| [vhffs-dev] [493] Suppressed vhffs_confirmation. |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 493
Author: beuss
Date: 2007-02-22 20:07:18 +0000 (Thu, 22 Feb 2007)
Log Message:
-----------
Suppressed vhffs_confirmation. Control is now made using cookie.
Modified Paths:
--------------
branches/vhffs_4.1/vhffs-api/src/Vhffs/Panel/Confirmation.pm
branches/vhffs_4.1/vhffs-backend/src/pgsql/initdb.sql
branches/vhffs_4.1/vhffs-compat/4.0.sql
branches/vhffs_4.1/vhffs-panel/show_code.pl
branches/vhffs_4.1/vhffs-panel/subscribe.pl
branches/vhffs_4.1/vhffs-panel/templates/user/create.tmpl
Modified: branches/vhffs_4.1/vhffs-api/src/Vhffs/Panel/Confirmation.pm
===================================================================
--- branches/vhffs_4.1/vhffs-api/src/Vhffs/Panel/Confirmation.pm 2007-02-22 09:49:40 UTC (rev 492)
+++ branches/vhffs_4.1/vhffs-api/src/Vhffs/Panel/Confirmation.pm 2007-02-22 20:07:18 UTC (rev 493)
@@ -40,37 +40,28 @@
use strict;
use diagnostics;
+use Digest::MD5;
+
package Vhffs::Panel::Confirmation;
-#Create a confirmation code. Send an arrayref which contains cid and code
-sub create_code
-{
- my $vhffs;
- my $code;
- my $request;
- my $result;
- my $query;
- my @ret;
- my $cid;
- $vhffs = shift;
- $code = "";
-
+# Create a confirmation code.
+# Returns the clear text confirmation code used for display
+# and an hash used to verify correctness of the user's
+# provided code with check_code
+sub generate_code() {
+ my $ret = {};
+
+ my $code = '';
for (0 .. 7) { $code .= ('a'..'z', 'A'..'Z', '0'..'9')[int rand 62] ; }
+ $ret->{clear} = $code;
+ $ret->{hash} = Digest::MD5::md5_hex($code);
+ return $ret;
+}
- $query = "INSERT INTO vhffs_confirmation (code) VALUES('".$code."')";
- $request = $vhffs->{'db'}->prepare( $query );
- $request->execute or return undef;
-
- $query = "SELECT max(cid) from vhffs_confirmation";
- $request = $vhffs->{'db'}->prepare( $query );
- #Returns 0 if nothing is found (stupid)
- return undef if( $request->execute == 0 );
- $result = $request->fetchrow_arrayref;
- $cid = $result->[0];
- $ret[0] = $cid;
- $ret[1] = $code;
- return( \@ret );
+sub check_code($$) {
+ my ($code, $hash) = @_;
+ return (Digest::MD5::md5_hex($code) eq $hash);
}
#Get a confirmation code according to the cid
Modified: branches/vhffs_4.1/vhffs-backend/src/pgsql/initdb.sql
===================================================================
--- branches/vhffs_4.1/vhffs-backend/src/pgsql/initdb.sql 2007-02-22 09:49:40 UTC (rev 492)
+++ branches/vhffs_4.1/vhffs-backend/src/pgsql/initdb.sql 2007-02-22 20:07:18 UTC (rev 493)
@@ -102,17 +102,6 @@
CONSTRAINT vhffs_boxes_pkey PRIMARY KEY (domain,local_part)
) WITH OIDS;
-
-CREATE TABLE vhffs_confirmation
-(
- cid SERIAL,
- code varchar(10),
- CONSTRAINT vhffs_confirmation_pkey PRIMARY KEY (cid)
-) WITH OIDS;
-
-
-
-
CREATE TABLE vhffs_cvs
(
cvs_id serial,
Modified: branches/vhffs_4.1/vhffs-compat/4.0.sql
===================================================================
--- branches/vhffs_4.1/vhffs-compat/4.0.sql 2007-02-22 09:49:40 UTC (rev 492)
+++ branches/vhffs_4.1/vhffs-compat/4.0.sql 2007-02-22 20:07:18 UTC (rev 493)
@@ -26,6 +26,7 @@
ALTER TABLE vhffs_users ALTER gid DROP NOT NULL;
DROP TABLE vhffs_largefile CASCADE;
+DROP TABLE vhffs_confirmation CASCADE;
-- add a column named "type" on object table in order to know the purpose of the object (web area, mysql, ...)
