summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
authoreric <eric>2004-06-19 22:19:42 +0200
committereric <eric>2004-06-19 22:19:42 +0200
commit30aea4ec8cfee1ffc8786955ecb012ef73a68b73 (patch)
treed4eacdc75f16fc8d9c5080325ee6fecda36a9366 /web
parentf478d7204f23cbf23d7149cd8694a3e74211ae9f (diff)
downloadaur-30aea4ec8cfee1ffc8786955ecb012ef73a68b73.tar.gz
aur-30aea4ec8cfee1ffc8786955ecb012ef73a68b73.tar.xz
started working on the login
Diffstat (limited to 'web')
-rw-r--r--web/html/index.php104
-rw-r--r--web/html/timeout.php13
-rw-r--r--web/lang/index_po.inc65
-rw-r--r--web/lang/timeout_po.inc24
-rw-r--r--web/lib/aur.inc80
5 files changed, 282 insertions, 4 deletions
diff --git a/web/html/index.php b/web/html/index.php
index 80389923..3bda5511 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -2,12 +2,110 @@
include("index_po.inc");
include("aur.inc");
set_lang();
+check_sid();
+
+# Need to do the authentication prior to sending HTML
+#
+$login_error = "";
+if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
+ # Attempting to log in
+ #
+ if (!isset($_REQUEST['user'])) {
+ $login_error = __("You must supply a username.");
+ }
+ if (!isset($_REQUEST['pass'])) {
+ $login_error = __("You must supply a password.");
+ }
+ if (!$login_error) {
+ # Try and authenticate the user
+ #
+ $dbh = db_connect();
+ $q = "SELECT ID, Suspended FROM Users ";
+ $q.= "WHERE Email = '" . mysql_escape_string($_REQUEST["user"]) . "' ";
+ $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'";
+ $result = mysql_query($q, $dbh);
+ if (!$result) {
+ $login_error = __("Incorrect password for username %s.",
+ array($_REQUEST["user"]));
+ }
+ $row = mysql_fetch_row($result);
+ if ($row[1]) {
+ $login_error = __("Your account has been suspended.");
+ }
+
+ if (!$login_error) {
+ # Account looks good. Generate a SID and store it.
+ #
+ $logged_in = 0;
+ $num_tries = 0;
+ while (!$logged_in && $num_tries < 5) {
+ $new_sid = new_sid();
+ $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) ";
+ $q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())";
+ $result = mysql_query($q, $dbh);
+ # Query will fail if $new_sid is not unique
+ #
+ if ($result) {
+ $logged_in = 1;
+ break;
+ }
+ $num_tries++;
+ }
+ if ($logged_in) {
+ # set our SID cookie
+ #
+ setcookie("AURSID", $new_sid, 0, "/");
+ header("Location: /index.php");
+ } else {
+ $login_error = __("Error trying to generate session id.");
+ }
+ }
+ }
+}
+
+# Any cookies have been sent, can now display HTML
+#
html_header();
+print "<table border='0' cellpadding='0' cellspacing='3' width='90%'>\n";
+print "<tr>\n";
+print " <td align='left'>";
+print __("This is where the intro text will go.");
+print __("For now, it's just a place holder.");
+print __("It's more important to get the login functionality finished.");
+print __("After that, this can be filled in with more meaningful text.");
+print " </td>";
+print " <td align='right'>";
+if (!isset($_COOKIE["AURSID"])) {
+ # the user is not logged in, give them login widgets
+ #
+ print "<form action='/index.php' method='post'>\n";
+ if ($login_error) {
+ print $login_error . "<br/>\n";
+ }
+ print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
+ print "<tr>\n";
+ print "<td>".__("Username:")."</td>";
+ print "<td><input type='text' name='user' size='30' maxlength='64'></td>";
+ print "</tr>\n";
+ print "<tr>\n";
+ print "<td>".__("Password:")."</td>";
+ print "<td><input type='password' name='pass' size='30' maxlength='32'></td>";
+ print "</tr>\n";
+ print "<tr>\n";
+ print "<td colspan='2' align='right'>&nbsp;<br/>";
+ print "<input type='submit' value='".__("Login")."'></td>";
+ print "</tr>\n";
+ print "</table>\n";
+ print "</form>\n";
-#$dbh = db_connect();
-print "Connected...<br>\n";
-print "My LANG is: " . $LANG . "<br>\n";
+} else {
+ print __("Currently logged in as: %h%s%h",
+ array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
+}
+print " </td>";
+print "</tr>\n";
+print "</table>\n";
html_footer("\$Id$");
diff --git a/web/html/timeout.php b/web/html/timeout.php
new file mode 100644
index 00000000..6a543c52
--- /dev/null
+++ b/web/html/timeout.php
@@ -0,0 +1,13 @@
+<?
