Roxen.git / server / modules / security / auth_httpcookie.pike

version» Context lines:

Roxen.git/server/modules/security/auth_httpcookie.pike:26:   {    if( User u = db->find_user( user ) )    if( u->password_authenticate( password ) )    return u;   }      protected string table;      protected string encode_pw(string p)   { -  return Gmp.mpz( ~p, 256 )->digits( 9 ); +  return Gmp.mpz( ~p, 256 )->digits( 36 );   }      protected string decode_pw( string p )   { -  return ~Gmp.mpz( p, 9 )->digits( 256 ); +  return ~Gmp.mpz( p, 36 )->digits( 256 );   }      protected array(string) low_lookup_cookie( string cookie )   {    array r =    get_my_sql()->query( "SELECT name,password FROM "+    table+" WHERE cookie=%s", cookie );    if( !sizeof( r ) )    return ({0,0});    return ({ decode_pw(r[0]->password), decode_pw( r[0]->name ) });
Roxen.git/server/modules/security/auth_httpcookie.pike:57:    if( cookies[ cookie ] )    return cookies[ cookie ];    cookies[ cookie ] = low_lookup_cookie( cookie );    if( !cookies[cookie][0] )    return m_delete( cookies, cookie );    return cookies[cookie];   }      protected string create_cookie( string u, string p )   { -  int i = (((hash(u) << 32) | hash(p)) << 32) | hash(u+p); -  string c = i->digits(16); +  string c = +  String.string2hex(Crypto.SHA1.hash(COOKIE + u + "\0" + p + COOKIE);    catch(get_my_sql()->query( "INSERT INTO "+table+" " -  "(cookie,name,password) VALUES " -  "(%s,%s,%s)", c, encode_pw(u), encode_pw(p) )); +  "(cookie,name,password,timeout) " +  "VALUES (%s,%s,%s)", +  c, encode_pw(u), encode_pw(p), +  time(1) + 31536000));    return c;   }      User authenticate( RequestID id, UserDB db )   //! Try to authenticate the request with users from the specified user   //! database. If no @[db] is specified, all datbases in the current   //! configuration are searched in order, then the configuration user   //! database.   //!   //! The return value is the autenticated user.
Roxen.git/server/modules/security/auth_httpcookie.pike:136:   void start()   {   #if constant(WS_REPLICATE)    set_my_db( "replicate" );   #endif       table =    get_my_table("",    ({    "cookie varchar(40) PRIMARY KEY NOT NULL", -  "password varchar(40) NOT NULL", -  "name varchar(40) NOT NULL" +  "password varchar(255) NOT NULL", +  "name varchar(255) NOT NULL", +  "timeout int NOT NULL",    }),    "Used to store the information nessesary to "    "authenticate roxen users" ); -  +  +  Sql.Sql sql = get_my_sql(); +  if (!sizeof(sql->query("DESCRIBE " + table + " timeout"))) { +  sql->query("ALTER TABLE " + table + +  " CHANGE password password varchar(255) NOT NULL"); +  sql->query("ALTER TABLE " + table + +  " CHANGE name name varchar(255) NOT NULL"); +  sql->query("ALTER TABLE " + table + +  " ADD timeout int NOT NULL");    } -  +  sql->query("DELETE FROM " + table + " WHERE timeout < %d", +  time()); + }      protected void create()   {    defvar( "user_form", Variable.Text(   #"   <title>Authentication required for REALM</title>   <body alink=\"#000000\" bgcolor=\"#ffffff\" text=\"#000000\">    <form method='POST'>    Username: UNINPUT<br />    Password: PWINPUT<br />    <input type=submit value=' Ok ' />   </form></body>",0,    _(3,"User form"),_(4,"The user/password request form shown to the user")));   }