+# PciIds web database
+# Copyright (C) 2008 Michal Vaner (vorner@ucw.cz)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# he Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
package PciIds::Users;
use strict;
use warnings;
sub emailCheck( $$ ) {
my( $email, $tables ) = @_;
my $newmail;
- return 'Does not look like an email address' unless ( ( $newmail ) = ( $email =~ /^([^,? "'`;]+@[^@,?\/ "'`;]+)$/ ) );#make sure the mail is not only reasonable looking, but safe to work with too
+ return 'Does not look like an email address' unless ( ( $newmail ) = ( $email =~ /^([^,? "'`;<>]+@[^@,?\/ "'`;<>]+\.[^@,?\/ "'`;<>]+)$/ ) );#make sure the mail is not only reasonable looking, but safe to work with too
return 'Email too long' if length $newmail > 255;
return 'An account for this email address already exists' if( ( defined $tables ) && $tables->hasEmail( $newmail ) );
return ( undef, $newmail );
$tables->changePasswd( $id, $salted );
}
-sub genAuthToken( $$$$ ) {
- my( $tables, $id, $req, $rights ) = @_;
+sub genAuthToken( $$$$$ ) {
+ my( $tables, $id, $req, $rights, $name ) = @_;
unless( defined $rights ) {#Just logged in
- my $from = $req->connection()->remote_ip();
+ my $from = $req->useragent_ip();
$tables->setLastLog( $id, $from );
$rights = $tables->rights( $id );
}
my $haveRights = scalar @{$rights};
my $time = time;
- my $ip = $req->connection()->remote_ip();
- return "$id:$haveRights:$time:".md5_hex( "$id:$time:$ip:".$config{'authsalt'} );
+ return "$id:$haveRights:$time:".md5_hex( "$id:$time:".$config{'authsalt'} ).":$name";
}
sub checkAuthToken( $$$ ) {
my( $tables, $req, $token ) = @_;
- my( $id, $haveRights, $time, $hex ) = defined( $token ) ? split( /:/, $token ) : ();
- return ( 0, 0, 0, [], "Not logged in" ) unless( defined $hex );
- my $ip = $req->connection()->remote_ip();
- my $expected = md5_hex( "$id:$time:$ip:".$config{'authsalt'} );
+ my( $id, $haveRights, $time, $hex, $name ) = defined( $token ) ? split( /:/, $token ) : ();
+ return ( 0, 0, 0, [], "Not logged in", undef ) unless( defined $hex );
+ my $expected = md5_hex( "$id:$time:".$config{'authsalt'} );
my $actTime = time;
my $tokOk = ( $expected eq $hex );
my $authed = ( $tokOk && ( $time + $config{'authtime'} > $actTime ) );
push @{$rights}, \%r;
}
}
- return ( $authed, $id, $regen, $rights, $authed ? undef : ( $tokOk ? "Login timed out" : "Not logged in x" ) );
+ return ( $authed, $id, $regen, $rights, $authed ? undef : ( $tokOk ? "Login timed out" : "Not logged in" ), $name );
}
sub hasRight( $$ ) {
checkConf( [ 'passwdsalt', 'regmailsalt', 'authsalt' ] );
defConf( { 'authtime' => 2100, 'regenauthtime' => 300 } );
-open PRIVS, $directory."/rights" or die "Could not open privilege definitions\n";
+open PRIVS, $directory."cf/rights" or die "Could not open privilege definitions\n";
foreach( <PRIVS> ) {
my( $num, $name ) = /^(\d+)\s+(.*)$/ or die "Invalid syntax in privileges\n";
$privnames{$num} = $name;