josch/yolanda
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

removed action=login

Browse source 
git-svn-id: http://yolanda.mister-muffin.de/svn@267 7eef14d0-6ed0-489d-bf55-20463b2d70db
This commit is contained in:
josch 2008-04-03 13:47:12 +00:00
parent 45d1cf5d7a
commit 861e15f468
4 changed files with 131 additions and 202 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
trunk/locale/en-us.xml
View file

@ -10,7 +10,6 @@
<string id="register">register</string> <string id="register">register</string>
<string id="login">login</string> <string id="login">login</string>
<string id="login_openid">login with OpenID</string>
<string id="header_upload-video">upload video</string> <string id="header_upload-video">upload video</string>
<string id="settings_details">settings details</string> <string id="settings_details">settings details</string>

244
trunk/login.pl
View file

@ -9,141 +9,13 @@ $session = new CGI::Session;
@page = get_page_array(@userinfo); @page = get_page_array(@userinfo);
#check if action is set if($query->param('action') eq "logout")
if($query->param('action'))
{ {
if($query->param('action') eq "logout") #if logout is requested
{ #remove sid from database
#if logout is requested $dbh->do(qq{update users set sid = '' where id = ?}, undef, $userinfo->{'id'}) or die $dbh->errstr;
#remove sid from database $session->delete();
$dbh->do(qq{update users set sid = '' where id = ?}, undef, $userinfo->{'id'}) or die $dbh->errstr; print $query->redirect("index.pl?information=information_logged_out");
$session->delete();
print $query->redirect("index.pl?information=information_logged_out");
}
#check if user is logged in
elsif($userinfo->{'username'})
{
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_already_logged_in";
print output_page();
}
#if login is requested
elsif($query->param('action') eq "login")
{
#if password is empty and username begins with http:// or ret is specified, then it's an openid login
if($query->param('pass') eq '' and ($query->param('user')=~m/^http:\/\// or $query->param('ret')))
{
#create our openid consumer object
$con = Net::OpenID::Consumer->new(
ua => LWPx::ParanoidAgent->new, # FIXME - use LWPx::ParanoidAgent
cache => undef, # or File::Cache->new,
args => $query,
consumer_secret => $session->id, #is this save? don't know...
required_root => $domain );
#is an openid passed?
if($query->param('user'))
{
#claim identity
$claimed = $con->claimed_identity($query->param('user'));
if(!defined($claimed))
{
print $session->header();
print "claim failed: ", $con->err;
}
$check_url = $claimed->check_url(
return_to => "$domain/login.pl?action=login&ret=true", #on success return to this address
trust_root => $domain); #this is the string the user will be asked to trust
#redirect to openid server to check claim
print $query->redirect($check_url);
}
#we return from an identity check
elsif($query->param('ret'))
{
if($setup_url = $con->user_setup_url)
{
#redirect to setup url - user will give confirmation there
print $query->redirect($setup_url);
}
elsif ($con->user_cancel)
{
#cancelled - redirect to login form
print $session->header();
print "cancelled";
}
elsif ($vident = $con->verified_identity)
{
#we are verified!!
my $verified_url = $vident->url;
#check if this openid user already is in database
my $sth = $dbh->prepare(qq{select 1 from users where username = ? limit 1 });
$sth->execute($verified_url);
if($sth->fetchrow_array())
{
#store session id in database
$dbh->do(qq{update users set sid = ? where username = ? }, undef, $session->id, $verified_url) or die $dbh->errstr;
}
else
{
#add openid user to dabase
$dbh->do(qq{insert into users (username, sid) values ( ?, ? ) }, undef, $verified_url, $session->id) or die $dbh->errstr;
}
print $query->redirect("index.pl?information=information_logged_in");
}
else
{
#an error occured
print $session->header();
print "error validating identity: ", $con->err;
}
}
else
{
#if not, print login form
$page->{'loginform'}->{'action'} = 'openid';
print output_page();
}
}
#else it's a normal login
else
{
