From 56d32a0adee2c9cfe547d451360e949e096c6ac3 Mon Sep 17 00:00:00 2001
From: josch <josch@7eef14d0-6ed0-489d-bf55-20463b2d70db>
Date: Wed, 10 Oct 2007 13:25:41 +0000
Subject: [PATCH] extended login with database

git-svn-id: http://yolanda.mister-muffin.de/svn@12 7eef14d0-6ed0-489d-bf55-20463b2d70db
---
 trunk/README_DATABASE |  6 +++++-
 trunk/login.pl        | 47 ++++++++++++++++++++++++++++++++++++-------
 2 files changed, 45 insertions(+), 8 deletions(-)

diff --git a/trunk/README_DATABASE b/trunk/README_DATABASE
index 8f518fa..560b75b 100644
--- a/trunk/README_DATABASE
+++ b/trunk/README_DATABASE
@@ -2,7 +2,11 @@ to get a database execute the following mysql statements:
 
 create database gnutube;
 use gnutube;
-create table tagcloud (text char(255) not null, count int not null);
+create table tagcloud (text varchar(255) not null, count int not null);
 
 fill with some data:
 eg.: insert into tagcloud values ('web tv', 68);
+
+create table users (id int auto_increment not null, username varchar(255) not null, password char(41) not null, primary key (id));
+
+insert into users (username, password) values ('user', password('pass'));
diff --git a/trunk/login.pl b/trunk/login.pl
index 7690174..c68703b 100644
--- a/trunk/login.pl
+++ b/trunk/login.pl
@@ -1,8 +1,5 @@
 require "/var/www/perl/include.pl";
 
-CGI::Session->name($session_name);
-my $session = new CGI::Session;
-
 #fill %querystring with everything that was passed via GET
 @parts = split( /\&/, $ENV{ "QUERY_STRING" } );
 foreach $part (@parts) {
@@ -10,17 +7,53 @@ foreach $part (@parts) {
 	$queryString{ $name } = $value;
 }
 
+#fill %querystring with everything that was passed via POST
+read( STDIN, $tmpStr, $ENV{ "CONTENT_LENGTH" } );
+@parts = split( /\&/, $tmpStr );
+foreach $part (@parts) {
+	( $name, $value ) = split( /\=/, $part );
+	$queryString{ $name } = $value;
+}
+
+CGI::Session->name($session_name);
+my $session = new CGI::Session;
+
 if($queryString{ "action" }) {
 	if($queryString{ "action" } eq "login") {
-		$session->param('auth', 'true');
-		print $session->header();
-		print "logged in";
+		$dbh = DBI->connect("DBI:mysql:$database:$host", $user, $pass);
+		my $sth = $dbh->prepare(qq{select username from users
+				where password = password('$queryString{ "pass" }')
+				and username = '$queryString{ "user" }'
+				limit 1 });
+		$sth->execute();
+		
+		if($sth->fetchrow_array()) {
+			$session->param('auth', 'true');
+			print $session->header();
+			print "logged in";
+		} else {
+			print $session->header();
+			print $queryString{ "action" };
+		}
+		
+		$sth->finish();
+		$dbh->disconnect();
+		
 	} elsif($queryString{ "action" } eq "logout") {
 		$session->param('auth', 'false');
 		print $session->header();
 		print "logged out";
+	} else {
+		print $session->header();
+		print "wtf?";
 	}
 } else {
 	print $session->header();
-	print "incorrect query string";
+	print '<form action="" method="POST"><p>
+<input name="action" type="hidden" value="login">
+<input name="user" type="text" size="30" maxlength="30">
+<input name="pass" type="password" size="30" maxlength="30">
+<input type="submit" name="login" value=" login ">
+</p></form>';
+	print STDIN;
 }