Changeset 26 for trunk


Ignore:
Timestamp:
11/05/09 15:40:13 (15 years ago)
Author:
Kris Deugau
Message:

/trunk

checkpoint

  • move login redirect to after the database init so we can check users against the database
  • add basic login handling
  • tweak listings and loops to restrict access to domains/groups outside the group tree of the logged in user
Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/dns.cgi

    r25 r26  
    5353my $group = ($webvar{group} ? $webvar{group} : 1);
    5454
    55 # handle login redirect
    56 if ($webvar{action} && $webvar{action} eq 'login') {
    57   ##fixme:  need to actually do a user/pass check
    58   changepage(page => "domlist");
    59 }
     55# nrgh, can't handle login here because we don't have a database handle to check the user/pass with yet
    6056
    6157if ($webvar{action} && $webvar{action} eq 'chgroup') {
     
    8783# fiddle hardcoded "defaults" as per system/user (?) prefs
    8884initGlobals($dbh);
     85
     86# handle login redirect
     87if ($webvar{action} && $webvar{action} eq 'login') {
     88  my $sth = $dbh->prepare("SELECT user_id,group_id,password,firstname,lastname FROM users WHERE username=?");
     89  $sth->execute($webvar{username});
     90  my ($uid,$gid,$pass,$fname,$lname) = $sth->fetchrow_array;
     91  $webvar{loginfailed} = 1 if !defined($uid);
     92  $webvar{loginfailed} = 1 if $pass ne $webvar{password};
     93
     94  # set session bits
     95  $session->param('logingroup',$gid);
     96  $session->param('curgroup',$gid);
     97
     98  changepage(page => "domlist") if !defined($webvar{loginfailed});
     99}
    89100
    90101## Default page is a login page
     
    104115$page->param(sid => $sid);
    105116
    106 if ($webvar{page} eq 'domlist' or $webvar{page} eq 'index') {
     117if ($webvar{page} eq 'login') {
     118
     119  $page->param(loginfailed => 1) if $webvar{loginfailed};
     120##fixme:  set up session init to actually *check* for session timeout
     121  $page->param(timeout => 1) if $webvar{sesstimeout};
     122
     123} elsif ($webvar{page} eq 'domlist' or $webvar{page} eq 'index') {
    107124
    108125# hmm.  seeing problems in some possibly-not-so-corner cases.
     
    774791
    775792sub listgroups {
    776   my $sth = $dbh->prepare("select count(*) from groups");
     793  my @childgroups;
     794  getChildren($dbh, $logingroup, \@childgroups, 'all');
     795  my $childlist = join(',',@childgroups);
     796
     797  my $sql = "SELECT count(*) FROM groups WHERE group_id IN ($logingroup".($childlist ? ",$childlist" : '').")";
     798  my $sth = $dbh->prepare($sql);
     799
    777800  $sth->execute;
    778801  my ($count) = ($sth->fetchrow_array);
    779 
    780802# fill page count and first-previous-next-last-all bits
    781803##fixme - hardcoded group bit
     
    785807  my @grouplist;
    786808  $sth = $dbh->prepare("SELECT g.group_id, g.group_name, g2.group_name, ".
    787         "count(distinct(u.email)), count(distinct(d.domain)) ".
     809        "count(distinct(u.username)), count(distinct(d.domain)) ".
    788810        "FROM groups g ".
    789811        "INNER JOIN groups g2 ON g2.group_id=g.parent_group_id ".
    790812        "LEFT OUTER JOIN users u ON u.group_id=g.group_id ".
    791813        "LEFT OUTER JOIN domains d ON d.group_id=g.group_id ".
     814        "WHERE g.group_id IN ($logingroup".($childlist ? ",$childlist" : '').") ".
    792815        "GROUP BY g.group_id, g.group_name, g2.group_name ".
    793816        "ORDER BY g.group_id".($offset eq 'all' ? '' : " LIMIT $perpage OFFSET ".$offset*$perpage));
     
    813836  my $template_var = shift;
    814837  my $cur = shift || $curgroup;
     838
     839  my @childgroups;
     840  getChildren($dbh, $logingroup, \@childgroups, 'all');
     841  my $childlist = join(',',@childgroups);
     842
    815843  # weesa gonna discard parent_group_id for now
    816   my $sth = $dbh->prepare("SELECT group_id,parent_group_id,group_name FROM groups ORDER BY group_id");
     844  my $sth = $dbh->prepare("SELECT group_id,parent_group_id,group_name FROM groups ".
     845        "WHERE group_id IN ($logingroup".($childlist ? ",$childlist" : '').")".
     846        "ORDER BY group_id");
    817847  $sth->execute;
    818848  my @grouplist;
     
    830860
    831861} # end fill_grouplist()
     862
    832863
    833864sub list_users {
  • trunk/templates/login.tmpl

    r2 r26  
    11<center>
    22<table id="login">
     3<TMPL_IF NAME=loginfailed><tr><td colspan=2 class="errmsg" align="center">Error logging in:  Invalid username or password</td></tr></TMPL_IF>
    34<tr><td colspan=2 class="title" align="center">Please log in:</td></tr>
    45<form method="POST" action="dns.cgi">
    56<input type="hidden" name="action" value="login">
    67<input type="hidden" name="sid" value="<TMPL_VAR NAME=sid>">
    7 <input type="hidden" name="page" value="domlist">
    8 <tr><td class="inputlabel">Email Address:</td><td><input type="text" name="email"></td></tr>
     8<input type="hidden" name="page" value="login">
     9<tr><td class="inputlabel">Username:</td><td><input type="text" name="username"></td></tr>
    910<tr><td class="inputlabel">Password:</td><td><input type="password" name="password"></td></tr>
    1011<tr><td colspan=2 class="tblsubmit" align="right"><input type="submit" value="Login"></td></tr>
Note: See TracChangeset for help on using the changeset viewer.