reordered and cleaned up xml generation, added better error and information handling, did more checks on login, logout, register, added xml attribute indent, added paranoid useragent on openid login, added ssl login, did maybe more but my console buffer is too small to view the whole diff
git-svn-id: http://yolanda.mister-muffin.de/svn@142 7eef14d0-6ed0-489d-bf55-20463b2d70db
This commit is contained in:
parent
060b27682f
commit
41e016d560
10 changed files with 163 additions and 143 deletions
|
@ -5,6 +5,8 @@ use CGI::Session;
|
|||
use DBI;
|
||||
use XML::Simple qw(:strict);
|
||||
use Digest::SHA qw(sha256_hex);
|
||||
use LWPx::ParanoidAgent;
|
||||
use Net::OpenID::Consumer;
|
||||
|
||||
# change this as you install it somewhere else
|
||||
$gnutube_root = '/var/www/gnutube';
|
||||
|
|
|
@ -34,5 +34,5 @@ fill_tagcloud;
|
|||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
#print xml
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
|
||||
|
||||
|
|
|
@ -45,6 +45,12 @@
|
|||
<str id="error_missing_DC.Language">You did not supply a language.</str>
|
||||
<str id="error_missing_DC.Coverage">You did not supply a coverage.</str>
|
||||
<str id="error_missing_DC.Rights">You did not supply a rights holder.</str>
|
||||
<str id="error_already_registered">You seem to be already registered. Please log out to create a new account.</str>
|
||||
<str id="error_already_logged_in">You seem to be already logged in. Please log out to log in again.</str>
|
||||
<str id="error_username_password_do_not_match">Username and password do not match.</str>
|
||||
<str id=""></str>
|
||||
<str id=""></str>
|
||||
<str id=""></str>
|
||||
|
||||
<!-- information -->
|
||||
<str id="information_logged_in">You are now logged in.</str>
|
||||
|
@ -52,6 +58,8 @@
|
|||
<str id="information_metainformation_needed">To put the video into context, additional metainformation is needed.</str>
|
||||
<str id="information_metainformation_rights"></str>
|
||||
<str id="information_comment_created">Your comment has been created.</str>
|
||||
<str id="information_registered">You successfully created yourself an account</str>
|
||||
<str id="information_uploaded">You succcessfully uploaded your file</str>
|
||||
|
||||
<!-- warnings -->
|
||||
|
||||
|
|
|
@ -7,14 +7,44 @@ CGI::Session->name($session_name);
|
|||
$query = new CGI;
|
||||
$session = new CGI::Session;
|
||||
|
||||
$username = get_username_from_sid($session->id);
|
||||
|
||||
%page = ();
|
||||
|
||||
$page->{'username'} = $username;
|
||||
$page->{'locale'} = $locale;
|
||||
$page->{'stylesheet'} = $stylesheet;
|
||||
$page->{'xmlns:dc'} = $xmlns_dc;
|
||||
$page->{'xmlns:cc'} = $xmlns_cc;
|
||||
$page->{'xmlns:rdf'} = $xmlns_rdf;
|
||||
|
||||
#check if action is set
|
||||
if($query->param('action'))
|
||||
{
|
||||
#connect to db
|
||||
$dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass);
|
||||
|
||||
if($query->param('action') eq "logout")
|
||||
{
|
||||
#if logout is requested
|
||||
#remove sid from database
|
||||
$dbh->do(qq{update users set sid = '' where username = ?}, undef, get_username_from_sid($session->id)) or die $dbh->errstr;
|
||||
$session->delete();
|
||||
print $query->redirect("index.pl?information=information_logged_out");
|
||||
}
|
||||
#check if user is logged in
|
||||
elsif($username)
|
||||
{
|
||||
$page->{'message'}->{'type'} = "error";
|
||||
$page->{'message'}->{'text'} = "error_already_logged_in";
|
||||
|
||||
#print xml http header along with session cookie
|
||||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
|
||||
}
|
||||
#if login is requested
|
||||
if($query->param('action') eq "login")
|
||||
elsif($query->param('action') eq "login")
|
||||
{
|
||||
#prepare query - empty password are openid users so omit those entries
|
||||
my $sth = $dbh->prepare(qq{select id from users
|
||||
|
@ -33,8 +63,13 @@ if($query->param('action'))
|
|||
else
|
||||
{
|
||||
#if not, print error
|
||||
print $session->header();
|
||||
print "could not log you in";
|
||||
$page->{'message'}->{'type'} = "error";
|
||||
$page->{'message'}->{'text'} = "error_username_password_do_not_match";
|
||||
|
||||
#print xml http header along with session cookie
|
||||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -42,7 +77,7 @@ if($query->param('action'))
|
|||
{
|
||||
#create our openid consumer object
|
||||
$con = Net::OpenID::Consumer->new(
|
||||
ua => LWP::UserAgent->new, # FIXME - use LWPx::ParanoidAgent
|
||||
ua => LWPx::ParanoidAgent->new, # FIXME - use LWPx::ParanoidAgent
|
||||
cache => undef, # or File::Cache->new,
|
||||
args => $query,
|
||||
consumer_secret => $session->id, #is this save? don't know...
