reordered and cleaned up xml generation, added better error and information handling, did more checks on login, logout, register, added xml attribute indent, added paranoid useragent on openid login, added ssl login, did maybe more but my console buffer is too small to view the whole diff

git-svn-id: http://yolanda.mister-muffin.de/svn@142 7eef14d0-6ed0-489d-bf55-20463b2d70db

trunk/include.pl

@@ -5,6 +5,8 @@ use CGI::Session;
 use DBI;
 use XML::Simple qw(:strict);
 use Digest::SHA qw(sha256_hex);
+use LWPx::ParanoidAgent;
+use Net::OpenID::Consumer;
 
 # change this as you install it somewhere else
 $gnutube_root = '/var/www/gnutube';

trunk/index.pl

@@ -34,5 +34,5 @@ fill_tagcloud;
 print $session->header(-type=>'text/xml', -charset=>'UTF-8');
 
 #print xml
-print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
+print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
 

trunk/locale/en-US.xml

@@ -45,6 +45,12 @@
 	<str id="error_missing_DC.Language">You did not supply a language.</str>
 	<str id="error_missing_DC.Coverage">You did not supply a coverage.</str>
 	<str id="error_missing_DC.Rights">You did not supply a rights holder.</str>
+	<str id="error_already_registered">You seem to be already registered. Please log out to create a new account.</str>
+	<str id="error_already_logged_in">You seem to be already logged in. Please log out to log in again.</str>
+	<str id="error_username_password_do_not_match">Username and password do not match.</str>
+	<str id=""></str>
+	<str id=""></str>
+	<str id=""></str>
 
 	<!-- information -->
 	<str id="information_logged_in">You are now logged in.</str>
@@ -52,6 +58,8 @@
 	<str id="information_metainformation_needed">To put the video into context, additional metainformation is needed.</str>
 	<str id="information_metainformation_rights"></str>
 	<str id="information_comment_created">Your comment has been created.</str>
+	<str id="information_registered">You successfully created yourself an account</str>
+	<str id="information_uploaded">You succcessfully uploaded your file</str>
 
 	<!-- warnings -->
 

trunk/login.pl

@@ -7,14 +7,44 @@ CGI::Session->name($session_name);
 $query = new CGI;
 $session = new CGI::Session;
 
+$username = get_username_from_sid($session->id);
+
+%page = ();
+
+$page->{'username'} = $username;
+$page->{'locale'} = $locale;
+$page->{'stylesheet'} = $stylesheet;
+$page->{'xmlns:dc'} = $xmlns_dc;
+$page->{'xmlns:cc'} = $xmlns_cc;
+$page->{'xmlns:rdf'} = $xmlns_rdf;
+
 #check if action is set
 if($query->param('action'))
 {
 	#connect to db
 	$dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass);
 	
+	if($query->param('action') eq "logout")
+	{
+		#if logout is requested
+		#remove sid from database
+		$dbh->do(qq{update users set sid = '' where username = ?}, undef, get_username_from_sid($session->id)) or die $dbh->errstr;
+		$session->delete();
+		print $query->redirect("index.pl?information=information_logged_out");
+	}
+	#check if user is logged in
+	elsif($username)
+	{
+		$page->{'message'}->{'type'} = "error";
+		$page->{'message'}->{'text'} = "error_already_logged_in";
+		
+		#print xml http header along with session cookie
+		print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+		print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
+	}
 	#if login is requested
-	if($query->param('action') eq "login")
+	elsif($query->param('action') eq "login")
 	{
 		#prepare query - empty password are openid users so omit those entries
 		my $sth = $dbh->prepare(qq{select id from users
@@ -33,8 +63,13 @@ if($query->param('action'))
 		else
 		{
 			#if not, print error
-			print $session->header();
-			print "could not log you in";
+			$page->{'message'}->{'type'} = "error";
+			$page->{'message'}->{'text'} = "error_username_password_do_not_match";
+			
+			#print xml http header along with session cookie
+			print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+			print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
 		}
 		
