Commit 30aea4ec authored by eric's avatar eric
Browse files

started working on the login

parent f478d720
......@@ -20,7 +20,7 @@ INSERT INTO AccountTypes (ID, AccountType) VALUES (3, 'Developer');
--
CREATE TABLE Users (
ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT,
AccountTypeID TINYINT UNSIGNED NOT NULL DEFAULT 1,
AccountTypeID TINYINT UNSIGNED NOT NULL DEFAULT 1,
Suspended TINYINT UNSIGNED NOT NULL DEFAULT 0,
Email CHAR(64) NOT NULL,
Passwd CHAR(32) NOT NULL,
......@@ -46,7 +46,8 @@ CREATE TABLE Sessions (
UsersID INTEGER UNSIGNED NOT NULL,
SessionID CHAR(32) NOT NULL,
LastUpdateTS BIGINT UNSIGNED NOT NULL,
FOREIGN KEY (UsersID) REFERENCES Users(ID)
FOREIGN KEY (UsersID) REFERENCES Users(ID),
UNIQUE (SessionID)
);
......
......@@ -2,12 +2,110 @@
include("index_po.inc");
include("aur.inc");
set_lang();
check_sid();
# Need to do the authentication prior to sending HTML
#
$login_error = "";
if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
# Attempting to log in
#
if (!isset($_REQUEST['user'])) {
$login_error = __("You must supply a username.");
}
if (!isset($_REQUEST['pass'])) {
$login_error = __("You must supply a password.");
}
if (!$login_error) {
# Try and authenticate the user
#
$dbh = db_connect();
$q = "SELECT ID, Suspended FROM Users ";
$q.= "WHERE Email = '" . mysql_escape_string($_REQUEST["user"]) . "' ";
$q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'";
$result = mysql_query($q, $dbh);
if (!$result) {
$login_error = __("Incorrect password for username %s.",
array($_REQUEST["user"]));
}
$row = mysql_fetch_row($result);
if ($row[1]) {
$login_error = __("Your account has been suspended.");
}
if (!$login_error) {
# Account looks good. Generate a SID and store it.
#
$logged_in = 0;
$num_tries = 0;
while (!$logged_in && $num_tries < 5) {
$new_sid = new_sid();
$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) ";
$q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())";
$result = mysql_query($q, $dbh);
# Query will fail if $new_sid is not unique
#
if ($result) {
$logged_in = 1;
break;
}
$num_tries++;
}
if ($logged_in) {
# set our SID cookie
#
setcookie("AURSID", $new_sid, 0, "/");
header("Location: /index.php");
} else {
$login_error = __("Error trying to generate session id.");
}
}
}
}
# Any cookies have been sent, can now display HTML
#
html_header();
print "<table border='0' cellpadding='0' cellspacing='3' width='90%'>\n";
print "<tr>\n";
print " <td align='left'>";
print __("This is where the intro text will go.");
print __("For now, it's just a place holder.");
print __("It's more important to get the login functionality finished.");
print __("After that, this can be filled in with more meaningful text.");
print " </td>";
print " <td align='right'>";
if (!isset($_COOKIE["AURSID"])) {
# the user is not logged in, give them login widgets
#
print "<form action='/index.php' method='post'>\n";
if ($login_error) {
print $login_error . "<br/>\n";
}
print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
print "<tr>\n";
print "<td>".__("Username:")."</td>";
print "<td><input type='text' name='user' size='30' maxlength='64'></td>";
print "</tr>\n";
print "<tr>\n";
print "<td>".__("Password:")."</td>";
print "<td><input type='password' name='pass' size='30' maxlength='32'></td>";
print "</tr>\n";
print "<tr>\n";
print "<td colspan='2' align='right'>&nbsp;<br/>";
print "<input type='submit' value='".__("Login")."'></td>";
print "</tr>\n";
print "</table>\n";
print "</form>\n";
#$dbh = db_connect();
print "Connected...<br>\n";
print "My LANG is: " . $LANG . "<br>\n";
} else {
print __("Currently logged in as: %h%s%h",
array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
}
print " </td>";
print "</tr>\n";
print "</table>\n";
html_footer("\$Id$");
......
<?