+include("timeout_po.inc");
+include("aur.inc");
+set_lang();
+html_header();
+
+print __("Your session has timed out. You must log in again.");
+print "<p>\n";
+print __("Click on the Home link above to log in.");
+print "</p>\n";
+
+html_footer("\$Id$");
+?>
diff --git a/web/lang/index_po.inc b/web/lang/index_po.inc
index 0b5d1bc9..e5bfe70f 100644
--- a/web/lang/index_po.inc
+++ b/web/lang/index_po.inc
@@ -16,4 +16,69 @@ $_t["en"]["Hi, this is worth reading!"] = "Hi, this is worth reading!";
# $_t["fr"]["Hi, this is worth reading!"] = "--> Traduction française ici. <--";
# $_t["de"]["Hi, this is worth reading!"] = "--> Deutsche Übersetzung hier. <--";
+$_t["en"]["You must supply a password."] = "You must supply a password.";
+# $_t["es"]["You must supply a password."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["You must supply a password."] = "--> Traduction française ici. <--";
+# $_t["de"]["You must supply a password."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["You must supply a username."] = "You must supply a username.";
+# $_t["es"]["You must supply a username."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["You must supply a username."] = "--> Traduction française ici. <--";
+# $_t["de"]["You must supply a username."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Incorrect password for username %s."] = "Incorrect password for username %s.";
+# $_t["es"]["Incorrect password for username %s."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Incorrect password for username %s."] = "--> Traduction française ici. <--";
+# $_t["de"]["Incorrect password for username %s."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["After that, this can be filled in with more meaningful text."] = "After that, this can be filled in with more meaningful text.";
+# $_t["es"]["After that, this can be filled in with more meaningful text."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["After that, this can be filled in with more meaningful text."] = "--> Traduction française ici. <--";
+# $_t["de"]["After that, this can be filled in with more meaningful text."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Your account has been suspended."] = "Your account has been suspended.";
+# $_t["es"]["Your account has been suspended."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Your account has been suspended."] = "--> Traduction française ici. <--";
+# $_t["de"]["Your account has been suspended."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Password:"] = "Password:";
+# $_t["es"]["Password:"] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Password:"] = "--> Traduction française ici. <--";
+# $_t["de"]["Password:"] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Username:"] = "Username:";
+# $_t["es"]["Username:"] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Username:"] = "--> Traduction française ici. <--";
+# $_t["de"]["Username:"] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["It's more important to get the login functionality finished."] = "It's more important to get the login functionality finished.";
+# $_t["es"]["It's more important to get the login functionality finished."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["It's more important to get the login functionality finished."] = "--> Traduction française ici. <--";
+# $_t["de"]["It's more important to get the login functionality finished."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Currently logged in as: %h%s%h"] = "Currently logged in as: %h%s%h";
+# $_t["es"]["Currently logged in as: %h%s%h"] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Currently logged in as: %h%s%h"] = "--> Traduction française ici. <--";
+# $_t["de"]["Currently logged in as: %h%s%h"] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["For now, it's just a place holder."] = "For now, it's just a place holder.";
+# $_t["es"]["For now, it's just a place holder."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["For now, it's just a place holder."] = "--> Traduction française ici. <--";
+# $_t["de"]["For now, it's just a place holder."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["This is where the intro text will go."] = "This is where the intro text will go.";
+# $_t["es"]["This is where the intro text will go."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["This is where the intro text will go."] = "--> Traduction française ici. <--";
+# $_t["de"]["This is where the intro text will go."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Error trying to generate session id."] = "Error trying to generate session id.";
+# $_t["es"]["Error trying to generate session id."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Error trying to generate session id."] = "--> Traduction française ici. <--";
+# $_t["de"]["Error trying to generate session id."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Login"] = "Login";
+# $_t["es"]["Login"] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Login"] = "--> Traduction française ici. <--";
+# $_t["de"]["Login"] = "--> Deutsche Übersetzung hier. <--";
+
?> \ No newline at end of file
diff --git a/web/lang/timeout_po.inc b/web/lang/timeout_po.inc
new file mode 100644
index 00000000..09748d9f
--- /dev/null
+++ b/web/lang/timeout_po.inc
@@ -0,0 +1,24 @@
+<?
