From 861e15f468522cbb11e733e550d6a39a736612ce Mon Sep 17 00:00:00 2001 From: josch Date: Thu, 3 Apr 2008 13:47:12 +0000 Subject: [PATCH] removed action=login git-svn-id: http://yolanda.mister-muffin.de/svn@267 7eef14d0-6ed0-489d-bf55-20463b2d70db --- trunk/locale/en-us.xml | 1 - trunk/login.pl | 244 ++++++++++++++++------------------- trunk/xsl/xhtml/header.xsl | 4 +- trunk/xsl/xhtml/loginbox.xsl | 84 +++--------- 4 files changed, 131 insertions(+), 202 deletions(-) diff --git a/trunk/locale/en-us.xml b/trunk/locale/en-us.xml index 7ed5e21..2cbaf9d 100755 --- a/trunk/locale/en-us.xml +++ b/trunk/locale/en-us.xml @@ -10,7 +10,6 @@ register login - login with OpenID upload video settings details diff --git a/trunk/login.pl b/trunk/login.pl index 17558ed..a6206c2 100644 --- a/trunk/login.pl +++ b/trunk/login.pl @@ -9,141 +9,13 @@ $session = new CGI::Session; @page = get_page_array(@userinfo); -#check if action is set -if($query->param('action')) +if($query->param('action') eq "logout") { - if($query->param('action') eq "logout") - { - #if logout is requested - #remove sid from database - $dbh->do(qq{update users set sid = '' where id = ?}, undef, $userinfo->{'id'}) or die $dbh->errstr; - $session->delete(); - print $query->redirect("index.pl?information=information_logged_out"); - } - #check if user is logged in - elsif($userinfo->{'username'}) - { - $page->{'message'}->{'type'} = "error"; - $page->{'message'}->{'text'} = "error_already_logged_in"; - - print output_page(); - } - #if login is requested - elsif($query->param('action') eq "login") - { - #if password is empty and username begins with http:// or ret is specified, then it's an openid login - if($query->param('pass') eq '' and ($query->param('user')=~m/^http:\/\// or $query->param('ret'))) - { - #create our openid consumer object - $con = Net::OpenID::Consumer->new( - ua => LWPx::ParanoidAgent->new, # FIXME - use LWPx::ParanoidAgent - cache => undef, # or File::Cache->new, - args => $query, - consumer_secret => $session->id, #is this save? don't know... - required_root => $domain ); - - #is an openid passed? - if($query->param('user')) - { - #claim identity - $claimed = $con->claimed_identity($query->param('user')); - if(!defined($claimed)) - { - print $session->header(); - print "claim failed: ", $con->err; - } - $check_url = $claimed->check_url( - return_to => "$domain/login.pl?action=login&ret=true", #on success return to this address - trust_root => $domain); #this is the string the user will be asked to trust - - #redirect to openid server to check claim - print $query->redirect($check_url); - } - #we return from an identity check - elsif($query->param('ret')) - { - if($setup_url = $con->user_setup_url) - { - #redirect to setup url - user will give confirmation there - print $query->redirect($setup_url); - } - elsif ($con->user_cancel) - { - #cancelled - redirect to login form - print $session->header(); - print "cancelled"; - } - elsif ($vident = $con->verified_identity) - { - #we are verified!! - my $verified_url = $vident->url; - - #check if this openid user already is in database - my $sth = $dbh->prepare(qq{select 1 from users where username = ? limit 1 }); - $sth->execute($verified_url); - if($sth->fetchrow_array()) - { - #store session id in database - $dbh->do(qq{update users set sid = ? where username = ? }, undef, $session->id, $verified_url) or die $dbh->errstr; - } - else - { - #add openid user to dabase - $dbh->do(qq{insert into users (username, sid) values ( ?, ? ) }, undef, $verified_url, $session->id) or die $dbh->errstr; - } - - print $query->redirect("index.pl?information=information_logged_in"); - } - else - { - #an error occured - print $session->header(); - print "error validating identity: ", $con->err; - } - } - else - { - #if not, print login form - $page->{'loginform'}->{'action'} = 'openid'; - - print output_page(); - } - } - #else it's a normal login - else - { - #prepare query - empty password are openid users so omit those entries - my $sth = $dbh->prepare(qq{select id from users - where password = password( ? ) and username = ? limit 1 }); - - #execute query - $sth->execute($query->param('pass'), $query->param('user')); - - #if something was returned username and password match - if($sth->fetchrow_array()) - { - #store session id in database - $dbh->do(qq{update users set sid = ? where username = ? }, undef, $session->id, $query->param('user')) or die $dbh->errstr; - print $query->redirect("index.pl?information=information_logged_in"); - } - else - { - #if not, print error - $page->{'message'}->{'type'} = "error"; - $page->{'message'}->{'text'} = "error_username_password_do_not_match"; - - print output_page(); - } - } - } - else - { - #something ugly was passed - $page->{'message'}->{'type'} = "error"; - $page->{'message'}->{'text'} = "error_202c"; - - print output_page(); - } + #if logout is requested + #remove sid from database + $dbh->do(qq{update users set sid = '' where id = ?