include("timeout_po.inc");
include("aur.inc");
set_lang();
html_header();
print __("Your session has timed out. You must log in again.");
print "<p>\n";
print __("Click on the Home link above to log in.");
print "</p>\n";
html_footer("\$Id$");
?>
......@@ -16,4 +16,69 @@ $_t["en"]["Hi, this is worth reading!"] = "Hi, this is worth reading!";
# $_t["fr"]["Hi, this is worth reading!"] = "--> Traduction franaise ici. <--";
# $_t["de"]["Hi, this is worth reading!"] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["You must supply a password."] = "You must supply a password.";
# $_t["es"]["You must supply a password."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["You must supply a password."] = "--> Traduction franaise ici. <--";
# $_t["de"]["You must supply a password."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["You must supply a username."] = "You must supply a username.";
# $_t["es"]["You must supply a username."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["You must supply a username."] = "--> Traduction franaise ici. <--";
# $_t["de"]["You must supply a username."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["Incorrect password for username %s."] = "Incorrect password for username %s.";
# $_t["es"]["Incorrect password for username %s."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["Incorrect password for username %s."] = "--> Traduction franaise ici. <--";
# $_t["de"]["Incorrect password for username %s."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["After that, this can be filled in with more meaningful text."] = "After that, this can be filled in with more meaningful text.";
# $_t["es"]["After that, this can be filled in with more meaningful text."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["After that, this can be filled in with more meaningful text."] = "--> Traduction franaise ici. <--";
# $_t["de"]["After that, this can be filled in with more meaningful text."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["Your account has been suspended."] = "Your account has been suspended.";
# $_t["es"]["Your account has been suspended."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["Your account has been suspended."] = "--> Traduction franaise ici. <--";
# $_t["de"]["Your account has been suspended."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["Password:"] = "Password:";
# $_t["es"]["Password:"] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["Password:"] = "--> Traduction franaise ici. <--";
# $_t["de"]["Password:"] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["Username:"] = "Username:";
# $_t["es"]["Username:"] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["Username:"] = "--> Traduction franaise ici. <--";
# $_t["de"]["Username:"] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["It's more important to get the login functionality finished."] = "It's more important to get the login functionality finished.";
# $_t["es"]["It's more important to get the login functionality finished."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["It's more important to get the login functionality finished."] = "--> Traduction franaise ici. <--";
# $_t["de"]["It's more important to get the login functionality finished."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["Currently logged in as: %h%s%h"] = "Currently logged in as: %h%s%h";
# $_t["es"]["Currently logged in as: %h%s%h"] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["Currently logged in as: %h%s%h"] = "--> Traduction franaise ici. <--";
# $_t["de"]["Currently logged in as: %h%s%h"] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["For now, it's just a place holder."] = "For now, it's just a place holder.";
# $_t["es"]["For now, it's just a place holder."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["For now, it's just a place holder."] = "--> Traduction franaise ici. <--";
# $_t["de"]["For now, it's just a place holder."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["This is where the intro text will go."] = "This is where the intro text will go.";
# $_t["es"]["This is where the intro text will go."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["This is where the intro text will go."] = "--> Traduction franaise ici. <--";
# $_t["de"]["This is where the intro text will go."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["Error trying to generate session id."] = "Error trying to generate session id.";
# $_t["es"]["Error trying to generate session id."] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["Error trying to generate session id."] = "--> Traduction franaise ici. <--";
# $_t["de"]["Error trying to generate session id."] = "--> Deutsche bersetzung hier. <--";
$_t["en"]["Login"] = "Login";
# $_t["es"]["Login"] = "--> Traduccin espaola aqu. <--";
# $_t["fr"]["Login"] = "--> Traduction franaise ici. <--";
# $_t["de"]["Login"] = "--> Deutsche bersetzung hier. <--";
?>
\ No newline at end of file
<?
# INSTRUCTIONS TO TRANSLATORS
#
# This file contains the i18n translations for a subset of the
# Arch Linux User-community Repository (AUR). This is a PHP
# script, and as such, you MUST pay great attention to the syntax.
# If your text contains any double-quotes ("), you MUST escape
# them with the backslash character (\).
#
include_once("translator.inc");
global $_t;
$_t["en"]["Click on the Home link above to log in."] = "Click on the Home link above to log in.";
# $_t["es"]["Click on the Home link above to log in."] = "--> Traducción española aquí. <--";
# $_t["fr"]["Click on the Home link above to log in."] = "--> Traduction française ici. <--";
# $_t["de"]["Click on the Home link above to log in."] = "--> Deutsche Übersetzung hier. <--";
$_t["en"]["Your session has timed out. You must log in again."] = "Your session has timed out. You must log in again.";
# $_t["es"]["Your session has timed out. You must log in again."] = "--> Traducción española aquí. <--";
# $_t["fr"]["Your session has timed out. You must log in again."] = "--> Traduction française ici. <--";
# $_t["de"]["Your session has timed out. You must log in again."] = "--> Deutsche Übersetzung hier. <--";
?>
\ No newline at end of file
......@@ -11,6 +11,84 @@ $SUPPORTED_LANGS = array(
"fr" => 1, # Franais
);
# see if the visitor is already logged in
#
function check_sid() {
global $_COOKIE;
if (isset($_COOKIE["AURSID"])) {
$failed = 0;
# the visitor is logged in, try and update the session
#
$dbh = db_connect();
$q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions ";
$q.= "WHERE SessionID = '" . mysql_escape_string($_COOKIE["AURSID"]) . "'";
$result = mysql_query($q, $dbh);
if (!$result) {
$failed = 1;
} else {
if ($row[0] + 10 >= $row[1]) {
$failed = 1;
}
}
if ($failed) {
# visitor's session id either doesn't exist, or the timeout
# was reached and they must login again, send them back to
# the main page where they can log in again.
#
$q = "DELETE FROM Sessions WHERE SessionID = '";
$q.= mysql_escape_string($_COOKIE["AURSID"]) . "'";
mysql_query($q, $dbh);
setcookie("AURSID", "", time() - (60*60*24*30), "/");
header("Location: /timeout.php");
}
}
return;
}
# a new seed value for mt_srand()
#
function make_seed() {
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 10000);
}
# generate a (hopefully) unique session id
#
function new_sid() {
mt_srand(make_seed());
$ts = time();
$pid = getmypid();
$rand_num = mt_rand();
mt_srand(make_seed());
$rand_str = substr(md5(mt_rand()),2, 20);
$id = $rand_str . strtolower(md5($ts.$pid)) . $rand_num;
return strtoupper(md5($id));
}
# obtain the username if given their current SID
#
function username_from_sid($sid="") {
if (!$sid) {
return "";
}
$dbh = db_connect();
$q = "SELECT Email ";
$q.= "FROM Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
$q.= "AND SessionID = '" . mysql_escape_string($sid) . "'";
$result = mysql_query($q, $dbh);
if (!$result) {
return "";
}
$row = mysql_fetch_row($result);
return $row[0];
}
# connect to the database
#
......@@ -155,7 +233,7 @@ function html_footer($ver="") {
print "</table>\n";
print "<p>\n";
if ($ver) {
print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
print "<table border='0' cellpadding='0' cellspacing='0' width='97%'>\n";
print "<tr><td align='right'><span class='fix'>".$ver."</span></td></tr>\n";
print "</table>\n";
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment