From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sun, 27 Jan 2013 19:33:44 +0000 (+0000)
Subject: wip login/logout handling
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=nj-awaymsg.git;a=commitdiff_plain;h=7e5c4c2668078b9ac51c5a4e6ee4519a5f6dd5fe

wip login/logout handling
---

diff --git a/mason/autohandler b/mason/autohandler
index 933ed62..a7d58a4 100644
--- a/mason/autohandler
+++ b/mason/autohandler
@@ -13,7 +13,7 @@ sub login_ok_self ($$) {
     return $password eq 'sesame' ? ('self',undef) : (undef,'wrong');
 }
 
-my $ar = CGI::Auth::Flexible->new_verifier(
+our $verifier = CGI::Auth::Flexible->new_verifier(
     dir => "$ENV{'NJAWAYMSG'}/data",
 #    do_redirect => \&do_redirect_mason,
     handle_divert => sub { $m->auto_send_headers(0); return 0; },
@@ -23,18 +23,15 @@ my $ar = CGI::Auth::Flexible->new_verifier(
     login_ok => \&login_ok_self,
     );
 </%once>
-<%perl>
-my $cgi = $m->cgi_object();
-print STDERR ">".$cgi->url()."<\n";
-my $ar = $ar->new_request($cgi);
-if ($ar->check_ok()) {
-   $m->call_next();
-</%perl>
+<%shared>
+our $cgi = $m->cgi_object();
+our $ar = $verifier->new_request($cgi);
+</%shared>
+% if ($ar->check_ok()) {
+%    $m->call_next();
 <hr>
-<form method="POST" action="<% $cgi->url() %>">
+<form method="POST" action="<% $ENV{'URL'} %>">
 <% $ar->secret_hidden_html() %>
 <input type="submit" name="caf_logout" value="Logout">
 </form>
-<%perl>
-}
-</%perl>
+% }
diff --git a/mason/edit b/mason/edit
index 9612413..4456d87 100755
--- a/mason/edit
+++ b/mason/edit
@@ -3,6 +3,9 @@ use AwayMsg;
 db_connect();
 www_begin($r,$m);
 </%init>
+<%shared>
+our ($cgi,$ar);
+</%shared>
 
 <%args>
 $create => undef
@@ -51,6 +54,7 @@ if (!$tx) { die "no such text $textid"; }
 </%perl>
 <& htmlhead, subpage => "Edit \"$tx->{'desc'}\"" &>
 <form action="save" method="post">
+<% $ar->secret_hidden_html() %>
 <&| txtable, tx => $tx, inputs => 1 &>
 <tr><td colspan=2><textarea name="text" cols="79" rows="15"><%
   $tx->{'text'} |h %></textarea></td></tr>
diff --git a/mason/main b/mason/main
index a9bc72e..03f25cb 100755
--- a/mason/main
+++ b/mason/main
@@ -4,6 +4,9 @@ db_connect();
 www_begin($r,$m);
 my ($sth,$row,$sthi,$rowi);
 </%init>
+<%shared>
+our ($cgi,$ar);
+</%shared>
 <&htmlhead, subpage => 'Overview' &>
 
 <h2>Email addresses and their configuration</h2>
@@ -49,7 +52,8 @@ END
 $sth->execute();
 </%perl>
 % while (my $row= $sth->fetchrow_hashref()) {
-<form action="edit" method="get">
+<form action="<% $ENV{'URL'} %>/edit" method="POST">
+<% $ar->secret_hidden_html() %>
 <h3>Message "<% $row->{'desc'} |h %>"</h3>
 
 <&| txtable, tx => $row &>