Roxen.git / server / modules / security / auth_httpcookie.pike

version» Context lines:

Roxen.git/server/modules/security/auth_httpcookie.pike:60:    if( !cookies[cookie][0] )    return m_delete( cookies, cookie );    return cookies[cookie];   }      protected string create_cookie( string u, string p )   {    string c =    String.string2hex(Crypto.SHA1.hash(COOKIE + u + "\0" + p + COOKIE);    catch(get_my_sql()->query( "INSERT INTO "+table+" " -  "(cookie,name,password) VALUES " -  "(%s,%s,%s)", c, encode_pw(u), encode_pw(p) )); +  "(cookie,name,password,timeout) " +  "VALUES (%s,%s,%s)", +  c, encode_pw(u), encode_pw(p), +  time(1) + 31536000));    return c;   }      User authenticate( RequestID id, UserDB db )   //! Try to authenticate the request with users from the specified user   //! database. If no @[db] is specified, all datbases in the current   //! configuration are searched in order, then the configuration user   //! database.   //!   //! The return value is the autenticated user.
Roxen.git/server/modules/security/auth_httpcookie.pike:136:   void start()   {   #if constant(WS_REPLICATE)    set_my_db( "replicate" );   #endif       table =    get_my_table("",    ({    "cookie varchar(40) PRIMARY KEY NOT NULL", -  "password varchar(40) NOT NULL", -  "name varchar(40) NOT NULL" +  "password varchar(255) NOT NULL", +  "name varchar(255) NOT NULL", +  "timeout int NOT NULL",    }),    "Used to store the information nessesary to "    "authenticate roxen users" ); -  +  +  Sql.Sql sql = get_my_sql(); +  if (!sizeof(sql->query("DESCRIBE " + table + " timeout"))) { +  sql->query("ALTER TABLE " + table + +  " CHANGE password password varchar(255) NOT NULL"); +  sql->query("ALTER TABLE " + table + +  " CHANGE name name varchar(255) NOT NULL"); +  sql->query("ALTER TABLE " + table + +  " ADD timeout int NOT NULL");    } -  +  sql->query("DELETE FROM " + table + " WHERE timeout < %d", +  time()); + }      protected void create()   {    defvar( "user_form", Variable.Text(   #"   <title>Authentication required for REALM</title>   <body alink=\"#000000\" bgcolor=\"#ffffff\" text=\"#000000\">    <form method='POST'>    Username: UNINPUT<br />    Password: PWINPUT<br />    <input type=submit value=' Ok ' />   </form></body>",0,    _(3,"User form"),_(4,"The user/password request form shown to the user")));   }