-- existing types: unassigned[0], user[10], group[11], httpd[20], repository[21], mysql[30], pgsql[31], cvs[40], svn[41], dns[50], mail[60], ml[61]
Modified: branches/vhffs_4.1/vhffs-panel/show_code.pl
===================================================================
--- branches/vhffs_4.1/vhffs-panel/show_code.pl 2007-02-22 09:49:40 UTC (rev 492)
+++ branches/vhffs_4.1/vhffs-panel/show_code.pl 2007-02-22 20:07:18 UTC (rev 493)
@@ -51,15 +51,14 @@
$cgi = new CGI;
$vhffs = init Vhffs::Main;
-$cid = $cgi->param( "cid" );
-$code = Vhffs::Panel::Confirmation::get_code( $vhffs , $cid );
+$code = Vhffs::Panel::Confirmation::generate_code( );
-if(( ! ( defined $code ) ) || ( ! ( defined $cid ) ) )
-{
- print CGI->header( -type=>"text/html", -charset=>"utf-8" );
- print "cid error";
- exit 1;
-}
+#if(( ! ( defined $code ) ) || ( ! ( defined $cid ) ) )
+#{
+# print CGI->header( -type=>"text/html", -charset=>"utf-8" );
+# print "cid error";
+# exit 1;
+#}
$gd = GD::Image->new(70,30);
$white = $gd->colorAllocate(255,255,255);
@@ -73,7 +72,7 @@
width => 70,
line_space => 0,
color => $black,
- text => $code,
+ text => $code->{clear},
);
$wp->set_font(gdLargeFont, 14);
$wp->set(align => 'center');
@@ -81,7 +80,8 @@
$wp->set(para_space => 10, preserve_nl => 0);
# Assume the user has set FONT_PATH or TTF_FONT_PATH
#$wp->font_path('/usr/share/fonts/ttfonts');
-print CGI->header( -type=>"image/png" );
+my $cookie = CGI->cookie( CODE_HASH => $code->{hash} );
+print CGI->header( -type=>"image/png", -cookie => $cookie );
binmode STDOUT ;
print STDOUT $gd->png();
Modified: branches/vhffs_4.1/vhffs-panel/subscribe.pl
===================================================================
--- branches/vhffs_4.1/vhffs-panel/subscribe.pl 2007-02-22 09:49:40 UTC (rev 492)
+++ branches/vhffs_4.1/vhffs-panel/subscribe.pl 2007-02-22 20:07:18 UTC (rev 493)
@@ -67,11 +67,9 @@
my $zipcode = $cgi->param("ZIPCODE");
my $country = $cgi->param("COUNTRY");
my $address = $cgi->param("ADDRESS");
-my $cid = $cgi->param("CID");
my $code = $cgi->param("CONFIRMATION");
-my $realcode = Vhffs::Panel::Confirmation::get_code( $vhffs , $cid );
my @errors = ();
-
+my $code_hash = CGI->cookie('CODE_HASH');
my $template;
my $message;
@@ -82,7 +80,7 @@
$template->param( MESSAGE => gettext("You cannot subscribe to VHFFS") );
} elsif( defined $submitted ) {
# don't check if form hasn't been submitted
- if( ( ! defined $cid ) || ( ! defined $code ) || ( $code ne $realcode ) )
+ if( ( ! defined $code ) || ( ! Vhffs::Panel::Confirmation::check_code($code, $code_hash ) ) )
{
push(@errors, {error => gettext("Codes do not match")});
}
@@ -193,8 +191,6 @@
}
if( ( ! defined $submitted ) || (scalar @errors) != 0 ) {
- my $confirmation = Vhffs::Panel::Confirmation::create_code( $vhffs );
-
# $template is defined in every cases
$template->param( TEXT_SUBSCRIBE => gettext("Subscription") );
@@ -211,8 +207,6 @@
$template->param( BACK => gettext("Back to Login") );
$template->param( CONFIRMATION_TEXT => gettext("Code confirmation") );
$template->param( REPEAT_CONFIRMATION_TEXT => gettext("Recopy the code") );
- $template->param( CID => $confirmation->[0] );
-
}
$template->param( TITLE => gettext("Subscribe") );
Modified: branches/vhffs_4.1/vhffs-panel/templates/user/create.tmpl
===================================================================
--- branches/vhffs_4.1/vhffs-panel/templates/user/create.tmpl 2007-02-22 09:49:40 UTC (rev 492)
+++ branches/vhffs_4.1/vhffs-panel/templates/user/create.tmpl 2007-02-22 20:07:18 UTC (rev 493)
@@ -76,7 +76,7 @@
<label for="CONFIRMATION">
<TMPL_VAR NAME="CONFIRMATION_TEXT">
</label>
- <img src="show_code.pl?cid=<TMPL_VAR NAME="CID">"/>
+ <img src="show_code.pl"/>
</p>
<p>
<label for="CONFIRMATION">
@@ -85,7 +85,6 @@
<input type="text" name="CONFIRMATION" id="CONFIRMATION" maxlength="16"/>
</p>
<p class="button">
- <input type="hidden" name="CID" value="<TMPL_VAR NAME="CID">"/>
<input type="submit" value="<TMPL_VAR NAME="SEND">" name="CREATE_SUBMIT"/>
</p>