#prepare query - empty password are openid users so omit those entries
my $sth = $dbh->prepare(qq{select id from users
where password = password( ? ) and username = ? limit 1 });
#execute query
$sth->execute($query->param('pass'), $query->param('user'));
#if something was returned username and password match
if($sth->fetchrow_array())
{
#store session id in database
$dbh->do(qq{update users set sid = ? where username = ? }, undef, $session->id, $query->param('user')) or die $dbh->errstr;
print $query->redirect("index.pl?information=information_logged_in");
}
else
{
#if not, print error
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_username_password_do_not_match";
print output_page();
}
}
}
else
{
#something ugly was passed
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_202c";
print output_page();
}
} }
#check if user is logged in #check if user is logged in
elsif($userinfo->{'username'}) elsif($userinfo->{'username'})
@ -153,6 +25,110 @@ elsif($userinfo->{'username'})
print output_page(); print output_page();
} }
#if password is empty and username begins with http:// or ret is specified, then it's an openid login
elsif($query->param('pass') eq '' and ($query->param('user')=~m/^http:\/\// or $query->param('ret')))
{
#create our openid consumer object
$con = Net::OpenID::Consumer->new(
ua => LWPx::ParanoidAgent->new, # FIXME - use LWPx::ParanoidAgent
cache => undef, # or File::Cache->new,
args => $query,
consumer_secret => $session->id, #is this save? don't know...
required_root => $domain );
#is an openid passed?
if($query->param('user'))
{
#claim identity
$claimed = $con->claimed_identity($query->param('user'));
if(!defined($claimed))
{
print $session->header();
print "claim failed: ", $con->err;
}
$check_url = $claimed->check_url(
return_to => "$domain/login.pl?action=login&ret=true", #on success return to this address
trust_root => $domain); #this is the string the user will be asked to trust
#redirect to openid server to check claim
print $query->redirect($check_url);
}
#we return from an identity check
elsif($query->param('ret'))
{
if($setup_url = $con->user_setup_url)
{
#redirect to setup url - user will give confirmation there
print $query->redirect($setup_url);
}
elsif ($con->user_cancel)
{
#cancelled - redirect to login form
print $session->header();
print "cancelled";
}
elsif ($vident = $con->verified_identity)
{
#we are verified!!
my $verified_url = $vident->url;
#check if this openid user already is in database
my $sth = $dbh->prepare(qq{select 1 from users where username = ? limit 1 });
$sth->execute($verified_url);
if($sth->fetchrow_array())
{
#store session id in database
$dbh->do(qq{update users set sid = ? where username = ? }, undef, $session->id, $verified_url) or die $dbh->errstr;
}
else
{
#add openid user to dabase
$dbh->do(qq{insert into users (username, sid) values ( ?, ? ) }, undef, $verified_url, $session->id) or die $dbh->errstr;
}
print $query->redirect("index.pl?information=information_logged_in");
}
else
{
#an error occured
print $session->header();
print "error validating identity: ", $con->err;
}
}
else
{
#if not, print login form
$page->{'loginform'} = [''];
print output_page();
}
}
#else it's a normal login
elsif($query->param('pass') ne '' and $query->param('user')!~m/^http:\/\// and $query->param('user') ne '')
{
#prepare query - empty password are openid users so omit those entries
my $sth = $dbh->prepare(qq{select id from users
where password = password( ? ) and username = ? limit 1 });
#execute query
$sth->execute($query->param('pass'), $query->param('user'));
#if something was returned username and password match
if($sth->fetchrow_array())
{
#store session id in database
$dbh->do(qq{update users set sid = ? where username = ? }, undef, $session->id, $query->param('user')) or die $dbh->errstr;
print $query->redirect("index.pl?information=information_logged_in");
}
else
{
#if not, print error
$page->{'message'}->{'type'} = "error";
$page->{'message'}->{'text'} = "error_username_password_do_not_match";
print output_page();
}
}
else else
{ {
#if not, print login form #if not, print login form

