[Mapbender-commits] r5946 - in branches/3_dev: core/lib http/frames
http/plugins
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Mon Apr 12 07:22:29 EDT 2010
Author: christoph
Date: 2010-04-12 07:22:27 -0400 (Mon, 12 Apr 2010)
New Revision: 5946
Modified:
branches/3_dev/core/lib/class_User.php
branches/3_dev/http/frames/index.php
branches/3_dev/http/frames/login.php
branches/3_dev/http/plugins/mb_loginForm.js
branches/3_dev/http/plugins/mb_login_server.php
Log:
Modified: branches/3_dev/core/lib/class_User.php
===================================================================
--- branches/3_dev/core/lib/class_User.php 2010-04-12 10:27:23 UTC (rev 5945)
+++ branches/3_dev/core/lib/class_User.php 2010-04-12 11:22:27 UTC (rev 5946)
@@ -473,26 +473,24 @@
}
- /*
- * tries to initialize a userobject by Name
- * @return A user Object
- * @param $name the name of the user to find
- */
-
+ /**
+ * tries to initialize a userobject by Name
+ * @return A user Object
+ * @param $name the name of the user to find
+ */
public static function byName($name) {
- if($name == null) { return new User(null); }
-
- $sql_user = "SELECT mb_user_id FROM mb_user WHERE mb_user_name = '$name'";
- $res_user = db_query($sql_user);
- if($row = db_fetch_array($res_user))
- {
- $user = new User($row['mb_user_id']);
- $user->load();
- return $user;
- }
- return null;
-
+ if ($name == null) {
+ return new User(null);
+ }
+ $sql_user = "SELECT mb_user_id FROM mb_user WHERE mb_user_name = $1";
+ $res_user = db_prep_query($sql_user, array($name), array("s"));
+ if ($row = db_fetch_array($res_user)) {
+ $user = new User($row['mb_user_id']);
+ $user->load();
+ return $user;
+ }
+ return null;
}
/**
Modified: branches/3_dev/http/frames/index.php
===================================================================
--- branches/3_dev/http/frames/index.php 2010-04-12 10:27:23 UTC (rev 5945)
+++ branches/3_dev/http/frames/index.php 2010-04-12 11:22:27 UTC (rev 5946)
@@ -72,15 +72,11 @@
$gui_id = DEFAULT_APPLICATION;
$firephp->log("Using default application: " . $gui_id);
}
-$firephp->log($user);
include dirname(__FILE__)."/../../conf/session.conf";
Mapbender::session()->set("mb_user_gui", $gui_id);
Mapbender::session()->set("mb_user_guis", $user->getApplicationsByPermission());
-//require_once dirname(__FILE__)."/../../core/validateSession.php";
-
-// what if there is no PUBLIC_USER or DEFAULT_APPLICATION?
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
Modified: branches/3_dev/http/frames/login.php
===================================================================
--- branches/3_dev/http/frames/login.php 2010-04-12 10:27:23 UTC (rev 5945)
+++ branches/3_dev/http/frames/login.php 2010-04-12 11:22:27 UTC (rev 5946)
