Changeset 163 for trunk/dns.cgi

Timestamp:

11/04/11 16:30:51 (12 years ago)

Author:

Kris Deugau

Message:

/trunk

Session management

• expire sessions properly
• remove session ID from login page
• load session timeout value from config file

Remove some more stale comments
Fix centering of login box on login page

File:

• trunk/dns.cgi (modified) (8 diffs)

trunk/dns.cgi

@@ -51 +51 @@
 my %webvar = $q->Vars;
 
+# load some local system defaults (mainly DB connect info)
+# note this is not *absolutely* fatal, since there's a default dbname/user/pass in DNSDB.pm
+# we'll catch a bad DB connect string once we get to trying that
+##fixme:  pass params to loadConfig, and use them there, to allow one codebase to support multiple sites
+if (!loadConfig()) {
+  warn "Using default configuration;  unable to load custom settings: $DNSDB::errstr";
+}
+
 # persistent stuff needed on most/all pages
 my $sid = ($webvar{sid} ? $webvar{sid} : undef);
@@ -59 +67 @@
   # init stuff.  can probably axe this down to just above if'n'when user manipulation happens
   $sid = $session->id();
+  $session->expire($config{timeout});
 # need to know the "upper" group the user can deal with;  may as well
 # stick this in the session rather than calling out to the DB every time.
@@ -78 +87 @@
 # Just In Case.  Stale sessions should not be resurrectable.
 if ($sid ne $session->id()) {
+  $sid = '';
+  changepage(page=> "login", sessexpired => 1);
+}
+
+# normal expiry, more or less
+if ($session->is_expired) {
+  $sid = '';
   changepage(page=> "login", sessexpired => 1);
 }
@@ -139 +155 @@
 my $sortby = "domain";
 my $sortorder = "ASC";
-
-# now load some local system defaults (mainly DB connect info)
-# note this is not *absolutely* fatal, since there's a default dbname/user/pass in DNSDB.pm
-# we'll catch a bad DB connect string a little further down.
-##fixme:  pass params to loadConfig, and use them there, to allow one codebase to support multiple sites
-if (!loadConfig()) {
-  warn "Using default configuration;  unable to load custom settings: $DNSDB::errstr";
-}
 
 ##fixme: quit throwing the database handle around, and put all the SQL and direct DB fiddling into DNSDB.pm
@@ -243 +251 @@
 initPermissions($dbh,$session->param('uid'));
 
-$page->param(sid => $sid);
+$page->param(sid => $sid) unless $webvar{page} eq 'login';      # no session ID on the login page
 
 if ($webvar{page} eq 'login') {
 
   $page->param(loginfailed => 1) if $webvar{loginfailed};
-##fixme:  set up session init to actually *check* for session timeout
-  $page->param(timeout => 1) if $webvar{sesstimeout};
+  $page->param(sessexpired => 1) if $webvar{sessexpired};
 
 } elsif ($webvar{page} eq 'domlist' or $webvar{page} eq 'index') {
@@ -780 +787 @@
 ##fixme: need to clean up log when deleting a major container
       logaction(0, $session->param("username"), $webvar{curgroup}, "Deleted group $deleteme");
-      # success.  go back to the domain list, do not pass "GO"
       changepage(page => "grpman", resultmsg => "Deleted group $deleteme");
     }
@@ -832 +838 @@
 ##fixme  push the SQL and direct database fiddling off into a sub in DNSDB.pm
 ##fixme
-
-##fixme: un-hardcode the limit?
-#  $perpage = 50;
 
   my $sth = $dbh->prepare("SELECT count(*) FROM domains WHERE group_id=?");
@@ -1363 +1366 @@
 
 ##fixme put in some real log-munching stuff
-##fixme need to add bits to *create* log entries...
   my $sql = "SELECT user_id, email, name, entry, date_trunc('second',stamp) FROM log WHERE ";
   my $id = $curgroup;  # we do this because the group log may be called from (almost) any page,