our @EXPORT_OK;
use DBI;
-use CGI;
+use CGI qw/escapeHTML/;
use Locale::gettext;
+use URI;
+use IO::File;
+use Data::Dumper;
#---------- public utilities ----------
#---------- default callbacks ----------
sub has_a_param ($$) {
- my ($c,$r,$cn) = @_;
+ my ($r,$cn) = @_;
foreach my $pn (@{ $r->{S}{$cn} }) {
- return 1 if $r->_cm('get_param',$pn);
+ return 1 if $r->_ch('get_param',$pn);
}
return 0;
}
-sub get_params ($$) {
- my ($c,$r) = @_;
+sub get_params ($) {
+ my ($r) = @_;
my %p;
+ my $c = $r->{Cgi};
foreach my $name ($c->param()) {
$p{$name} = [ $c->param($name) ];
}
my ($c,$r, $params) = @_;
my @form;
push @form, ('<form method="POST" action="'.
- escapeHTML($r->_ch('get_url')).'>'.
+ escapeHTML($r->_ch('get_url')).'">'.
'<table>');
my $sz = 'size="'.$r->{S}{form_entry_size}.'"';
foreach my $up (@{ $r->{S}{username_param_names}}) {
gen_login_form => \&gen_plain_login_form,
gen_login_link => \&gen_plain_login_link,
gettext => sub { gettext($_[2]); },
+ print => sub { print $_[2] or die $!; },
},
Dbh => undef,
};
my $u = umask 077;
$dbh = DBI->connect($dsn, $v->{S}{assocdb_user},
$v->{S}{assocdb_password}, {
- AutoCommit => 0, RaiseError => 1,
+ AutoCommit => 0,
+ RaiseError => 1,
+ ShowErrorStatement => 1,
});
die "$dsn $! ?" unless $dbh;
$v->{Dbh} = $dbh;
eval {
- $r->_db_transaction(sub {
+ $v->_db_transaction(sub {
+ local ($dbh->{PrintError}) = 0;
$dbh->do("CREATE TABLE $v->{S}{assocdb_table} (".
- " associdh VARCHAR PRIMARY KEY,".
+ " associd VARCHAR PRIMARY KEY,".
" username VARCHAR,".
" last INTEGER NOT NULL".
")");
}
sub _db_transaction ($$) {
- my ($r, $fn) = @_;
+ my ($v, $fn) = @_;
my $retries = 10;
my $rv;
my $dbh = $v->{Dbh};
+print STDERR "DT entry\n";
for (;;) {
+print STDERR "DT loop\n";
if (!eval {
$rv = $fn->();
+print STDERR "DT fn ok\n";
1;
}) {
+print STDERR "DT fn error\n";
{ local ($@); $dbh->rollback(); }
+print STDERR "DT fn throwing\n";
die $@;
}
+print STDERR "DT fn eval ok\n";
if (eval {
$dbh->commit();
+print STDERR "DT commit ok\n";
1;
}) {
+print STDERR "DT commit eval ok $rv\n";
return $rv;
}
+print STDERR "DT commit throw?\n";
die $@ if !--$retries;
+print STDERR "DT loop again\n";
}
}
sub _ch ($$@) { # calls an application hook
my ($r,$methname, @args) = @_;
my $methfunc = $r->{S}{$methname};
+ die "$methname ?" unless $methfunc;
return $methfunc->($r->{Cgi}, $r, @args);
}
sub construct_cookie ($$$) {
my ($r, $cookv) = @_;
- return $r->{Cgi}->cookie(-name => $r->{S}{cookie_name},
+ return undef unless $cookv;
+ my $c = $r->{Cgi};
+ my $cookt = $c->cookie(-name => $r->{S}{cookie_name},
-value => $cookv,
-path => $r->{S}{cookie_path},
-domain => $r->_ch('get_cookie_domain'),
-expires => '+'.$r->{S}{login_timeout}.'s',
-secure => $r->{S}{encrypted_only});
+print STDERR "CC $r $c $cookv $cookt\n";
+ return $cookt;
}
# pages/param-sets are
# y, yN value corresponds to logged-in user
# n, nN value not in our db
# x, xN t or y
-# - no value supplied
+# - no value supplied (represented in code as $cookt='')