@@ -5,272 +5,87 @@
# and Simplified BSD license.
# http://svn.osgeo.org/mapbender/trunk/mapbender/license/license.txt
-require_once(dirname(__FILE__)."/../../core/globalSettings.php");
+require_once(dirname(__FILE__)."/../../conf/mapbender.conf");
+require_once(dirname(__FILE__)."/../../core/lib/class_Mapbender.php");
require_once(dirname(__FILE__)."/../../core/lib/class_Session.php");
+require_once(dirname(__FILE__)."/../../core/lib/class_Database.php");
require_once(dirname(__FILE__)."/../../core/lib/class_User.php");
-function mb_getGUIs ($userId) {
- $user = new User($userId);
- if (!is_null($user)) {
- return $user->getApplicationsByPermission();
+function redirectToApplication ($session = false, $appName = DEFAULT_APPLICATION) {
+ $param = array();
+ if ($session !== false) {
+ $param[]= session_name() . "=" . session_id();
}
- return array();
-}
+ $param[]= "gui_id=" . urlencode($appName);
+ $url = $_SERVER["HTTP_HOST"] . dirname($_SERVER["PHP_SELF"]) . "/index.php?" . implode("&", $param);
-function mb_listGUIs($arrayGUIs){
- if(count($arrayGUIs) === 0) {
- echo "<h1>Error</h1>";
- echo "<p>There are no GUIs available for this user.</p>";
- printf("<p><a href=\"../php/mod_logout.php?%s\"><img src=\"../img/button_gray/logout_off.png\" onmouseover=\"this.src='../img/button_gray/logout_over.png'\" onmouseout=\"this.src='../img/button_gray/logout_off.png'\" title=\"Logout\"></a></p>",SID);
- return;
+ session_write_close();
+ if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
+ header ("Location: https://".$url);
}
-
- $user = new User(Mapbender::session()->get('mb_user_id'));
- $result = $user->getGuiCategoryList($arrayGUIs);
-
- $category = NULL;
- echo "<h1><font align='left' color='#000000'>Ma</font><font color='#0000CE'>p</font><font color='#C00000'>b</font><font color='#000000'>ender </font> - "._mb('available Applications')."</h1>";
- printf("<p><a href=\"../php/mod_logout.php?%s\"><img src=\"../img/button_gray/logout_off.png\" onmouseover=\"this.src='../img/button_gray/logout_over.png'\" onmouseout=\"this.src='../img/button_gray/logout_off.png'\" title=\"Logout\"></a></p>",SID);
- echo "\n<div id=\"cat_tabs\">";
- echo "<ul>";
- $total_guis = 0;
- $total_cats = 0;
- $divString = "\t<div>";
- foreach ($result as $row){
- if($category !== $row["category_name"]) {
- $category = $row["category_name"];
- /* first echo the tab div with the tab <ul>'s */
- echo "\t<li><a href=\"#cat_tabs-$total_cats\"";
- if(strlen($row["category_description"]) > 0) {
- printf(" title=\"%s\"",$row["category_description"]);
- } else {
- printf(" title=\"%s\"","");
- }
- echo ">";
- if(strlen($row["category_name"]) > 0) {
- echo $category;
- }
- else {
- echo _mb("ohne Katgeorie");
- }
- echo "</a></li>\n";
- /* then concatenate a string containing the tab div's content */
- $divString .= "\t</div>\n\t<div id=\"cat_tabs-$total_cats\">\n";
- $total_cats++;
-
- }
-
- $class = ($total_guis %2 === 0) ? " class=\"alternate\"" : NULL;
- $url = sprintf("index.php?%s&gui_id=%s",strip_tags(SID),$row["gui_id"]);
- $divString .= "\t\t<p><a href=\"$url\"><strong>".$row["gui_name"]."</strong> - <em>".$row["gui_description"]."</em></a></p>\n";
- $total_guis++;
-
+ else {
+ header ("Location: http://".$url);
}
- echo "</ul>\n";
- echo $divString."\n</div>";
+ die;
}
-function auth_user($name,$pw){
- $setEncPw = false;
- $sql = "SELECT * FROM mb_user WHERE mb_user_name = $1 AND mb_user_password = $2";
- $v = array($name,md5($pw));
- $t = array('s','s');
- $res = db_prep_query($sql,$v,$t);
- if($row = db_fetch_array($res)){
- return $row;
- }
- else if(SYS_DBTYPE == 'pgsql' && $setEncPw == true){
- // unencrypted pw in postgres without md5-support?
- $sql = "SELECT * FROM mb_user WHERE mb_user_name = $1 AND mb_user_password = $2";
- $v = array($name,$pw);
- $t = array('s','s');
- $resn = db_prep_query($sql,$v,$t);
- if($rown = db_fetch_array($resn)){
- $sqlu = "UPDATE mb_user SET mb_user_password = $1 WHERE mb_user_id = $2";
- $vu = array(md5($pw),$rown["mb_user_id"]);
- $tu = array('s','i');
- $rowu = db_prep_query($sqlu,$vu,$tu);
- return $rown;
- }
- }
- else if(SYS_DBTYPE == 'mysql' && $setEncPw == true){
- $sql = "SELECT * FROM mb_user WHERE mb_user_name = $1 AND mb_user_password = password($2)";
- $v = array($name,$pw);
- $resn = db_prep_query($sql,$v,$t);
- if($rown = db_fetch_array($resn)){
- $sqlu = "UPDATE mb_user SET mb_user_password = $1 WHERE mb_user_id = $2";
- $vu = array(md5($pw),$rown["mb_user_id"]);
- $tu = array('s','i');
- $rowu = db_prep_query($sqlu,$vu,$tu);
- return $rown;
- }
- }
-}
-function setSession(){
- session_start();
- session_write_close();
-}
-function killSession(){
- Mapbender::session()->kill();
-}
-?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<!--
- License:
- Copyright (c) 2009, Open Source Geospatial Foundation
- This program is dual licensed under the GNU General Public License
- and Simplified BSD license.
- http://svn.osgeo.org/mapbender/trunk/mapbender/license/license.txt
--->
-<meta http-equiv="cache-control" content="no-cache">
-<meta http-equiv="pragma" content="no-cache">
-<meta http-equiv="expires" content="0">
-<META http-equiv="Content-Style-Type" content="text/css">
-<META http-equiv="Content-Script-Type" content="text/javascript">
-<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET;?>">
-<title>Login</title>
- <link type="text/css" href="../extensions/jquery-ui-1.8.custom/development-bundle/themes/base/jquery.ui.all.css" rel="stylesheet" />
- <script type="text/javascript" src="../extensions/jquery-ui-1.8.custom/development-bundle/jquery-1.4.2.js"></script>
- <script type="text/javascript" src="../extensions/jquery-ui-1.8.custom/development-bundle/external/jquery.bgiframe-2.1.1.js"></script>
- <script type="text/javascript" src="../extensions/jquery-ui-1.8.custom/development-bundle/ui/jquery.ui.core.js"></script>
-
- <script type="text/javascript" src="../extensions/jquery-ui-1.8.custom/development-bundle/ui/jquery.ui.widget.js"></script>
- <script type="text/javascript" src="../extensions/jquery-ui-1.8.custom/development-bundle/ui/jquery.ui.mouse.js"></script>
- <script type="text/javascript" src="../extensions/jquery-ui-1.8.custom/development-bundle/ui/jquery.ui.draggable.js"></script>
- <script type="text/javascript" src="../extensions/jquery-ui-1.8.custom/development-bundle/ui/jquery.ui.position.js"></script>
- <script type="text/javascript" src="../extensions/jquery-ui-1.8.custom/development-bundle/ui/jquery.ui.resizable.js"></script>
- <script type="text/javascript" src="../extensions/jquery-ui-1.8.custom/development-bundle/ui/jquery.ui.dialog.js"></script>
- <script type="text/javascript" src="../extensions/jquery-ui-1.8.custom/development-bundle/ui/jquery.ui.tabs.js"></script>
-<?php
-echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../css/login.css\">";
$name = $_REQUEST["name"];
$password = $_REQUEST["password"];
-if(!isset($name) || $name == ''){
- echo <<<HTML
-<script type='text/javascript'>
- <!--
- function setFocus() {
- if(document.loginForm){
- document.loginForm.name.focus();
- }
- }
- // -->
-</script>
-HTML;
+if (!isset($name) || $name == '' || !isset($password) || $password == '') {
+ Mapbender::session()->kill();
+ redirectToApplication();
}
-else{
- echo <<<HTML
-<script type='text/javascript'>
- <!--
- function setFocus(){
- if(document.loginForm){
- document.loginForm.password.focus();
- }
- }
- // -->
-</script>
-HTML;
-}
-echo <<<HTML
-<script type='text/javascript'>
- <!--
- $(document).ready(function() {
- $("#cat_tabs").tabs();
- });
-
- // -->
-</script>
-HTML;
-echo "</head>";
-echo "<body onload='setFocus()'>";
+if (isset($name) && $name != '' && isset($password) && $password != '') {
+ //
+ // establish database connection
+ //
+ $con = db_connect($DBSERVER, $OWNER, $PW);
+ db_select_db(DB, $con);
-if(!isset($name) || $name == '' || !isset($password) || $password == ''){
- killSession();
- echo "<form name='loginForm' action ='" . $PHP_SELF . "' method='POST'>";
- echo "<table>";
- echo "<tr><td>" . _mb("Name") . ": </td><td><input type='text' name='name' class='login_text' value=''></td></tr>";
- echo "<tr><td>" . _mb("Password") . ": </td><td><input type='password' name='password' class='login_text'></td></tr>";
- echo "<tr><td></td><td><input type='submit' class='myButton' value='login' title='anmelden'>";
- echo " <a href='../frames/forgottenPassword.php' title='" .
- _mb("Forgot your password?") . "' target='_blank'>" .
- _mb("Forgot your password?") . "</a>";
- echo "</td></tr></table>";
- echo "</form>";
-}
-if(isset($name) && $name != '' && isset($password) && $password != ''){
- $sql_count = "SELECT mb_user_login_count FROM mb_user WHERE mb_user_name = $1";
- $params = array($name);
- $types = array('s');
- $res_count = db_prep_query($sql_count,$params,$types);
- if($row = db_fetch_array($res_count)){
- if($row["mb_user_login_count"] > MAXLOGIN){
- echo "Permission denied. Login failed ".MAXLOGIN." times. Your account has been deactivated. Please contact your administrator!";
- die;
- }
+ $user = User::byName($name);
+ if (is_null($user)) {
+ Mapbender::session()->kill();
+ redirectToApplication();
}
+
+ if ($user->loginCountExceeded()) {
+ echo _mb("Permission denied. Login failed %s times. Your account has been deactivated. Please contact your administrator!", MAXLOGIN);
+ die;
+ }
- $row = auth_user($name, $password);
+ // try to log in
+ $authenticatedUser = User::getByNameAndPassword($name, $password);
// if given user data is found in database, set session data (db_fetch_array returns false if no row is found)
- if($row){
- setSession();
+ if (!is_null($authenticatedUser)) {
+ session_start();
include(dirname(__FILE__)."/../../conf/session.conf");
- }
- if(Mapbender::session()->get("mb_user_id")){
- if($row["mb_user_login_count"] <= MAXLOGIN){
- $sql_del_cnt = "UPDATE mb_user SET mb_user_login_count = 0 WHERE mb_user_id = $1";
- $v = array(Mapbender::session()->get('mb_user_id'));
- $t = array("i");
- db_prep_query($sql_del_cnt, $v, $t);
- $arrayGUIs = mb_getGUIs($row["mb_user_id"]);
- new mb_notice("login.setSession.mb_user_guis: ".serialize($arrayGUIs)." in session: " .session_id());
+
+ if (!$authenticatedUser->loginCountExceeded()) {
+ $authenticatedUser->resetLoginCount();
+
+ $arrayGUIs = $authenticatedUser->getApplicationsByPermission();
+
Mapbender::session()->set("mb_user_guis",$arrayGUIs);
Mapbender::session()->set("mb_login",$login);
+
# a gui is explicitly ordered
- if((isset($_GET["mb_user_myGui"]) || Mapbender::session()->get("mb_user_myGui")) && in_array($_GET["mb_user_myGui"], $arrayGUIs)){