+# INSTRUCTIONS TO TRANSLATORS
+#
+# This file contains the i18n translations for a subset of the
+# Arch Linux User-community Repository (AUR). This is a PHP
+# script, and as such, you MUST pay great attention to the syntax.
+# If your text contains any double-quotes ("), you MUST escape
+# them with the backslash character (\).
+#
+
+include_once("translator.inc");
+global $_t;
+
+$_t["en"]["Click on the Home link above to log in."] = "Click on the Home link above to log in.";
+# $_t["es"]["Click on the Home link above to log in."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Click on the Home link above to log in."] = "--> Traduction française ici. <--";
+# $_t["de"]["Click on the Home link above to log in."] = "--> Deutsche Übersetzung hier. <--";
+
+$_t["en"]["Your session has timed out. You must log in again."] = "Your session has timed out. You must log in again.";
+# $_t["es"]["Your session has timed out. You must log in again."] = "--> Traducción española aquí. <--";
+# $_t["fr"]["Your session has timed out. You must log in again."] = "--> Traduction française ici. <--";
+# $_t["de"]["Your session has timed out. You must log in again."] = "--> Deutsche Übersetzung hier. <--";
+
+?> \ No newline at end of file
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index d809ace7..a333576d 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -11,6 +11,84 @@ $SUPPORTED_LANGS = array(
"fr" => 1, # Français
);
+# see if the visitor is already logged in
+#
+function check_sid() {
+ global $_COOKIE;
+
+ if (isset($_COOKIE["AURSID"])) {
+ $failed = 0;
+ # the visitor is logged in, try and update the session
+ #
+ $dbh = db_connect();
+ $q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions ";
+ $q.= "WHERE SessionID = '" . mysql_escape_string($_COOKIE["AURSID"]) . "'";
+ $result = mysql_query($q, $dbh);
+ if (!$result) {
+ $failed = 1;
+ } else {
+ if ($row[0] + 10 >= $row[1]) {
+ $failed = 1;
+ }
+ }
+ if ($failed) {
+ # visitor's session id either doesn't exist, or the timeout
+ # was reached and they must login again, send them back to
+ # the main page where they can log in again.
+ #
+ $q = "DELETE FROM Sessions WHERE SessionID = '";
+ $q.= mysql_escape_string($_COOKIE["AURSID"]) . "'";
+ mysql_query($q, $dbh);
+
+ setcookie("AURSID", "", time() - (60*60*24*30), "/");
+ header("Location: /timeout.php");
+ }
+ }
+
+ return;
+}
+
+# a new seed value for mt_srand()
+#
+function make_seed() {
+ list($usec, $sec) = explode(' ', microtime());
+ return (float) $sec + ((float) $usec * 10000);
+}
+
+# generate a (hopefully) unique session id
+#
+function new_sid() {
+ mt_srand(make_seed());
+ $ts = time();
+ $pid = getmypid();
+
+ $rand_num = mt_rand();
+ mt_srand(make_seed());
+ $rand_str = substr(md5(mt_rand()),2, 20);
+
+ $id = $rand_str . strtolower(md5($ts.$pid)) . $rand_num;
+ return strtoupper(md5($id));
+}
+
+# obtain the username if given their current SID
+#
+function username_from_sid($sid="") {
+ if (!$sid) {
+ return "";
+ }
+ $dbh = db_connect();
+ $q = "SELECT Email ";
+ $q.= "FROM Users, Sessions ";
+ $q.= "WHERE Users.ID = Sessions.UsersID ";
+ $q.= "AND SessionID = '" . mysql_escape_string($sid) . "'";
+ $result = mysql_query($q, $dbh);
+ if (!$result) {
+ return "";
+ }
+ $row = mysql_fetch_row($result);
+
+ return $row[0];
+}
# connect to the database
#
@@ -155,7 +233,7 @@ function html_footer($ver="") {
print "</table>\n";
print "<p>\n";
if ($ver) {
- print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
+ print "<table border='0' cellpadding='0' cellspacing='0' width='97%'>\n";
print "<tr><td align='right'><span class='fix'>".$ver."</span></td></tr>\n";
print "</table>\n";
}