 	}
@@ -42,7 +77,7 @@ if($query->param('action'))
 	{
 		#create our openid consumer object
 		$con = Net::OpenID::Consumer->new(
-		ua => LWP::UserAgent->new, # FIXME - use LWPx::ParanoidAgent
+		ua => LWPx::ParanoidAgent->new, # FIXME - use LWPx::ParanoidAgent
 		cache => undef, # or File::Cache->new,
 		args => $query,
 		consumer_secret => $session->id, #is this save? don't know...
@@ -59,7 +94,7 @@ if($query->param('action'))
 				print "claim failed: ", $con->err;
 			}
 			$check_url = $claimed->check_url(
-					return_to  => "http://localhost/gnutube/login.pl?action=openid&ret=true", #on success return to this address
+					return_to  => "$domain/login.pl?action=openid&ret=true", #on success return to this address
 					trust_root => $domain); #this is the string the user will be asked to trust
 					
 			#redirect to openid server to check claim
@@ -110,43 +145,48 @@ if($query->param('action'))
 		else
 		{
 			#someone is messing with the args
-			print $session->header();
-			print "hmm, openid action but no ret or user";
+			$page->{'message'}->{'type'} = "error";
+			$page->{'message'}->{'text'} = "error_202c";
+	
+			#print xml http header along with session cookie
+			print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+			print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
 		}
 	}
-	elsif($query->param('action') eq "logout")
-	{
-		#if logout is requested
-		#remove sid from database
-		$dbh->do(qq{update users set sid = '' where username = ?}, undef, get_username_from_sid($session->id)) or die $dbh->errstr;
-		$session->delete();
-		print $session->header();
-		print "logged out";
-	}
 	else
 	{
 		#something ugly was passed
-		print $session->header();
-		print "wtf?";
+		$page->{'message'}->{'type'} = "error";
+		$page->{'message'}->{'text'} = "error_202c";
+	
+		#print xml http header along with session cookie
+		print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+		print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
 	}
 
 	#disconnect db
 	$dbh->disconnect();
 }
+#check if user is logged in
+elsif($username)
+{
+	$page->{'message'}->{'type'} = "error";
+	$page->{'message'}->{'text'} = "error_already_logged_in";
+	
+	#print xml http header along with session cookie
+	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
+}
 else
 {
 	#if not, print login form
-
-	%page = ();
-
-	#if a username is associated with session id, username is nonempty
-	$page->{username} = get_username_from_sid($session->id);
-	$page->{locale} = $locale;
-	$page->{stylesheet} = $stylesheet;
 	$page->{loginform} = [''];
 	
 	#print xml http header along with session cookie
 	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
 
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
+	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');
 }

trunk/register.pl

@@ -7,8 +7,25 @@ CGI::Session->name($session_name);
 $query = new CGI;
 $session = new CGI::Session;
 
+$username = get_username_from_sid($session->id);
+
+%page = ();
+
+$page->{'username'} = $username;
+$page->{'locale'} = $locale;
+$page->{'stylesheet'} = $stylesheet;
+$page->{'xmlns:dc'} = $xmlns_dc;
+$page->{'xmlns:cc'} = $xmlns_cc;
+$page->{'xmlns:rdf'} = $xmlns_rdf;
+
+#check if user is logged in
+if($username)
+{
+	$page->{'message'}->{'type'} = "error";
+	$page->{'message'}->{'text'} = "error_already_registered";
+}
 #if username and password are passed put them into the database
-if($query->param('user') and $query->param('pass'))
+elsif($query->param('user') and $query->param('pass'))
 {
 	#connect to db
 	my $dbh = DBI->connect("DBI:mysql:$database:$host", $dbuser, $dbpass) or die $dbh->errstr;
@@ -21,23 +38,15 @@ if($query->param('user') and $query->param('pass'))
 	$dbh->disconnect() or die $dbh->errstr;
 	
 	#print a little confirmation
-	print $session->header();
-	print 'done';
+	$page->{'message'}->{'type'} = "information";
+	$page->{'message'}->{'text'} = "information_registered";
 }
 else
 {
-	#if not, print register form
-
-	%page = ();
-
-	#if a username is associated with session id, username is nonempty
-	$page->{username} = get_username_from_sid($session->id);
-	$page->{locale} = $locale;
-	$page->{stylesheet} = $stylesheet;
-	$page->{registerform} = [''];
-
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
+	$page->{'registerform'} = [''];
 }
+
+#print xml http header along with session cookie
+print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');

trunk/search.pl

@@ -143,22 +143,15 @@ if($query->param('query') or $query->param('orderby'))
 	
 	#close db
 	$dbh->disconnect() or die $dbh->errstr;
-	
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	#print xml
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
 }
 else
 {
-	
 	$page->{'message'}->{'type'} = "error";
 	$page->{'message'}->{'text'} = "error_202c";
-	
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	#print xml
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
 }
+
+#print xml http header along with session cookie
+print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+#print xml
+print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');

trunk/site/gnutube.xml

@@ -11,7 +11,7 @@
 <!--	<str id=""></str>
 	<str id=""></str>
 	<str id=""></str>-->
-	<str id="page_account">account</str>
+	<str id="page_account">/account.pl</str>
 	<str id="page_bookmarks"></str>
 	<str id="page_login">login.pl</str>
 	<str id="page_login-openid">login-openid.pl</str>
@@ -21,7 +21,7 @@
 	<str id="page_gnutube-source-code">http://mister-muffin.de/proj/browser</str>
 	<str id="page_register">register.pl</str>
 	<str id="page_results">search.pl?query=</str>
-	<str id="page_upload">upload.pl</str>
+	<str id="page_upload">/upload.pl</str>
 	<str id="page_uploader">uploader.pl</str>
 	<str id="page_query_latestadditions">search.pl?query=&amp;orderby=timestamp&amp;sort=desc</str>
 

trunk/upload.pl

@@ -8,41 +8,27 @@ my $session = new CGI::Session;
 
 my $username = get_username_from_sid($session->id);
 
+%page = ();
+
+#if a username is associated with session id, username is nonempty
+$page->{'username'} = $username;
+$page->{'locale'} = $locale;
+$page->{'stylesheet'} = $stylesheet;
+$page->{'xmlns:dc'} = $xmlns_dc;
+$page->{'xmlns:cc'} = $xmlns_cc;
+$page->{'xmlns:rdf'} = $xmlns_rdf;
+
 if($username)
 {
-	%page = ();
-
-	#if a username is associated with session id, username is nonempty
-	$page->{'username'} = get_username_from_sid($session->id);
-	$page->{'locale'} = $locale;
-	$page->{'stylesheet'} = $stylesheet;
-	$page->{'xmlns:dc'} = $xmlns_dc;
-	$page->{'xmlns:cc'} = $xmlns_cc;
-	$page->{'xmlns:rdf'} = $xmlns_rdf;
 	$page->{uploadform} = {'page' => '2'};
-
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
 }
 else
 {
-	%page = ();
-	
-	$page->{'username'} = get_username_from_sid($session->id);
-	$page->{'locale'} = $locale;
-	$page->{'stylesheet'} = $stylesheet;
-	$page->{'xmlns:dc'} = $xmlns_dc;
-	$page->{'xmlns:cc'} = $xmlns_cc;
-	$page->{'xmlns:rdf'} = $xmlns_rdf;
-	
 	$page->{'message'}->{'type'} = "error";
 	$page->{'message'}->{'text'} = "error_202c";
-	
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	#print xml
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
 }
+
+#print xml http header along with session cookie
+print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');

trunk/uploader.pl

@@ -20,6 +20,16 @@ sub hook
  
 my $userid = get_userid_from_sid($session->id);
 