|
||||
|
@ -59,7 +94,7 @@ if($query->param('action'))
|
|||
print "claim failed: ", $con->err;
|
||||
}
|
||||
$check_url = $claimed->check_url(
|
||||
return_to => "http://localhost/gnutube/login.pl?action=openid&ret=true", #on success return to this address
|
||||
return_to => "$domain/login.pl?action=openid&ret=true", #on success return to this address
|
||||
trust_root => $domain); #this is the string the user will be asked to trust
|
||||
|
||||
#redirect to openid server to check claim
|
||||
|
@ -110,43 +145,48 @@ if($query->param('action'))
|
|||
else
|
||||
{
|
||||
#someone is messing with the args
|
||||
print $session->header();
|
||||
print "hmm, openid action but no ret or user";
|
||||
$page->{'message'}->{'type'} = "error";
|
||||
$page->{'message'}->{'text'} = "error_202c";
|
||||
|
||||
#print xml http header along with session cookie
|
||||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
|
||||
}
|
||||
}
|
||||
elsif($query->param('action') eq "logout")
|
||||
{
|
||||
#if logout is requested
|
||||
#remove sid from database
|
||||
$dbh->do(qq{update users set sid = '' where username = ?}, undef, get_username_from_sid($session->id)) or die $dbh->errstr;
|
||||
$session->delete();
|
||||
print $session->header();
|
||||
print "logged out";
|
||||
}
|
||||
else
|
||||
{
|
||||
#something ugly was passed
|
||||
print $session->header();
|
||||
print "wtf?";
|
||||
$page->{'message'}->{'type'} = "error";
|
||||
$page->{'message'}->{'text'} = "error_202c";
|
||||
|
||||
#print xml http header along with session cookie
|
||||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
|
||||
}
|
||||
|
||||
#disconnect db
|
||||
$dbh->disconnect();
|
||||
}
|
||||
#check if user is logged in
|
||||
elsif($username)
|
||||
{
|
||||
$page->{'message'}->{'type'} = "error";
|
||||
$page->{'message'}->{'text'} = "error_already_logged_in";
|
||||
|
||||
#print xml http header along with session cookie
|
||||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
|
||||
}
|
||||
else
|
||||
{
|
||||
#if not, print login form
|
||||
|
||||
%page = ();
|
||||
|
||||
#if a username is associated with session id, username is nonempty
|
||||
$page->{username} = get_username_from_sid($session->id);
|
||||
$page->{locale} = $locale;
|
||||
$page->{stylesheet} = $stylesheet;
|
||||
$page->{loginform} = [''];
|
||||
|
||||
#print xml http header along with session cookie
|
||||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
|
||||
}
|
||||
|
|
|
@ -7,8 +7,25 @@ CGI::Session->name($session_name);
|
|||
$query = new CGI;
|
||||
$session = new CGI::Session;
|
||||
|
||||
$username = get_username_from_sid($session->id);
|
||||
|
||||
%page = ();
|
||||
|
||||
$page->{'username'} = $username;
|
||||
$page->{'locale'} = $locale;
|
||||
$page->{'stylesheet'} = $stylesheet;
|
||||
$page->{'xmlns:dc'} = $xmlns_dc;
|
||||
$page->{'xmlns:cc'} = $xmlns_cc;
|
||||
$page->{'xmlns:rdf'} = $xmlns_rdf;
|
||||
|
||||
#check if user is logged in
|
||||
if($username)
|
||||
{
|
||||
$page->{'message'}->{'type'} = "error";
|
||||
$page->{'message'}->{'text'} = "error_already_registered";
|
||||
}
|
||||
#if username and password are passed put them into the database
|
||||
if($query->param('user') and $query->param('pass'))
|
||||
elsif($query->param('user') and $query->param('pass'))
|
||||
{
|
||||
#connect to db
|
||||
my $dbh = DBI->connect("DBI:mysql:$database:$host", $dbuser, $dbpass) or die $dbh->errstr;
|
||||
|
@ -21,23 +38,15 @@ if($query->param('user') and $query->param('pass'))
|
|||
$dbh->disconnect() or die $dbh->errstr;
|
||||
|
||||
#print a little confirmation
|
||||
print $session->header();
|
||||
print 'done';
|
||||
$page->{'message'}->{'type'} = "information";
|
||||
$page->{'message'}->{'text'} = "information_registered";
|
||||
}
|
||||
else
|
||||
{
|
||||
#if not, print register form
|
||||
|
||||
%page = ();
|
||||
|
||||
#if a username is associated with session id, username is nonempty
|
||||
$page->{username} = get_username_from_sid($session->id);
|
||||
$page->{locale} = $locale;
|
||||
$page->{stylesheet} = $stylesheet;
|
||||
$page->{registerform} = [''];
|
||||
$page->{'registerform'} = [''];
|
||||
}
|
||||
|
||||
#print xml http header along with session cookie
|
||||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
|
||||
}
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
|
||||
|
|
|
@ -143,22 +143,15 @@ if($query->param('query') or $query->param('orderby'))
|
|||
|
||||
#close db
|
||||
$dbh->disconnect() or die $dbh->errstr;
|
||||
|
||||
#print xml http header along with session cookie
|
||||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
#print xml
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
$page->{'message'}->{'type'} = "error";
|
||||
$page->{'message'}->{'text'} = "error_202c";
|
||||
}
|
||||
|
||||
#print xml http header along with session cookie
|
||||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
#print xml
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
|
||||
}
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
<!-- <str id=""></str>
|
||||
<str id=""></str>
|
||||
<str id=""></str>-->
|
||||
<str id="page_account">account</str>
|
||||
<str id="page_account">/account.pl</str>
|
||||
<str id="page_bookmarks"></str>
|
||||
<str id="page_login">login.pl</str>
|
||||
<str id="page_login-openid">login-openid.pl</str>
|
||||
|
@ -21,7 +21,7 @@
|
|||
<str id="page_gnutube-source-code">http://mister-muffin.de/proj/browser</str>
|
||||
<str id="page_register">register.pl</str>
|
||||
<str id="page_results">search.pl?query=</str>
|
||||
<str id="page_upload">upload.pl</str>
|
||||
<str id="page_upload">/upload.pl</str>
|
||||
<str id="page_uploader">uploader.pl</str>
|
||||
<str id="page_query_latestadditions">search.pl?query=&orderby=timestamp&sort=desc</str>
|
||||
|
||||
|
|
|
@ -8,41 +8,27 @@ my $session = new CGI::Session;
|
|||
|
||||
my $username = get_username_from_sid($session->id);
|
||||
|
||||
if($username)
|
||||
{
|
||||
%page = ();
|
||||
|
||||
#if a username is associated with session id, username is nonempty
|
||||
$page->{'username'} = get_username_from_sid($session->id);
|
||||
$page->{'username'} = $username;
|
||||
$page->{'locale'} = $locale;
|
||||
$page->{'stylesheet'} = $stylesheet;
|
||||
$page->{'xmlns:dc'} = $xmlns_dc;
|
||||
$page->{'xmlns:cc'} = $xmlns_cc;
|
||||
$page->{'xmlns:rdf'} = $xmlns_rdf;
|
||||
|
||||
if($username)
|
||||
{
|
||||
$page->{uploadform} = {'page' => '2'};
|
||||
|
||||
#print xml http header along with session cookie
|
||||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
|
||||
}
|
||||
else
|
||||
{
|
||||
%page = ();
|
||||
|
||||
$page->{'username'} = get_username_from_sid($session->id);
|
||||
$page->{'locale'} = $locale;
|
||||
$page->{'stylesheet'} = $stylesheet;
|
||||
$page->{'xmlns:dc'} = $xmlns_dc;
|
||||
$page->{'xmlns:cc'} = $xmlns_cc;
|
||||
$page->{'xmlns:rdf'} = $xmlns_rdf;
|
||||
|
||||
$page->{'message'}->{'type'} = "error";
|
||||
$page->{'message'}->{'text'} = "error_202c";
|
||||
}
|
||||
|
||||
#print xml http header along with session cookie
|
||||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
#print xml
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
|
||||
}
