Change to community logins
От | Magnus Hagander |
---|---|
Тема | Change to community logins |
Дата | |
Msg-id | 46BF0283.1040606@hagander.net обсуждение исходный текст |
Ответы |
Re: Change to community logins
("Joshua D. Drake" <jd@commandprompt.com>)
|
Список | pgsql-www |
I've done some minor hacking on some changes to the community login system, based on nagging (eh, sorry, feedback) from mainly JD ;-) Specifically, not using http auth, but instead using forms auth and a session cookie. This is so we can eventually have a separate login link for those who don't understand systems that ask you to login only when a login is necessary. It will also make it possible to have pages change depending on if you're logged in or not - but that requires code to run on wwwmaster, which we're trying to avoid, so I'm not sure much of that will happen... Anyway. Attached is a patch that does this, you can test the system out on http://magnus-master.pgadmin.org. Thoughts and comments? //Magnus Index: handler.php =================================================================== RCS file: /usr/local/cvsroot/pgweb/portal/system/handler.php,v retrieving revision 1.20 diff -c -r1.20 handler.php *** handler.php 12 Mar 2007 14:51:43 -0000 1.20 --- handler.php 12 Aug 2007 12:45:05 -0000 *************** *** 25,30 **** --- 25,35 ---- require_once './global/settings.php'; + // Override config that really must be set + ini_set('session.use_cookies','1'); + ini_set('session.use_only_cookies','1'); + + try { if (isset($_GET['page']) && $_GET['page'] == 'submitthanks') { // Special case. Ugly, but backwards compatible ;-) Index: form/login.php =================================================================== RCS file: form/login.php diff -N form/login.php *** /dev/null 1 Jan 1970 00:00:00 -0000 --- form/login.php 12 Aug 2007 12:45:05 -0000 *************** *** 0 **** --- 1,54 ---- + <?php + class Form_Login extends PgForm { + function __construct() { + $this->title = 'Community login'; + } + + function SetupForm() { + $this->form->addElement('static', null, null, gettext("Accessing this resource requires a community login. Moretext to go here in a bit")); + if (isset($_GET['badpwd']) && $_GET['badpwd'] == '1') { + $this->form->addElement('static', null, null, '<font color="red">' . gettext("Userid or password was incorrect.Please try again.") . '</font>'); + } + + $this->form->addElement('text', 'userid', gettext("Userid:"), array('size' => 40, 'maxlength' => 100)); + $this->form->addElement('password', 'password', gettext("Password:"), array('size' => 40, 'maxlength' => 100)); + $this->form->addElement('hidden', 'p', isset($_GET['p'])?$_GET['p']:''); + + // Make the fields required + $this->form->addRule('userid', gettext("The userid is required."), 'required', null, 'client'); + $this->form->addRule('password', gettext("The password is required."), 'required', null, 'client'); + } + + function ProcessForm($f) { + global $_SETTINGS; + + $rs = $this->pg_query_params("SELECT userid,fullname,email,authorblurb,communitydoc_superuser FROM users WHEREuserid=$1 AND password=$2", array($f['userid'], $f['password'])); + if (pg_num_rows($rs) != 1) { + if (isset($f['p'])) { + header('Location: /login?badpwd=1&p=' . urlencode($f['p'])); + } + else { + header('Location: /login?badpwd=1'); + } + exit(0); + } + + session_start(); + $this->userinfo = pg_fetch_assoc($rs); + foreach ($this->userinfo as $key=>$val) { + $_SESSION[$key] = $val; + } + $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; + if ($f['p']) { + header('Location: ' . $f['p']); + } + else { + header('Location: /'); + } + exit(0); + } + + function RenderThanks() { + } + } + ?> Index: global/dispatcher.php =================================================================== RCS file: /usr/local/cvsroot/pgweb/portal/system/global/dispatcher.php,v retrieving revision 1.2 diff -c -r1.2 dispatcher.php *** global/dispatcher.php 26 Apr 2007 13:23:08 -0000 1.2 --- global/dispatcher.php 12 Aug 2007 12:45:05 -0000 *************** *** 51,56 **** --- 51,57 ---- case 'docs/techdocs': return new Page_CommunityDocs('docs',$pargs[0],0,count($pargs)>1?$pargs[1]:null); case 'download/mirrors-ftp': return new Page_Mirrors(); case 'developer/ext': return new Page_FAQ($pargs[1],'developer'); + case 'login': return new Form_Login(); case 'search': return new Page_Search(); case 'support/newprof': return new Form_NewProfService(); case 'support/submitbug': return new Form_SubmitBug(); Index: global/pgpage.php =================================================================== RCS file: /usr/local/cvsroot/pgweb/portal/system/global/pgpage.php,v retrieving revision 1.4 diff -c -r1.4 pgpage.php *** global/pgpage.php 12 Mar 2007 16:00:46 -0000 1.4 --- global/pgpage.php 12 Aug 2007 12:45:06 -0000 *************** *** 190,224 **** } function ValidateLogin() { ! if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) ! { ! $u = $_SERVER['PHP_AUTH_USER']; ! $p = $_SERVER['PHP_AUTH_PW']; ! ! if ($u != pg_escape_string($u)) ! throw new Exception('Invalid character in username'); ! $res = $this->pg_query_params("SELECT userid,fullname,email,authorblurb,communitydoc_superuser FROM users WHEREuserid=$1 AND password=$2", array($u, $p)); ! if (pg_num_rows($res) == 1) ! { ! // Both user and password matched, so return. ! $this->userinfo = pg_fetch_assoc($res); ! return true; } - // Otherwise, fall-through to requiring authentication again - } ! // Indicate we need a login ! header('HTTP/1.0 401 Unauthorized'); ! header('WWW-Authenticate: Basic realm="PostgreSQL Community Login"'); ! // Build a login page using our templates, if we can ! $pgpnew = new Page_Static('community/requirelogin'); ! $pgpnew->SetLanguage($this->language, $this->language_direction); ! $pgpnew->PreRender(); ! $pgpnew->DoRender(); ! $pgpnew->Show(); ! exit(0); } } --- 190,218 ---- } function ValidateLogin() { ! session_start(); ! if ($this->check_login()) { ! return; ! } ! // User not authenticated, redirect to login form ! header('Location: /login?p=' . $this->url); ! exit(0); ! } ! function check_login() { ! if (isset($_SESSION['userid'])) { ! if ($_SESSION['ip'] != $_SERVER['REMOTE_ADDR']) { ! // Different IP, so require a login again ! return false; } ! // Copy the whole session - easier that way ! $this->userinfo = $_SESSION; ! return true; // Authentication succeeded ! } ! // No session = not logged in ! return false; } }
В списке pgsql-www по дате отправления: