[vhffs-dev] [2183] reworked sessions, removed useless session params, i

[vhffs-dev] [2183] reworked sessions, removed useless session params, improved su feature, cleaned unneeded use

[ Thread Index | Date Index | More vhffs.org/vhffs-dev Archives ]

To: vhffs-dev@xxxxxxxxx
Subject: [vhffs-dev] [2183] reworked sessions, removed useless session params, improved su feature, cleaned unneeded use
From: subversion@xxxxxxxxxxxxx
Date: Thu, 10 May 2012 21:20:36 +0200

Revision: 2183
Author:   gradator
Date:     2012-05-10 21:20:35 +0200 (Thu, 10 May 2012)
Log Message:
-----------
reworked sessions, removed useless session params, improved su feature, cleaned unneeded use

Modified Paths:
--------------
    trunk/vhffs-api/src/Vhffs/Panel/Admin.pm
    trunk/vhffs-api/src/Vhffs/Panel/Auth.pm
    trunk/vhffs-api/src/Vhffs/Panel.pm

Modified: trunk/vhffs-api/src/Vhffs/Panel/Admin.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Admin.pm	2012-05-08 00:23:32 UTC (rev 2182)
+++ trunk/vhffs-api/src/Vhffs/Panel/Admin.pm	2012-05-10 19:20:35 UTC (rev 2183)
@@ -481,21 +481,17 @@
 	my $user = $panel->{'user'};
 
 	my $username = $cgi->param('user');
-	if(defined $username) {
+	if( defined $username ) {
 		require Vhffs::User;
 		my $user = Vhffs::User::get_by_username( $vhffs, $username );
 		if(defined $user) {
-			$session->clear('username');
-			$session->clear('uid');
-			$session->param('username', $user->get_username);
 			$session->param('uid', $user->get_uid);
 			$session->flush();
+			$panel->{user} = $user;
+			$vhffs->set_current_user( $user );
 
-			$panel->render('misc/message.tt', {
-			  message => gettext( sprintf( 'Su successful with name %s' , $user->get_username) ),
-			  refresh_url => '?do=groupindex'
-			  });
-			return;
+			require Vhffs::Panel::Group;
+			return Vhffs::Panel::Group::index( $panel );
 		}
 
 		$panel->add_error( gettext( sprintf( 'User %s does not exist' , $username) ) );

Modified: trunk/vhffs-api/src/Vhffs/Panel/Auth.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Auth.pm	2012-05-08 00:23:32 UTC (rev 2182)
+++ trunk/vhffs-api/src/Vhffs/Panel/Auth.pm	2012-05-10 19:20:35 UTC (rev 2183)
@@ -64,96 +64,94 @@
 }
 
 sub login {
-
 	my $panel = shift;
-
 	my $vhffs = $panel->{'vhffs'};
 	my $cgi = $panel->{'cgi'};
-	my $loginsubmitted = defined( $cgi->param('login_submit') );
 
-	if( $loginsubmitted ) {
-		# User tried to log in
-		# we try to clean the previous session
-		my $oldsid = $cgi->cookie( CGI::Session::name() );
-		if( defined $oldsid ) {
-			my $oldsession = new CGI::Session(undef, $oldsid, {Directory=>'/tmp'});
-			$oldsession->delete() if defined $oldsession;
+	unless( defined $cgi->param('login_submit') ) {
+		return display_login( $panel );
+	}
+
+	# User tried to log in, we try to clean the previous session
+	my $oldsid = $cgi->cookie( CGI::Session::name() );
+	if( defined $oldsid ) {
+		my $oldsession = new CGI::Session('driver:File', $oldsid, { Directory => '/tmp' });
+		if( defined $oldsession ) {
+			$oldsession->delete();
+			$oldsession->flush(); # Recommended practice says use flush() after delete().
 		}
+	}
 
-		my $username = $cgi->param('username');
-		my $password = $cgi->param('password');
-		my $user = Vhffs::User::get_by_username($vhffs, $username) if defined $username;
+	my $user = Vhffs::User::get_by_username($vhffs, $cgi->param('username') );
+	my $password = $cgi->param('password');
 
