Changeset 163 for trunk/dns.cgi


Ignore:
Timestamp:
11/04/11 16:30:51 (13 years ago)
Author:
Kris Deugau
Message:

/trunk

Session management

  • expire sessions properly
  • remove session ID from login page
  • load session timeout value from config file

Remove some more stale comments
Fix centering of login box on login page

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/dns.cgi

    r162 r163  
    5151my %webvar = $q->Vars;
    5252
     53# load some local system defaults (mainly DB connect info)
     54# note this is not *absolutely* fatal, since there's a default dbname/user/pass in DNSDB.pm
     55# we'll catch a bad DB connect string once we get to trying that
     56##fixme:  pass params to loadConfig, and use them there, to allow one codebase to support multiple sites
     57if (!loadConfig()) {
     58  warn "Using default configuration;  unable to load custom settings: $DNSDB::errstr";
     59}
     60
    5361# persistent stuff needed on most/all pages
    5462my $sid = ($webvar{sid} ? $webvar{sid} : undef);
     
    5967  # init stuff.  can probably axe this down to just above if'n'when user manipulation happens
    6068  $sid = $session->id();
     69  $session->expire($config{timeout});
    6170# need to know the "upper" group the user can deal with;  may as well
    6271# stick this in the session rather than calling out to the DB every time.
     
    7887# Just In Case.  Stale sessions should not be resurrectable.
    7988if ($sid ne $session->id()) {
     89  $sid = '';
     90  changepage(page=> "login", sessexpired => 1);
     91}
     92
     93# normal expiry, more or less
     94if ($session->is_expired) {
     95  $sid = '';
    8096  changepage(page=> "login", sessexpired => 1);
    8197}
     
    139155my $sortby = "domain";
    140156my $sortorder = "ASC";
    141 
    142 # now load some local system defaults (mainly DB connect info)
    143 # note this is not *absolutely* fatal, since there's a default dbname/user/pass in DNSDB.pm
    144 # we'll catch a bad DB connect string a little further down.
    145 ##fixme:  pass params to loadConfig, and use them there, to allow one codebase to support multiple sites
    146 if (!loadConfig()) {
    147   warn "Using default configuration;  unable to load custom settings: $DNSDB::errstr";
    148 }
    149157
    150158##fixme: quit throwing the database handle around, and put all the SQL and direct DB fiddling into DNSDB.pm
     
    243251initPermissions($dbh,$session->param('uid'));
    244252
    245 $page->param(sid => $sid);
     253$page->param(sid => $sid) unless $webvar{page} eq 'login';      # no session ID on the login page
    246254
    247255if ($webvar{page} eq 'login') {
    248256
    249257  $page->param(loginfailed => 1) if $webvar{loginfailed};
    250 ##fixme:  set up session init to actually *check* for session timeout
    251   $page->param(timeout => 1) if $webvar{sesstimeout};
     258  $page->param(sessexpired => 1) if $webvar{sessexpired};
    252259
    253260} elsif ($webvar{page} eq 'domlist' or $webvar{page} eq 'index') {
     
    780787##fixme: need to clean up log when deleting a major container
    781788      logaction(0, $session->param("username"), $webvar{curgroup}, "Deleted group $deleteme");
    782       # success.  go back to the domain list, do not pass "GO"
    783789      changepage(page => "grpman", resultmsg => "Deleted group $deleteme");
    784790    }
     
    832838##fixme  push the SQL and direct database fiddling off into a sub in DNSDB.pm
    833839##fixme
    834 
    835 ##fixme: un-hardcode the limit?
    836 #  $perpage = 50;
    837840
    838841  my $sth = $dbh->prepare("SELECT count(*) FROM domains WHERE group_id=?");
     
    13631366
    13641367##fixme put in some real log-munching stuff
    1365 ##fixme need to add bits to *create* log entries...
    13661368  my $sql = "SELECT user_id, email, name, entry, date_trunc('second',stamp) FROM log WHERE ";
    13671369  my $id = $curgroup;  # we do this because the group log may be called from (almost) any page,
Note: See TracChangeset for help on using the changeset viewer.