+%page = ();
+	
+#if a username is associated with session id, username is nonempty
+$page->{'username'} = get_username_from_sid($session->id);
+$page->{'locale'} = $locale;
+$page->{'stylesheet'} = $stylesheet;
+$page->{'xmlns:dc'} = $xmlns_dc;
+$page->{'xmlns:cc'} = $xmlns_cc;
+$page->{'xmlns:rdf'} = $xmlns_rdf;
+
 if($userid)
 {
 	#connect to db
@@ -49,31 +59,19 @@ if($userid)
 	}
 	close TEMPFILE;
 	
-	print $session->header();
-	print "passt";
-	print $id;
+	$page->{'message'}->{'type'} = "information";
+	$page->{'message'}->{'text'} = "information_uploaded";
 	
 	#disconnect db
 	$dbh->disconnect() or die $dbh->errstr;
 }
 else
 {
-	%page = ();
-	
-	#if a username is associated with session id, username is nonempty
-	$page->{'username'} = get_username_from_sid($session->id);
-	$page->{'locale'} = $locale;
-	$page->{'stylesheet'} = $stylesheet;
-	$page->{'xmlns:dc'} = $xmlns_dc;
-	$page->{'xmlns:cc'} = $xmlns_cc;
-	$page->{'xmlns:rdf'} = $xmlns_rdf;
-	
 	$page->{'message'}->{'type'} = "error";
 	$page->{'message'}->{'text'} = "error_202c";
-	
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	#print xml
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
 }
+#print xml http header along with session cookie
+print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+#print xml
+print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');

trunk/video.pl

@@ -6,19 +6,19 @@ CGI::Session->name($session_name);
 $query = new CGI;
 $session = new CGI::Session;
 
+%page = ();
+
+#if a username is associated with session id, username is nonempty
+$page->{'username'} = get_username_from_sid($session->id);
+$page->{'locale'} = $locale;
+$page->{'stylesheet'} = $stylesheet;
+$page->{'xmlns:dc'} = $xmlns_dc;
+$page->{'xmlns:cc'} = $xmlns_cc;
+$page->{'xmlns:rdf'} = $xmlns_rdf;
+
 #check if id or title is passed
 if($query->url_param('title') or $query->url_param('id'))
 {
-	%page = ();
-	
-	#if a username is associated with session id, username is nonempty
-	$page->{'username'} = get_username_from_sid($session->id);
-	$page->{'locale'} = $locale;
-	$page->{'stylesheet'} = $stylesheet;
-	$page->{'xmlns:dc'} = $xmlns_dc;
-	$page->{'xmlns:cc'} = $xmlns_cc;
-	$page->{'xmlns:rdf'} = $xmlns_rdf;
-	
 	#connect to db
 	my $dbh = DBI->connect("DBI:mysql:$database:$dbhost", $dbuser, $dbpass) or die $dbh->errstr;
 	
@@ -209,31 +209,15 @@ if($query->url_param('title') or $query->url_param('id'))
 	
 	#close db
 	$dbh->disconnect() or die $dbh->errstr;
-	
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	#print xml
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => 1);
 }
 else
 {
-	%page = ();
-	
-	#if a username is associated with session id, username is nonempty
-	$page->{'username'} = get_username_from_sid($session->id);
-	$page->{'locale'} = $locale;
-	$page->{'stylesheet'} = $stylesheet;
-	$page->{'xmlns:dc'} = $xmlns_dc;
-	$page->{'xmlns:cc'} = $xmlns_cc;
-	$page->{'xmlns:rdf'} = $xmlns_rdf;
-	
 	$page->{'message'}->{'type'} = "error";
 	$page->{'message'}->{'text'} = "error_202c";
-	
-	#print xml http header along with session cookie
-	print $session->header(-type=>'text/xml', -charset=>'UTF-8');
-
-	#print xml
-	print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page');
 }
+
+#print xml http header along with session cookie
+print $session->header(-type=>'text/xml', -charset=>'UTF-8');
+
+#print xml
+print XMLout($page, KeyAttr => {}, XMLDecl => $XMLDecl, RootName => 'page', AttrIndent => '1');