diff options
| -rw-r--r-- | support/schema/aur-schema.sql | 5 | ||||
| -rw-r--r-- | web/html/index.php | 104 | ||||
| -rw-r--r-- | web/html/timeout.php | 13 | ||||
| -rw-r--r-- | web/lang/index_po.inc | 65 | ||||
| -rw-r--r-- | web/lang/timeout_po.inc | 24 | ||||
| -rw-r--r-- | web/lib/aur.inc | 80 |
6 files changed, 285 insertions, 6 deletions
diff --git a/support/schema/aur-schema.sql b/support/schema/aur-schema.sql index 662552f4..ab008458 100644 --- a/support/schema/aur-schema.sql +++ b/support/schema/aur-schema.sql @@ -20,7 +20,7 @@ INSERT INTO AccountTypes (ID, AccountType) VALUES (3, 'Developer'); -- CREATE TABLE Users ( ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, - AccountTypeID TINYINT UNSIGNED NOT NULL DEFAULT 1, + AccountTypeID TINYINT UNSIGNED NOT NULL DEFAULT 1, Suspended TINYINT UNSIGNED NOT NULL DEFAULT 0, Email CHAR(64) NOT NULL, Passwd CHAR(32) NOT NULL, @@ -46,7 +46,8 @@ CREATE TABLE Sessions ( UsersID INTEGER UNSIGNED NOT NULL, SessionID CHAR(32) NOT NULL, LastUpdateTS BIGINT UNSIGNED NOT NULL, - FOREIGN KEY (UsersID) REFERENCES Users(ID) + FOREIGN KEY (UsersID) REFERENCES Users(ID), + UNIQUE (SessionID) ); diff --git a/web/html/index.php b/web/html/index.php index 80389923..3bda5511 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -2,12 +2,110 @@ include("index_po.inc"); include("aur.inc"); set_lang(); +check_sid(); + +# Need to do the authentication prior to sending HTML +# +$login_error = ""; +if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { + # Attempting to log in + # + if (!isset($_REQUEST['user'])) { + $login_error = __("You must supply a username."); + } + if (!isset($_REQUEST['pass'])) { + $login_error = __("You must supply a password."); + } + if (!$login_error) { + # Try and authenticate the user + # + $dbh = db_connect(); + $q = "SELECT ID, Suspended FROM Users "; + $q.= "WHERE Email = '" . mysql_escape_string($_REQUEST["user"]) . "' "; + $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'"; + $result = mysql_query($q, $dbh); + if (!$result) { + $login_error = __("Incorrect password for username %s.", + array($_REQUEST["user"])); + } + $row = mysql_fetch_row($result); + if ($row[1]) { + $login_error = __("Your account has been suspended."); + } + + if (!$login_error) { + # Account looks good. Generate a SID and store it. + # + $logged_in = 0; + $num_tries = 0; + while (!$logged_in && $num_tries < 5) { + $new_sid = new_sid(); + $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) "; + $q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())"; + $result = mysql_query($q, $dbh); + # Query will fail if $new_sid is not unique + # + if ($result) { + $logged_in = 1; + break; + } + $num_tries++; + } + if ($logged_in) { + # set our SID cookie + # + setcookie("AURSID", $new_sid, 0, "/"); + header("Location: /index.php"); + } else { + $login_error = __("Error trying to generate session id."); + } + } + } +} + +# Any cookies have been sent, can now display HTML +# html_header(); +print "<table border='0' cellpadding='0' cellspacing='3' width='90%'>\n"; +print "<tr>\n"; +print " <td align='left'>"; +print __("This is where the intro text will go."); +print __("For now, it's just a place holder."); +print __("It's more important to get the login functionality finished."); +print __("After that, this can be filled in with more meaningful text."); +print " </td>"; +print " <td align='right'>"; +if (!isset($_COOKIE["AURSID"])) { + # the user is not logged in, give them login widgets + # + print "<form action='/index.php' method='post'>\n"; + if ($login_error) { + print $login_error . "<br/>\n"; + } + print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n"; + print "<tr>\n"; + print "<td>".__("Username:")."</td>"; + print "<td><input type='text' name='user' size='30' maxlength='64'></td>"; + print "</tr>\n"; + print "<tr>\n"; + print "<td>".__("Password:")."</td>"; + print "<td><input type='password' name='pass' size='30' maxlength='32'></td>"; + print "</tr>\n"; + print "<tr>\n"; + print "<td colspan='2' align='right'> <br/>"; + print "<input type='submit' value='".__("Login")."'></td>"; + print "</tr>\n"; + print "</table>\n"; + print "</form>\n"; -#$dbh = db_connect(); -print "Connected...