# if N differs the case applies only when the two values differ
# (eg, a1 y2 does not apply when the logged-in value is supplied twice)
# revoke y2
# treat as -/n n POST
#
- # -/n n GET n cross-site link but user not logged in
+ # -/n -/n GET n cross-site link but user not logged in
# show login form with redirect to orig params
+ # generate fresh cookie
#
# -/n n GET rmu user not logged in
# fail
# -/n n POST r u user not logged in
# fail
+#fixme make parameter values hash of cookie values
+
sub _check_divert_core ($) {
my ($r) = @_;
my ($cookt,$cooku) = $r->_db_lookup($cookv);
my $parmt = $r->_db_lookup($parmv);
+ print STDERR "_c_d_c cookt=$cookt parmt=$parmt\n";
+
if ($r->_ch('is_logout')) {
$r->_must_be_post();
die unless $parmt;
if ($cookt ne 'y') {
die unless !$cookt || $cookt eq 'n';
die unless !$parmt || $parmt eq 'n' || $parmt eq 'y';
+ my $newv = $r->_fresh_cookie();
if ($meth eq 'GET') {
return ({ Kind => 'LOGIN-INCOMINGLINK',
Message => "You need to log in again.",
- CookieVal => $parmv,
+ CookieVal => $newv,
Params => $r->_chain_params() });
} else {
+ $r->_db_revoke($parmv);
return ({ Kind => 'LOGIN-FRESH',
Message => "You need to log in again.",
- CookieVal => $parmv,
+ CookieVal => $newv,
Params => { } });
}
}
die unless $cookv eq $parmv;
$r->{Assoc} = $cookv;
$r->{UserOK} = $cooku;
+ print STDERR "C-D-C OK\n";
return undef;
}
sub check_divert ($) {
my ($r) = @_;
- my $divert;
if (exists $r->{Divert}) {
return $r->{Divert};
}
my $dbh = $r->{Dbh};
$r->{Divert} = $r->_db_transaction(sub { $r->_check_divert_core(); });
$dbh->commit();
- return $divert;
+ print STDERR Dumper($r->{Divert});
+ return $r->{Divert};
}
sub get_divert ($) {
my ($r) = @_;
my ($divert) = $r->check_divert();
- return 1 if $divert;
+ return 1 if !$divert;
my $handled = $r->_ch('handle_divert',$divert);
return 0 if $handled;
die $kind;
}
- $r->_print($r->_ch('start_html',$title),
+ $r->_print($r->{Cgi}->header('text/html'),
+ $r->_ch('gen_start_html',$title),
@body,
- $r->_ch('end_html'));
+ $r->_ch('gen_end_html'));
return 0;
}
$!=0;
read($rsf,$bin,$bytes) == $bytes or die "$rsp $!";
close $rsf;
- return unpack "H*", $bin;
+ my $out = unpack "H*", $bin;
+ print STDERR "_random out $out\n";
}
sub _fresh_cookie ($) {
my ($r) = @_;
+ print STDERR "_fresh_cookie\n";
my $bytes = ($r->{S}{associdlen} + 7) >> 3;
return $r->_random($bytes);
}
-sub check_mutate ($) {
+sub _assert_checked ($) {
my ($r) = @_;
die "unchecked" unless exists $r->{Divert};
+}
+
+sub check_mutate ($) {
+ my ($r) = @_;
+ $r->_assert_checked();
die if $r->{Divert};
my $meth = $r->_ch('get_method');
die "mutating non-POST" if $meth ne 'POST';
sub secret_val ($) {
my ($r) = @_;
- $r->check();
+ $r->_assert_checked();
return defined $r->{Assoc} ? $r->{Assoc} : '';
}
sub secret_cookie ($) {
my ($r) = @_;
- return $r->construct_cookie($r->secret_val());
+#print STDERR "SC\n";
+ my $cookv = $r->construct_cookie($r->secret_val());
+#print STDERR "SC=$cookv\n";
+ return $cookv;
}
__END__