Changeset 163


Ignore:
Timestamp:
11/04/11 16:30:51 (13 years ago)
Author:
Kris Deugau
Message:

/trunk

Session management

  • expire sessions properly
  • remove session ID from login page
  • load session timeout value from config file

Remove some more stale comments
Fix centering of login box on login page

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/DNSDB.pm

    r160 r163  
    113113                templatedir     => 'templates/',
    114114# fmeh.  this is a real web path, not a logical internal one.  hm..
    115 #               cssdir  => 'templates/';
     115#               cssdir  => 'templates/',
     116
     117                # Session params
     118                timeout         => '3600'       # 1 hour default
    116119        );
    117120
     
    189192      $config{mailsender}       = $1 if /^mailsender\s*=\s*([a-z0-9_.@-]+)/i;
    190193      $config{mailname}         = $1 if /^mailname\s*=\s*([a-z0-9\s_.-]+)/i;
     194      # session - note this is fed directly to CGI::Session
     195      $config{timeout}  = $1 if /^[tT][iI][mM][eE][oO][uU][tT]\s*=\s*(\d+[smhdwMy]?)/;
    191196    }
    192197    close CFG;

  • trunk/dns.cgi

    r162 r163  
    5151my %webvar = $q->Vars;
    5252
     53# load some local system defaults (mainly DB connect info)
     54# note this is not *absolutely* fatal, since there's a default dbname/user/pass in DNSDB.pm
     55# we'll catch a bad DB connect string once we get to trying that
     56##fixme:  pass params to loadConfig, and use them there, to allow one codebase to support multiple sites
     57if (!loadConfig()) {
     58  warn "Using default configuration;  unable to load custom settings: $DNSDB::errstr";
     59}
     60
    5361# persistent stuff needed on most/all pages
    5462my $sid = ($webvar{sid} ? $webvar{sid} : undef);
     
    5967  # init stuff.  can probably axe this down to just above if'n'when user manipulation happens
    6068  $sid = $session->id();
     69  $session->expire($config{timeout});
    6170# need to know the "upper" group the user can deal with;  may as well
    6271# stick this in the session rather than calling out to the DB every time.
     
    7887# Just In Case.  Stale sessions should not be resurrectable.
    7988if ($sid ne $session->id()) {
     89  $sid = '';
     90  changepage(page=> "login", sessexpired => 1);
     91}
     92
     93# normal expiry, more or less
     94if ($session->is_expired) {
     95  $sid = '';
    8096  changepage(page=> "login", sessexpired => 1);
    8197}
     
    139155my $sortby = "domain";
    140156my $sortorder = "ASC";
    141 
    142 # now load some local system defaults (mainly DB connect info)
    143 # note this is not *absolutely* fatal, since there's a default dbname/user/pass in DNSDB.pm
    144 # we'll catch a bad DB connect string a little further down.
    145 ##fixme:  pass params to loadConfig, and use them there, to allow one codebase to support multiple sites
    146 if (!loadConfig()) {
    147   warn "Using default configuration;  unable to load custom settings: $DNSDB::errstr";
    148 }
    149157
    150158##fixme: quit throwing the database handle around, and put all the SQL and direct DB fiddling into DNSDB.pm
     
    243251initPermissions($dbh,$session->param('uid'));
    244252
    245 $page->param(sid => $sid);
     253$page->param(sid => $sid) unless $webvar{page} eq 'login';      # no session ID on the login page
    246254
    247255if ($webvar{page} eq 'login') {
    248256
    249257  $page->param(loginfailed => 1) if $webvar{loginfailed};
    250 ##fixme:  set up session init to actually *check* for session timeout
    251   $page->param(timeout => 1) if $webvar{sesstimeout};
     258  $page->param(sessexpired => 1) if $webvar{sessexpired};
    252259
    253260} elsif ($webvar{page} eq 'domlist' or $webvar{page} eq 'index') {
     
    780787##fixme: need to clean up log when deleting a major container
    781788      logaction(0, $session->param("username"), $webvar{curgroup}, "Deleted group $deleteme");
    782       # success.  go back to the domain list, do not pass "GO"
    783789      changepage(page => "grpman", resultmsg => "Deleted group $deleteme");
    784790    }
     
    832838##fixme  push the SQL and direct database fiddling off into a sub in DNSDB.pm
    833839##fixme
    834 
    835 ##fixme: un-hardcode the limit?
    836 #  $perpage = 50;
    837840
    838841  my $sth = $dbh->prepare("SELECT count(*) FROM domains WHERE group_id=?");
     
    13631366
    13641367##fixme put in some real log-munching stuff
    1365 ##fixme need to add bits to *create* log entries...
    13661368  my $sql = "SELECT user_id, email, name, entry, date_trunc('second',stamp) FROM log WHERE ";
    13671369  my $id = $curgroup;  # we do this because the group log may be called from (almost) any page,

  • trunk/templates/dns.css

    r146 r163  
    3333}
    3434
    35 table.login {
    36         text-align: center;
    37         border: thin solid #000000;
    38         background-color: #CCCCFF;
    39 }
    4035table.list {
    4136        background-color: #F0F0F0;
     
    231226}
    232227#login {
    233         margin-top: 50px;
    234         margin-bottom: 50px;
     228        margin: 50px auto;
    235229        padding: 3px;
    236230        border: thin solid #000000;

  • trunk/templates/login.tmpl

    r125 r163  
    22<fieldset>
    33<input type="hidden" name="action" value="login" />
    4 <input type="hidden" name="sid" value="<TMPL_VAR NAME=sid>" />
    54<input type="hidden" name="page" value="login" />
    65
Note: See TracChangeset for help on using the changeset viewer.