- unset($arrayGUIs);
- if(isset($_GET["mb_user_myGui"])){ $arrayGUIs[0] = $_GET["mb_user_myGui"];}
- else{ $arrayGUIs[0] = Mapbender::session()->set("mb_user_myGui");}
+ if(isset($_GET["mb_user_myGui"]) && in_array($_GET["mb_user_myGui"], $arrayGUIs)){
+ redirectToApplication(true, $_GET["mb_user_myGui"]);
}
- #only one gui is provided
- if(count($arrayGUIs) == 1){
- if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
- $myURL = "Location: https://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/index.php?".strip_tags (SID)."&gui_id=".$arrayGUIs[0];
- }
- else {
- $myURL = "Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/index.php?".strip_tags (SID)."&gui_id=".$arrayGUIs[0];
- }
- # params for the initial call
- if(isset($_GET["mb_myBBOX"])){
- $myURL .= "&mb_myBBOX=".$_GET["mb_myBBOX"];
- }
- session_write_close();
- header ($myURL);
- die;
+ if (Mapbender::session()->get("mb_user_myGui") && in_array(Mapbender::session()->get("mb_user_myGui"), $arrayGUIs)){
+ redirectToApplication(true, Mapbender::session()->get("mb_user_myGui"));
}
# list all guis of this user and his groups
- else{
- mb_listGUIs($arrayGUIs);
+ else {
+ redirectToApplication(true);
}
}
}
else{
- $sql_set_cnt = "UPDATE mb_user SET mb_user_login_count = (mb_user_login_count + 1) WHERE mb_user_name = $1";
- $v = array($name);
- $t = array('s');
- db_prep_query($sql_set_cnt,$v,$t);
- if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
- session_write_close();
- header ("Location: https://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/login.php?name=".$name);
- }
- else {
- session_write_close();
- header ("Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/login.php?name=".$name);
- }
- die;
+ $userLoginFailed->incrementLoginCount();
+ redirectToApplication();
}
}
?>
Modified: branches/3_dev/http/plugins/mb_loginForm.js
===================================================================
--- branches/3_dev/http/plugins/mb_loginForm.js 2010-04-12 10:27:23 UTC (rev 5945)
+++ branches/3_dev/http/plugins/mb_loginForm.js 2010-04-12 11:22:27 UTC (rev 5946)
@@ -26,12 +26,17 @@
},
callback: function (obj, result, message) {
if (!result) {
- $("#mb_login").loggedOut();
+ $("#mb_login").mapbender(function () {
+ this.loggedOut();
+ });
+
return;
}
$loginDiv.dialog("destroy");
- window.location.href = Mapbender.login + "?name=" + name + "&password=" + password;
-
+ $("#mb_login").mapbender(function () {
+ this.loggedIn(obj.name);
+ });
+ //window.location.href = Mapbender.login + "?name=" + name + "&password=" + password;
}
});
req.send();
Modified: branches/3_dev/http/plugins/mb_login_server.php
===================================================================
--- branches/3_dev/http/plugins/mb_login_server.php 2010-04-12 10:27:23 UTC (rev 5945)
+++ branches/3_dev/http/plugins/mb_login_server.php 2010-04-12 11:22:27 UTC (rev 5946)
@@ -9,68 +9,43 @@
require_once dirname(__FILE__)."/../../core/lib/class_Mapbender.php";
require_once dirname(__FILE__)."/../../core/lib/class_User.php";
-function auth_user ($name,$pw) {
- $setEncPw = false;
- $sql = "SELECT * FROM mb_user WHERE mb_user_name = $1 AND mb_user_password = $2";
- $v = array($name, md5($pw));
- $t = array('s', 's');
- $res = db_prep_query($sql,$v,$t);
- if($row = db_fetch_array($res)){
- return $row;
- }
- else if(SYS_DBTYPE == 'pgsql' && $setEncPw == true){
- // unencrypted pw in postgres without md5-support?