-		#Incomplete input
-		unless( defined $username  &&  defined $password  &&  defined $user  &&  $user->check_password( $password ) ) {
-			$panel->add_error( gettext('Login failed !') );
-		} elsif($user->get_status != Vhffs::Constants::ACTIVATED) {
-			$panel->add_error( gettext('User is not active yet') );
-		} else {
-			# Creates the new session
-			my $session = new CGI::Session('driver:File', undef, {Directory=>'/tmp'});
-			unless( defined $session ) {
-				$panel->add_error( gettext('Cannot create or fetch session file, please check that /tmp is readable and writeable') );
-				display_login( $panel );
-				return;
-			}
-			$session->expires('+1h');
-			$session->param('username', $user->get_username);
-			$session->param('uid', $user->get_uid);
+	# Incomplete input
+	unless( defined $user and defined $password and $user->check_password( $password ) ) {
+		$panel->add_error( gettext('Login failed !') );
+		return display_login( $panel );
+	}
 
-			my $sessioncookie = new CGI::Cookie(-name => $session->name, -value => $session->id);
+	unless( $user->get_status == Vhffs::Constants::ACTIVATED ) {
+		$panel->add_error( gettext('User is not active yet') );
+		return display_login( $panel );
+	}
 
-			# Refresh cookies (avoid theme and language loss when user deletes cookies).
-			my $themecookie = new CGI::Cookie( -name=> 'theme', -value=>$user->get_theme, -expires=>'+10y' );
-			my $langcookie = new CGI::Cookie( -name=>'language', -value=>$user->get_lang, -expires=>'+10y' );
+	# Creates the new session
+	my $session = new CGI::Session('driver:File', undef, { Directory => '/tmp' });
+	unless( defined $session ) {
+		$panel->add_error( gettext('Cannot create session file, please check that /tmp is readable and writeable') );
+		return display_login( $panel );
+	}
+	$session->expires('+1h');
+	$session->param('uid', $user->get_uid);
+	$session->flush();
 
-			# Set last login panel to current time
-			$user->update_lastloginpanel;
-			$user->commit;
+	my @cookies;
+	push @cookies, new CGI::Cookie(-name => $session->name, -value => $session->id);
 
-			$panel->redirect('?do=groupindex', [$sessioncookie, $themecookie, $langcookie]);
-		}
-	}
+	# Refresh cookies (avoid theme and language loss when user deletes cookies).
+	push @cookies, new CGI::Cookie( -name=> 'theme', -value=>$user->get_theme, -expires=>'+10y' );
+	push @cookies, new CGI::Cookie( -name=>'language', -value=>$user->get_lang, -expires=>'+10y' );
 
-	display_login( $panel ) if not $loginsubmitted or $panel->has_errors;
+	# Set last login panel to current time
+	$user->update_lastloginpanel;
+	$user->commit;
+
+	$panel->redirect('?do=groupindex', \@cookies);
+	return;
 }
 
 sub logout {
-
 	my $panel = shift;
-
 	my $vhffs = $panel->{'vhffs'};
 	my $cgi = $panel->{'cgi'};
 
-	#clean session
+	# clean session
 	my $oldsid = $cgi->cookie( CGI::Session::name() );
 	if( defined $oldsid )  {
-		my $oldsession = new CGI::Session(undef, $oldsid, {Directory=>'/tmp'});
-		$oldsession->delete();
+		my $oldsession = new CGI::Session('driver:File', $oldsid, { Directory => '/tmp' });
+		if( defined $oldsession ) {
+			$oldsession->delete();
+			$oldsession->flush(); # Recommended practice says use flush() after delete().
+		}
 	}
 
 	$panel->add_info( gettext('You left your VHFFS session!') );
-
-	display_login( $panel );
+	return display_login( $panel );
 }
 
 sub lost {
-
 	my $panel = shift;
-
 	my $vhffs = $panel->{'vhffs'};
 	my $cgi = $panel->{'cgi'};
 
-	my $lostsubmitted = defined( $cgi->param('lost_submit') );
-
-	unless( $lostsubmitted ) {
+	unless( defined $cgi->param('lost_submit') ) {
 		$panel->render('anonymous/lost-password.tt', undef, 'anonymous.tt');
 		return;
 	}
 