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
|
||||
|
|
|
@ -20,6 +20,16 @@ sub hook
|
|||
|
||||
my $userid = get_userid_from_sid($session->id);
|
||||
|
||||
%page = ();
|
||||
|
||||
#if a username is associated with session id, username is nonempty
|
||||
$page->{'username'} = get_username_from_sid($session->id);
|
||||
$page->{'locale'} = $locale;
|
||||
$page->{'stylesheet'} = $stylesheet;
|
||||
$page->{'xmlns:dc'} = $xmlns_dc;
|
||||
$page->{'xmlns:cc'} = $xmlns_cc;
|
||||
$page->{'xmlns:rdf'} = $xmlns_rdf;
|
||||
|
||||
if($userid)
|
||||
{
|
||||
#connect to db
|
||||
|
@ -49,31 +59,19 @@ if($userid)
|
|||
}
|
||||
close TEMPFILE;
|
||||
|
||||
print $session->header();
|
||||
print "passt";
|
||||
print $id;
|
||||
$page->{'message'}->{'type'} = "information";
|
||||
$page->{'message'}->{'text'} = "information_uploaded";
|
||||
|
||||
#disconnect db
|
||||
$dbh->disconnect() or die $dbh->errstr;
|
||||
}
|
||||
else
|
||||
{
|
||||
%page = ();
|
||||
|
||||
#if a username is associated with session id, username is nonempty
|
||||
$page->{'username'} = get_username_from_sid($session->id);
|
||||
$page->{'locale'} = $locale;
|
||||
$page->{'stylesheet'} = $stylesheet;
|
||||
$page->{'xmlns:dc'} = $xmlns_dc;
|
||||
$page->{'xmlns:cc'} = $xmlns_cc;
|
||||
$page->{'xmlns:rdf'} = $xmlns_rdf;
|
||||
|
||||
$page->{'message'}->{'type'} = "error";
|
||||
$page->{'message'}->{'text'} = "error_202c";
|
||||
|
||||
}
|
||||
#print xml http header along with session cookie
|
||||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
#print xml
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
|
||||
}
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
|
||||
|
|
|
@ -6,9 +6,6 @@ CGI::Session->name($session_name);
|
|||
$query = new CGI;
|
||||
$session = new CGI::Session;
|
||||
|
||||
#check if id or title is passed
|
||||
if($query->url_param('title') or $query->url_param('id'))
|
||||
{
|
||||
%page = ();
|
||||
|
||||
#if a username is associated with session id, username is nonempty
|
||||
|
@ -19,6 +16,9 @@ if($query->url_param('title') or $query->url_param('id'))
|
|||
$page->{'xmlns:cc'} = $xmlns_cc;
|
||||
$page->{'xmlns:rdf'} = $xmlns_rdf;
|
||||
|
||||
#check if id or title is passed
|
||||
if($query->url_param('title') or $query->url_param('id'))
|
||||
{
|
||||
#connect to db
|
||||
my $dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass) or die $dbh->errstr;
|
||||
|
||||
|
@ -209,31 +209,15 @@ if($query->url_param('title') or $query->url_param('id'))
|
|||
|
||||
#close db
|
||||
$dbh->disconnect() or die $dbh->errstr;
|
||||
|
||||
#print xml http header along with session cookie
|
||||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
#print xml
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => 1);
|
||||
}
|
||||
else
|
||||
{
|
||||
%page = ();
|
||||
|
||||
#if a username is associated with session id, username is nonempty
|
||||
$page->{'username'} = get_username_from_sid($session->id);
|
||||
$page->{'locale'} = $locale;
|
||||
$page->{'stylesheet'} = $stylesheet;
|
||||
$page->{'xmlns:dc'} = $xmlns_dc;
|
||||
$page->{'xmlns:cc'} = $xmlns_cc;
|
||||
$page->{'xmlns:rdf'} = $xmlns_rdf;
|
||||
|
||||
$page->{'message'}->{'type'} = "error";
|
||||
$page->{'message'}->{'text'} = "error_202c";
|
||||
}
|
||||
|
||||
#print xml http header along with session cookie
|
||||
print $session->header(-type=>'text/xml', -charset=>'UTF-8');
|
||||
|
||||
#print xml
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
|
||||
}
|
||||
print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
|
||||
|
|
Loading…
Reference in a new issue