- $sql = "SELECT * FROM mb_user WHERE mb_user_name = $1 AND mb_user_password = $2";
- $v = array($name,$pw);
- $t = array('s','s');
- $resn = db_prep_query($sql,$v,$t);
- if($rown = db_fetch_array($resn)){
- $sqlu = "UPDATE mb_user SET mb_user_password = $1 WHERE mb_user_id = $2";
- $vu = array(md5($pw),$rown["mb_user_id"]);
- $tu = array('s','i');
- $rowu = db_prep_query($sqlu,$vu,$tu);
- return $rown;
- }
- }
- return null;
-}
-
$ajaxResponse = new AjaxResponse($_POST, false);
switch ($ajaxResponse->getMethod()) {
- case "login" :
+ case "login" :
- $name = $ajaxResponse->getParameter("name");
- $password = $ajaxResponse->getParameter("password");
-
- $resultObj = array();
-
- $user = User::byName($name);
- if (is_null($user)) {
- $ajaxResponse->setSuccess(false);
- $ajaxResponse->setMessage(_mb("Login failed."));
- break;
- }
- if ($user->loginCountExceeded()) {
- $ajaxResponse->setSuccess(false);
- $ajaxResponse->setMessage(_mb("Permission denied. Login failed %d times. Your account has been deactivated. Please contact your administrator!", MAXLOGIN));
- break;
- }
- $user = User::getByNameAndPassword($name, $password);
- if (!is_null($user)){
- Mapbender::session()->kill();
- $ajaxResponse->setSuccess(true);
- $ajaxResponse->setMessage(_mb("Login success."));
- break;
- }
- $user->incrementLoginCount();
- $ajaxResponse->setSuccess(false);
- $ajaxResponse->setMessage(_mb("Login failed."));
- break;
+ $name = $ajaxResponse->getParameter("name");
+ $password = $ajaxResponse->getParameter("password");
+
+ $user = User::byName($name);
+ if (is_null($user)) {
+ $ajaxResponse->setSuccess(false);
+ $ajaxResponse->setMessage(_mb("Login failed."));
+ break;
+ }
+ if ($user->loginCountExceeded()) {
+ $ajaxResponse->setSuccess(false);
+ $ajaxResponse->setMessage(_mb("Permission denied. Login failed %d times. Your account has been deactivated. Please contact your administrator!", MAXLOGIN));
+ break;
+ }
+ $user = User::getByNameAndPassword($name, $password);
+ if (!is_null($user)){
+ Mapbender::session()->kill();
+ session_start();
+ include(dirname(__FILE__)."/../../conf/session.conf");
+ $ajaxResponse->setResult(array("name" => $name));
+ $ajaxResponse->setSuccess(true);
+ $ajaxResponse->setMessage(_mb("Login success."));
+ break;
+ }
+ $user->incrementLoginCount();
+ $ajaxResponse->setSuccess(false);
+ $ajaxResponse->setMessage(_mb("Login failed."));
+ break;
case "userInformation" :
if (Mapbender::session()->get("mb_user_id")) {
$resultObj = array(
- "name" => Mapbender::session()->get("mb_user_name")
+ "name" => Mapbender::session()->get("mb_user_name")
);
$ajaxResponse->setSuccess(true);
$ajaxResponse->setResult($resultObj);
@@ -82,12 +57,10 @@
Mapbender::session()->kill();
$ajaxResponse->setSuccess(true);
break;
- default:
- $ajaxResponse->setSuccess(false);
- $ajaxResponse->setMessage(_mb("An unknown error occured."));
- break;
+ default:
+ $ajaxResponse->setSuccess(false);
+ $ajaxResponse->setMessage(_mb("An unknown error occured."));
+ break;
}
-$firephp->log($_SESSION);
-$firephp->log(session_id());
$ajaxResponse->send();
?>
\ No newline at end of file
More information about the Mapbender_commits
mailing list