 	# username submitted
-	my $username = $cgi->param('username');
-	my $user = Vhffs::User::get_by_username( $vhffs, $username );
+	my $user = Vhffs::User::get_by_username( $vhffs, $cgi->param('username') );
 	if( defined $user and $user->{'state'} == Vhffs::Constants::ACTIVATED )  {
 
 		# create a new password for this user
@@ -173,7 +171,7 @@
 		$user->send_mail_user( $subject, $content );
 
 		$panel->render('anonymous/lost-password-ack.tt',
-		  { message => sprintf( gettext('Please wait %s, a new password will be sent to you in a few minutes...'), $username ) },
+		  { message => sprintf( gettext('Please wait %s, a new password will be sent to you in a few minutes...'), $user->get_username ) },
 		  'anonymous.tt' );
 	}
 	else {

Modified: trunk/vhffs-api/src/Vhffs/Panel.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel.pm	2012-05-08 00:23:32 UTC (rev 2182)
+++ trunk/vhffs-api/src/Vhffs/Panel.pm	2012-05-10 19:20:35 UTC (rev 2183)
@@ -20,8 +20,6 @@
 use Vhffs::Group;
 use Vhffs::Functions;
 use Vhffs::Constants;
-use Vhffs::Panel::User;
-use Vhffs::Panel::Auth;
 
 =pod
 
@@ -258,42 +256,41 @@
 	my $vhffs = $panel->{vhffs};
 	my $cgi = $panel->{cgi};
 
+	require Vhffs::Panel::Auth;
+
 	my $sid = $cgi->cookie( CGI::Session::name() );
 	unless( defined $sid )  {
 		$panel->add_error( gettext('No cookie found, please accept the cookie and then please login again !') );
-		Vhffs::Panel::Auth::display_login( $panel );
-		return undef;
+		return Vhffs::Panel::Auth::display_login( $panel );
 	}
 
-	my $session = new CGI::Session( undef, $sid, {Directory=>'/tmp'} );
+	my $session = new CGI::Session('driver:File', $sid, { Directory => '/tmp' } );
 	unless( defined $session )  {
-		$panel->add_error( gettext('Cannot create or fetch session file, please check that /tmp is readable and writeable') );
-		Vhffs::Panel::Auth::display_login( $panel );
-		return undef;
+		$panel->add_error( gettext('Cannot fetch session file, please check that /tmp is readable and writeable') );
+		return Vhffs::Panel::Auth::display_login( $panel );
 	}
 
-	my $username = $session->param('username');
 	my $uid = $session->param('uid');
-	unless(  defined $username  &&  defined $uid  &&  !$session->is_new()  )  {
+	unless( defined $uid ) {
 		$panel->add_error( gettext('Expired session ! Please login again') );
 		$session->delete();
-		Vhffs::Panel::Auth::display_login( $panel );
-		return undef;
+		$session->flush(); # Recommended practice says use flush() after delete().
+		return Vhffs::Panel::Auth::display_login( $panel );
 	}
 
 	my $user = Vhffs::User::get_by_uid($vhffs, $uid);
 	unless ( defined $user )  {
 		$panel->add_error( gettext('User does not exist') );
 		$session->delete();
-		Vhffs::Panel::Auth::display_login( $panel );
-		return undef;
+		$session->flush(); # Recommended practice says use flush() after delete().
+		return Vhffs::Panel::Auth::display_login( $panel );
 	}
 
 	unless( $user->get_status == Vhffs::Constants::ACTIVATED )  {
 		$panel->add_error( gettext('You\'re are not allowed to browse panel') );
 		$session->delete();
-		Vhffs::Panel::Auth::display_login( $panel );
-		return undef;
+		$session->flush(); # Recommended practice says use flush() after delete().
+		return Vhffs::Panel::Auth::display_login( $panel );
 	}
 
 	$panel->{session} = $session;

Messages sorted by: [ date | thread ]
Prev by Date: [vhffs-dev] [2182] don't display panel title if not set
Next by Date: [vhffs-dev] [2184] get_session should return undef or a session, never a template result
Previous by thread: [vhffs-dev] [2182] don't display panel title if not set
Next by thread: [vhffs-dev] [2184] get_session should return undef or a session, never a template result

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/