 +209,15 @@ if($query->url_param('title') or $query->url_param('id'))
#close db
$dbh->disconnect() or die $dbh->errstr;
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => 1);
}
else
{
%page = ();
#if a username is associated with session id, username is nonempty
$page->{'username'} = get_username_from_sid($session->id);
$page->{'locale'} = $locale;
$page->{'stylesheet'} = $stylesheet;
$page->{'xmlns:dc'} = $xmlns_dc;
$page->{'xmlns:cc'} = $xmlns_cc;
$page->{'xmlns:rdf'} = $xmlns_rdf;
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_202c";
}
#print xml http header along with session cookie
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
#print xml
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
}
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');