4
trunk/xsl/xhtml/header.xsl
View file

@ -30,10 +30,10 @@
<li> <li>
<a> <a>
<xsl:attribute name="href"> <xsl:attribute name="href">
<xsl:value-of select="$site_strings[@id='path_login-openid']" /> <xsl:value-of select="$site_strings[@id='path_login']" />
</xsl:attribute> </xsl:attribute>
<xsl:value-of select="$locale_strings[@id='login_openid']" /> <xsl:value-of select="$locale_strings[@id='login']" />
</a> </a>
</li> </li>

84
trunk/xsl/xhtml/loginbox.xsl
View file

@ -18,12 +18,6 @@
<xsl:value-of select="$site_strings[@id='path_login']" /> <xsl:value-of select="$site_strings[@id='path_login']" />
</xsl:attribute> </xsl:attribute>
<fieldset> <fieldset>
<!--
why do we need this hidden input ?
-->
<input name="action" type="hidden" value="login" />
<label for="user"> <label for="user">
<xsl:value-of select="$locale_strings[@id='username']" />: <xsl:value-of select="$locale_strings[@id='username']" />:
</label> </label>
@ -104,66 +98,26 @@
the loginform template is deprecated the loginform template is deprecated
--> -->
<div class="loginform"> <div class="loginform">
<xsl:choose> <form method="post">
<xsl:when test="//loginform/@action='openid'"> <xsl:attribute name="action">
<form method="post"> <xsl:value-of select="$site_strings[@id='path_login']" />
<xsl:attribute name="action"> </xsl:attribute>
<xsl:value-of select="$site_strings[@id='path_login']" /> <fieldset>
<xsl:value-of select="$locale_strings[@id='username']" />:
<br />
<input name="user" type="text" size="30" maxlength="30" />
<br />
<xsl:value-of select="$locale_strings[@id='password']" />:
<br />
<input name="pass" type="password" size="30" maxlength="30" />
<br />
<input type="submit" name="login" >
<xsl:attribute name="value">
<xsl:value-of select="$locale_strings[@id='button_login']" />
</xsl:attribute> </xsl:attribute>
<fieldset> </input>
<input name="action" type="hidden" value="openid" /> </fieldset>
OpenID: </form>
<br />
<input name="user" type="text" style="background: url(http://stat.livejournal.com/img/openid-inputicon.gif) no-repeat; background-color: #fff; background-position: 0 50%; padding-left: 18px;" />
<br />
e.g. http://username.myopenid.com
<br />
<input type="submit" name="login" >
<xsl:attribute name="value">
<xsl:value-of select="$locale_strings[@id='button_login']" />
</xsl:attribute>
</input>
<br />
<a>
<xsl:attribute name="href">
<xsl:value-of select="$site_strings[@id='path_login']" />
</xsl:attribute>
login with normal account
</a>
</fieldset>
</form>
</xsl:when>
<xsl:otherwise>
<form method="post">
<xsl:attribute name="action">
<xsl:value-of select="$site_strings[@id='path_login']" />
</xsl:attribute>
<fieldset>
<input name="action" type="hidden" value="login" />
<xsl:value-of select="$locale_strings[@id='username']" />:
<br />
<input name="user" type="text" size="30" maxlength="30" />
<br />
<xsl:value-of select="$locale_strings[@id='password']" />:
<br />
<input name="pass" type="password" size="30" maxlength="30" />
<br />
<input type="submit" name="login" >
<xsl:attribute name="value">
<xsl:value-of select="$locale_strings[@id='button_login']" />
</xsl:attribute>
</input>
<br />
<a>
<xsl:attribute name="href">
<xsl:value-of select="$site_strings[@id='path_login-openid']" />
</xsl:attribute>
login with openid
</a>
</fieldset>
</form>
</xsl:otherwise>
</xsl:choose>
</div> </div>
</xsl:template> </xsl:template>