<br>\n"; -print "My LANG is: " . $LANG . "<br>\n"; +} else { + print __("Currently logged in as: %h%s%h", + array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>")); +} +print " </td>"; +print "</tr>\n"; +print "</table>\n"; html_footer("\$Id$"); diff --git a/web/html/timeout.php b/web/html/timeout.php new file mode 100644 index 00000000..6a543c52 --- /dev/null +++ b/web/html/timeout.php @@ -0,0 +1,13 @@ +<? +include("timeout_po.inc"); +include("aur.inc"); +set_lang(); +html_header(); + +print __("Your session has timed out. You must log in again."); +print "<p>\n"; +print __("Click on the Home link above to log in."); +print "</p>\n"; + +html_footer("\$Id$"); +?> diff --git a/web/lang/index_po.inc b/web/lang/index_po.inc index 0b5d1bc9..e5bfe70f 100644 --- a/web/lang/index_po.inc +++ b/web/lang/index_po.inc @@ -16,4 +16,69 @@ $_t["en"]["Hi, this is worth reading!"] = "Hi, this is worth reading!"; # $_t["fr"]["Hi, this is worth reading!"] = "--> Traduction française ici. <--"; # $_t["de"]["Hi, this is worth reading!"] = "--> Deutsche Übersetzung hier. <--"; +$_t["en"]["You must supply a password."] = "You must supply a password."; +# $_t["es"]["You must supply a password."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["You must supply a password."] = "--> Traduction française ici. <--"; +# $_t["de"]["You must supply a password."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["You must supply a username."] = "You must supply a username."; +# $_t["es"]["You must supply a username."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["You must supply a username."] = "--> Traduction française ici. <--"; +# $_t["de"]["You must supply a username."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Incorrect password for username %s."] = "Incorrect password for username %s."; +# $_t["es"]["Incorrect password for username %s."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Incorrect password for username %s."] = "--> Traduction française ici. <--"; +# $_t["de"]["Incorrect password for username %s."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["After that, this can be filled in with more meaningful text."] = "After that, this can be filled in with more meaningful text."; +# $_t["es"]["After that, this can be filled in with more meaningful text."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["After that, this can be filled in with more meaningful text."] = "--> Traduction française ici. <--"; +# $_t["de"]["After that, this can be filled in with more meaningful text."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Your account has been suspended."] = "Your account has been suspended."; +# $_t["es"]["Your account has been suspended."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Your account has been suspended."] = "--> Traduction française ici. <--"; +# $_t["de"]["Your account has been suspended."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Password:"] = "Password:"; +# $_t["es"]["Password:"] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Password:"] = "--> Traduction française ici. <--"; +# $_t["de"]["Password:"] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Username:"] = "Username:"; +# $_t["es"]["Username:"] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Username:"] = "--> Traduction française ici. <--"; +# $_t["de"]["Username:"] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["It's more important to get the login functionality finished."] = "It's more important to get the login functionality finished."; +# $_t["es"]["It's more important to get the login functionality finished."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["It's more important to get the login functionality finished."] = "--> Traduction française ici. <--"; +# $_t["de"]["It's more important to get the login functionality finished."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Currently logged in as: %h%s%h"] = "Currently logged in as: %h%s%h"; +# $_t["es"]["Currently logged in as: %h%s%h"] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Currently logged in as: %h%s%h"] = "--> Traduction française ici. <--"; +# $_t["de"]["Currently logged in as: %h%s%h"] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["For now, it's just a place holder."] = "For now, it's just a place holder."; +# $_t["es"]["For now, it's just a place holder."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["For now, it's just a place holder."] = "--> Traduction française ici. <--"; +# $_t["de"]["For now, it's just a place holder."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["This is where the intro text will go."] = "This is where the intro text will go."; +# $_t["es"]["This is where the intro text will go."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["This is where the intro text will go."] = "--> Traduction française ici. <--"; +# $_t["de"]["This is where the intro text will go."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Error trying to generate session id."] = "Error trying to generate session id."; +# $_t["es"]["Error trying to generate session id."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Error trying to generate session id."] = "--> Traduction française ici. <--"; +# $_t["de"]["Error trying to generate session id."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Login"] = "Login"; +# $_t["es"]["Login"] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Login"] = "--> Traduction française ici. <--"; +# $_t["de"]["Login"] = "--> Deutsche Übersetzung hier. <--"; + ?>
