'<a href="'.escapeHTML($new_url).'">',
$r->_gt("If you aren't redirected, click to continue."),
"</a>",
- $c->_ch('gen_end_html'));
+ $r->_ch('gen_end_html'));
}
-sub gen_plain_login_form ($$) {
- my ($c,$r, $params) = @_;
+sub gen_some_form ($$) {
+ my ($r, $params, $bodyfn) = @_;
+ # Calls $bodyfn->($c,$r) which returns @formbits
+ my $c = $r->{Cgi};
my @form;
push @form, ('<form method="POST" action="'.
- escapeHTML($r->_ch('get_url')).'">'.
- '<table>');
- my $sz = 'size="'.$r->{S}{form_entry_size}.'"';
- foreach my $up (@{ $r->{S}{username_param_names}}) {
- push @form, ('<tr><td>',$r->_gt(ucfirst $up),'</td>',
- '<td><input type="text" '.$sz.
- ' name='.$up.'></td></tr>');
- }
- push @form, ('<tr><td>'.$r->_gt('Password').'</td>',
- '<td><input type="password" '.$sz.
- ' name="'.$r->{S}{password_param_name}.'"></td></tr>');
- push @form, ('<tr><td colspan="2">',
- '<input type="submit"'.
- ' name="'.$r->{S}{login_submit_name}[0].'"'.
- ' value="'.$r->_gt('Login').'"></td></tr>',
- '</table>');
+ escapeHTML($r->_ch('get_url')).'">');
+ push @form, $bodyfn->($c,$r);
foreach my $n (keys %$params) {
- push @form, ('<input type="hidden"'.
- ' name="'.$n.'"'.
- ' value="'.$params->{$n}.'">');
+ foreach my $val (@{ $params->{$n} }) {
+ push @form, ('<input type="hidden"'.
+ ' name="'.escapeHTML($n).'"'.
+ ' value="'.escapeHTML($val).'">');
+ }
}
push @form, ('</form>');
return join "\n", @form;
}
-sub gen_login_link ($$) {
+sub gen_plain_login_form ($$) {
+ my ($c,$r, $params) = @_;
+ return $r->gen_some_form($params, sub {
+ my @form;
+ push @form, ('<table>');
+ my $sz = 'size="'.$r->{S}{form_entry_size}.'"';
+ foreach my $up (@{ $r->{S}{username_param_names}}) {
+ push @form, ('<tr><td>',$r->_gt(ucfirst $up),'</td>',
+ '<td><input type="text" '.$sz.
+ ' name='.$up.'></td></tr>');
+ }
+ push @form, ('<tr><td>'.$r->_gt('Password').'</td>',
+ '<td><input type="password" '.$sz.
+ ' name="'.$r->{S}{password_param_name}.'"></td></tr>');
+ push @form, ('<tr><td colspan="2">',
+ '<input type="submit"'.
+ ' name="'.$r->{S}{login_submit_name}[0].'"'.
+ ' value="'.$r->_gt('Login').'"></td></tr>',
+ '</table>');
+ return @form;
+ });
+}
+
+sub gen_postmainpage_form ($$$) {
+ my ($c,$r, $params) = @_;
+ return $r->gen_some_form($params, sub {
+ my @form;
+ push @form, ('<input type="submit"',
+ ' name="'.$r->{S}{dummy_param_name}.'_submit"'.
+ ' value="'.$r->_gt('Continue').'">');
+ return @form;
+ });
+}
+
+sub gen_plain_login_link ($$) {
my ($c,$r, $params) = @_;
my $url = $r->url_with_query_params($params);
return ('<a href="'.escapeHTML($url).'">'.
login_form_timeout => 3600, # seconds
key_rollover => 86400, # seconds
assoc_param_name => 'caf_assochash',
+ dummy_param_name => 'caf_dummy',
cookie_name => "caf_assocsecret",
password_param_name => 'password',
username_param_names => [qw(username)],
gen_end_html => sub { $_[0]->end_html(); },
gen_login_form => \&gen_plain_login_form,
gen_login_link => \&gen_plain_login_link,
+ gen_postmainpage_form => \&gen_postmainpage_form,
gettext => sub { gettext($_[2]); },
print => sub { print $_[2] or die $!; },
},
print STDERR "DT commit ok\n";
1;
}) {
-print STDERR "DT commit eval ok $rv\n";
+print STDERR "DT commit eval ok ",Dumper($rv);
return $rv;
}
print STDERR "DT commit throw?\n";
my $cookie = $r->construct_cookie($cookiesecret);
if (defined $cookiesecret) {
- $params->{$r->{S}{assoc_param_name}} = $r->hash($cookiesecret);
+ $params->{$r->{S}{assoc_param_name}} = [ $r->hash($cookiesecret) ];
}
if ($kind =~ m/^REDIRECT-/) {
# for redirects, we honour stored NextParams and SetCookie,
# as we would for non-divert
if ($kind eq 'REDIRECT-LOGGEDOUT') {
- $params->{$r->{S}{loggedout_param_names}[0]} = 1;
+ $params->{$r->{S}{loggedout_param_names}[0]} = [ 1 ];
} elsif ($kind eq 'REDIRECT-LOGOUT') {
- $params->{$r->{S}{logout_param_names}[0]} = 1;
+ $params->{$r->{S}{logout_param_names}[0]} = [ 1 ];
} elsif ($kind eq 'REDIRECT-LOGGEDIN') {
} else {
die;
} elsif ($kind =~ m/^SMALLPAGE-/) {
$title = $r->_gt('Not logged in');
push @body, $r->_gt($divert->{Message});
- push @body, $r->_ch('gen_login_link');
+ push @body, $r->_ch('gen_login_link', $params);
+ } elsif ($kind =~ m/^MAINPAGEONLY$/) {
+ $title = $r->_gt('Entering secure site.');
+ push @body, $r->_gt($divert->{Message});
+ push @body, $r->_ch('gen_postmainpage_form', $params);
} else {
die $kind;
}
die "unchecked" unless exists $r->{Divert};
}
+sub _is_post ($) {
+ my ($r) = @_;
+ my $meth = $r->_ch('get_method');
+ return $meth eq 'POST';
+}
+
sub _must_be_post ($) {
my ($r) = @_;
my $meth = $r->_ch('get_method');
$r->_must_be_post();
}
+sub mutate_ok ($) {
+ my ($r) = @_;
+ $r->_assert_checked();
+ die if $r->{Divert};
+ return $r->_is_post();
+}
+
#---------- output ----------
sub secret_cookie_val ($) {
sub secret_hidden_val ($) {
my ($r) = @_;
$r->_assert_checked();
- return defined $r->{AssocSecret} ? r->hash($r->{AssocSecret}) : '';
+ return defined $r->{AssocSecret} ? $r->hash($r->{AssocSecret}) : '';
}
sub secret_hidden_html ($) {
~ian / cgi-auth-flexible.git / blobdiff