combined login methods

git-svn-id: http://yolanda.mister-muffin.de/svn@266 7eef14d0-6ed0-489d-bf55-20463b2d70db
This commit is contained in:
josch 2008-04-03 13:30:33 +00:00
parent f51aac032c
commit 45d1cf5d7a
3 changed files with 92 additions and 93 deletions

View file

@ -188,10 +188,9 @@
<string id="viewcount">viewcount</string> <string id="viewcount">viewcount</string>
<!-- settings page --> <!-- settings page -->
<string id="settings_heading">account settings</string> <string id="settings_heading">account settings for </string>
<string id="settings_instruction_locale">locale</string> <string id="settings_instruction_locale">locale</string>
<string id="settings_instruction_pagesize">choose pagesize</string> <string id="settings_instruction_pagesize">choose pagesize</string>
<string id="settings_instruction_method">choose your preferred method of video playback.</string>
<!-- rss feed --> <!-- rss feed -->
<string id="rss_separator">&#160;-&#160;</string> <string id="rss_separator">&#160;-&#160;</string>

View file

@ -31,106 +31,110 @@ if($query->param('action'))
#if login is requested #if login is requested
elsif($query->param('action') eq "login") elsif($query->param('action') eq "login")
{ {
#prepare query - empty password are openid users so omit those entries #if password is empty and username begins with http:// or ret is specified, then it's an openid login
my $sth = $dbh->prepare(qq{select id from users if($query->param('pass') eq '' and ($query->param('user')=~m/^http:\/\// or $query->param('ret')))
where password = password( ? ) and username = ? and not password = '' limit 1 });
#execute query
$sth->execute($query->param('pass'), $query->param('user'));
#if something was returned username and password match
if($sth->fetchrow_array())
{ {
#store session id in database #create our openid consumer object
$dbh->do(qq{update users set sid = ? where username = ? }, undef, $session->id, $query->param('user')) or die $dbh->errstr; $con = Net::OpenID::Consumer->new(
print $query->redirect("index.pl?information=information_logged_in"); ua => LWPx::ParanoidAgent->new, # FIXME - use LWPx::ParanoidAgent
} cache => undef, # or File::Cache->new,
else args => $query,
{ consumer_secret => $session->id, #is this save? don't know...
#if not, print error required_root => $domain );
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_username_password_do_not_match";
print output_page(); #is an openid passed?
} if($query->param('user'))
}
elsif($query->param('action') eq "openid")
{
#create our openid consumer object
$con = Net::OpenID::Consumer->new(
ua => LWPx::ParanoidAgent->new, # FIXME - use LWPx::ParanoidAgent
cache => undef, # or File::Cache->new,
args => $query,
consumer_secret => $session->id, #is this save? don't know...
required_root => $domain );
#is an openid passed?
if($query->param('user'))
{
#claim identity
$claimed = $con->claimed_identity($query->param('user'));
if(!defined($claimed))
{ {
print $session->header(); #claim identity
print "claim failed: ", $con->err; $claimed = $con->claimed_identity($query->param('user'));
} if(!defined($claimed))
$check_url = $claimed->check_url(
return_to => "$domain/login.pl?action=openid&ret=true", #on success return to this address
trust_root => $domain); #this is the string the user will be asked to trust
#redirect to openid server to check claim
print $query->redirect($check_url);
}
#we return from an identity check
elsif($query->param('ret'))
{
if($setup_url = $con->user_setup_url)
{
#redirect to setup url - user will give confirmation there
print $query->redirect($setup_url);
}
elsif ($con->user_cancel)
{
#cancelled - redirect to login form
print $session->header();
print "cancelled";
}
elsif ($vident = $con->verified_identity)
{
#we are verified!!
my $verified_url = $vident->url;
#check if this openid user already is in database
my $sth = $dbh->prepare(qq{select 1 from users where username = ? limit 1 });
$sth->execute($verified_url);
if($sth->fetchrow_array())
{ {
#store session id in database print $session->header();
$dbh->do(qq{update users set sid = ? where username = ? }, undef, $session->id, $verified_url) or die $dbh->errstr; print "claim failed: ", $con->err;
}
$check_url = $claimed->check_url(
return_to => "$domain/login.pl?action=login&ret=true", #on success return to this address
trust_root => $domain); #this is the string the user will be asked to trust
#redirect to openid server to check claim
print $query->redirect($check_url);
}
#we return from an identity check
elsif($query->param('ret'))
{
if($setup_url = $con->user_setup_url)
{
#redirect to setup url - user will give confirmation there
print $query->redirect($setup_url);
}
elsif ($con->user_cancel)
{
#cancelled - redirect to login form
print $session->header();
print "cancelled";
}
elsif ($vident = $con->verified_identity)
{
#we are verified!!
my $verified_url = $vident->url;
#check if this openid user already is in database
my $sth = $dbh->prepare(qq{select 1 from users where username = ? limit 1 });
$sth->execute($verified_url);
if($sth->fetchrow_array())
{
#store session id in database
$dbh->do(qq{update users set sid = ? where username = ? }, undef, $session->id, $verified_url) or die $dbh->errstr;
}
else
{
#add openid user to dabase
$dbh->do(qq{insert into users (username, sid) values ( ?, ? ) }, undef, $verified_url, $session->id) or die $dbh->errstr;
}
print $query->redirect("index.pl?information=information_logged_in");
} }
else else
{ {
#add openid user to dabase #an error occured
$dbh->do(qq{insert into users (username, sid) values ( ?, ? ) }, undef, $verified_url, $session->id) or die $dbh->errstr; print $session->header();
print "error validating identity: ", $con->err;
} }
}
else
{
#if not, print login form
$page->{'loginform'}->{'action'} = 'openid';
print output_page();
}
}
#else it's a normal login
else
{
#prepare query - empty password are openid users so omit those entries
my $sth = $dbh->prepare(qq{select id from users
where password = password( ? ) and username = ? limit 1 });
#execute query
$sth->execute($query->param('pass'), $query->param('user'));
#if something was returned username and password match
if($sth->fetchrow_array())
{
#store session id in database
$dbh->do(qq{update users set sid = ? where username = ? }, undef, $session->id, $query->param('user')) or die $dbh->errstr;
print $query->redirect("index.pl?information=information_logged_in"); print $query->redirect("index.pl?information=information_logged_in");
} }
else else
{ {
#an error occured #if not, print error
print $session->header(); $page->{'message'}->{'type'} = "error";
print "error validating identity: ", $con->err; $page->{'message'}->{'text'} = "error_username_password_do_not_match";
print output_page();
} }
} }
else
{
#if not, print login form
$page->{'loginform'}->{'action'} = 'openid';
print output_page();
}
} }
else else
{ {

View file

@ -13,6 +13,7 @@
<span class="heading"> <span class="heading">
<xsl:value-of select="$locale_strings[@id='settings_heading']" /> <xsl:value-of select="$locale_strings[@id='settings_heading']" />
<xsl:value-of select="//page/@username" />
</span> </span>
<form method="POST"> <form method="POST">
@ -56,11 +57,6 @@
</input> </input>
<br /> <br />
<xsl:value-of select="$locale_strings[@id='settings_instruction_method']" />
<br />
<xsl:value-of select="$locale_strings[@id='watch_browserplugin']" />
<br />
<input name="submit" type="submit" /> <input name="submit" type="submit" />
</form> </form>