\ No newline at end of file diff --git a/web/lang/timeout_po.inc b/web/lang/timeout_po.inc new file mode 100644 index 00000000..09748d9f --- /dev/null +++ b/web/lang/timeout_po.inc @@ -0,0 +1,24 @@ +<? +# INSTRUCTIONS TO TRANSLATORS +# +# This file contains the i18n translations for a subset of the +# Arch Linux User-community Repository (AUR). This is a PHP +# script, and as such, you MUST pay great attention to the syntax. +# If your text contains any double-quotes ("), you MUST escape +# them with the backslash character (\). +# + +include_once("translator.inc"); +global $_t; + +$_t["en"]["Click on the Home link above to log in."] = "Click on the Home link above to log in."; +# $_t["es"]["Click on the Home link above to log in."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Click on the Home link above to log in."] = "--> Traduction française ici. <--"; +# $_t["de"]["Click on the Home link above to log in."] = "--> Deutsche Übersetzung hier. <--"; + +$_t["en"]["Your session has timed out. You must log in again."] = "Your session has timed out. You must log in again."; +# $_t["es"]["Your session has timed out. You must log in again."] = "--> Traducción española aquí. <--"; +# $_t["fr"]["Your session has timed out. You must log in again."] = "--> Traduction française ici. <--"; +# $_t["de"]["Your session has timed out. You must log in again."] = "--> Deutsche Übersetzung hier. <--"; + +?>
\ No newline at end of file diff --git a/web/lib/aur.inc b/web/lib/aur.inc index d809ace7..a333576d 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -11,6 +11,84 @@ $SUPPORTED_LANGS = array( "fr" => 1, # Français ); +# see if the visitor is already logged in +# +function check_sid() { + global $_COOKIE; + + if (isset($_COOKIE["AURSID"])) { + $failed = 0; + # the visitor is logged in, try and update the session + # + $dbh = db_connect(); + $q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions "; + $q.= "WHERE SessionID = '" . mysql_escape_string($_COOKIE["AURSID"]) . "'"; + $result = mysql_query($q, $dbh); + if (!$result) { + $failed = 1; + } else { + if ($row[0] + 10 >= $row[1]) { + $failed = 1; + } + } + if ($failed) { + # visitor's session id either doesn't exist, or the timeout + # was reached and they must login again, send them back to + # the main page where they can log in again. + # + $q = "DELETE FROM Sessions WHERE SessionID = '"; + $q.= mysql_escape_string($_COOKIE["AURSID"]) . "'"; + mysql_query($q, $dbh); + + setcookie("AURSID", "", time() - (60*60*24*30), "/"); + header("Location: /timeout.php"); + } + } + + return; +} + +# a new seed value for mt_srand() +# +function make_seed() { + list($usec, $sec) = explode(' ', microtime()); + return (float) $sec + ((float) $usec * 10000); +} + +# generate a (hopefully) unique session id +# +function new_sid() { + mt_srand(make_seed()); + $ts = time(); + $pid = getmypid(); + + $rand_num = mt_rand(); + mt_srand(make_seed()); + $rand_str = substr(md5(mt_rand()),2, 20); + + $id = $rand_str . strtolower(md5($ts.$pid)) . $rand_num; + return strtoupper(md5($id)); +} + +# obtain the username if given their current SID +# +function username_from_sid($sid="") { + if (!$sid) { + return ""; + } + $dbh = db_connect(); + $q = "SELECT Email "; + $q.= "FROM Users, Sessions "; + $q.= "WHERE Users.ID = Sessions.UsersID "; + $q.= "AND SessionID = '" . mysql_escape_string($sid) . "'"; + $result = mysql_query($q, $dbh); + if (!$result) { + return ""; + } + $row = mysql_fetch_row($result); + + return $row[0]; +} # connect to the database # @@ -155,7 +233,7 @@ function html_footer($ver="") { print "</table>\n"; print "<p>\n"; if ($ver) { - print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n"; + print "<table border='0' cellpadding='0' cellspacing='0' width='97%'>\n"; print "<tr><td align='right'><span class='fix'>".$ver."</span></td></tr>\n"; print "</table>\n"; } |