}, undef, $userinfo->{'id'}) or die $dbh->errstr; + $session->delete(); + print $query->redirect("index.pl?information=information_logged_out"); } #check if user is logged in elsif($userinfo->{'username'}) @@ -153,6 +25,110 @@ elsif($userinfo->{'username'}) print output_page(); } +#if password is empty and username begins with http:// or ret is specified, then it's an openid login +elsif($query->param('pass') eq '' and ($query->param('user')=~m/^http:\/\// or $query->param('ret'))) +{ + #create our openid consumer object + $con = Net::OpenID::Consumer->new( + ua => LWPx::ParanoidAgent->new, # FIXME - use LWPx::ParanoidAgent + cache => undef, # or File::Cache->new, + args => $query, + consumer_secret => $session->id, #is this save? don't know... + required_root => $domain ); + + #is an openid passed? + if($query->param('user')) + { + #claim identity + $claimed = $con->claimed_identity($query->param('user')); + if(!defined($claimed)) + { + print $session->header(); + print "claim failed: ", $con->err; + } + $check_url = $claimed->check_url( + return_to => "$domain/login.pl?action=login&ret=true", #on success return to this address + trust_root => $domain); #this is the string the user will be asked to trust + + #redirect to openid server to check claim + print $query->redirect($check_url); + } + #we return from an identity check + elsif($query->param('ret')) + { + if($setup_url = $con->user_setup_url) + { + #redirect to setup url - user will give confirmation there + print $query->redirect($setup_url); + } + elsif ($con->user_cancel) + { + #cancelled - redirect to login form + print $session->header(); + print "cancelled"; + } + elsif ($vident = $con->verified_identity) + { + #we are verified!! + my $verified_url = $vident->url; + + #check if this openid user already is in database + my $sth = $dbh->prepare(qq{select 1 from users where username = ? limit 1 }); + $sth->execute($verified_url); + if($sth->fetchrow_array()) + { + #store session id in database + $dbh->do(qq{update users set sid = ? where username = ? }, undef, $session->id, $verified_url) or die $dbh->errstr; + } + else + { + #add openid user to dabase + $dbh->do(qq{insert into users (username, sid) values ( ?, ? ) }, undef, $verified_url, $session->id) or die $dbh->errstr; + } + + print $query->redirect("index.pl?information=information_logged_in"); + } + else + { + #an error occured + print $session->header(); + print "error validating identity: ", $con->err; + } + } + else + { + #if not, print login form + $page->{'loginform'} = ['']; + + print output_page(); + } +} +#else it's a normal login +elsif($query->param('pass') ne '' and $query->param('user')!~m/^http:\/\// and $query->param('user') ne '') +{ + #prepare query - empty password are openid users so omit those entries + my $sth = $dbh->prepare(qq{select id from users + where password = password( ? ) and username = ? limit 1 }); + + #execute query + $sth->execute($query->param('pass'), $query->param('user')); + + #if something was returned username and password match + if($sth->fetchrow_array()) + { + #store session id in database + $dbh->do(qq{update users set sid = ? where username = ? }, undef, $session->id, $query->param('user')) or die $dbh->errstr; + print $query->redirect("index.pl?information=information_logged_in"); + } + else + { + #if not, print error + $page->{'message'}->{'type'} = "error"; + $page->{'message'}->{'text'} = "error_username_password_do_not_match"; + + print output_page(); + } +} else { #if not, print login form diff --git a/trunk/xsl/xhtml/header.xsl b/trunk/xsl/xhtml/header.xsl index ec059ee..981a90e 100644 --- a/trunk/xsl/xhtml/header.xsl +++ b/trunk/xsl/xhtml/header.xsl @@ -30,10 +30,10 @@
  • - + - +
    • diff --git a/trunk/xsl/xhtml/loginbox.xsl b/trunk/xsl/xhtml/loginbox.xsl index b7ce143..84530d9 100644 --- a/trunk/xsl/xhtml/loginbox.xsl +++ b/trunk/xsl/xhtml/loginbox.xsl @@ -18,12 +18,6 @@
    - - - - @@ -104,66 +98,26 @@ the loginform template is deprecated -->
    - - -
    - - + + + + +
    + : +
    + +
    + : +
    + +
    + + + -
    - - OpenID: -
    - -
    - e.g. http://username.myopenid.com -
    - - - - - -
    - - - - - login with normal account - -
    - - - -
    - - - -
    - - : -
    - -
    - : -
    - -
    - - - - - -
    - - - - - login with openid - -
    -
    -     - + +
    +