[Mapbender-commits] r5893 - in branches/3_dev: core/lib core/lib/js
http/plugins
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Sat Apr 10 11:04:17 EDT 2010
Author: mh
Date: 2010-04-10 11:04:16 -0400 (Sat, 10 Apr 2010)
New Revision: 5893
Added:
branches/3_dev/http/plugins/mb_login_server.php
Modified:
branches/3_dev/core/lib/class_Ajax.php
branches/3_dev/core/lib/class_User.php
branches/3_dev/core/lib/js/ajax.js
branches/3_dev/http/plugins/mb_login.js
Log:
Modified: branches/3_dev/core/lib/class_Ajax.php
===================================================================
--- branches/3_dev/core/lib/class_Ajax.php 2010-04-10 14:57:07 UTC (rev 5892)
+++ branches/3_dev/core/lib/class_Ajax.php 2010-04-10 15:04:16 UTC (rev 5893)
@@ -108,7 +108,7 @@
private $error = null;
private $message = "";
- public function __construct ($ajaxRequest) {
+ public function __construct ($ajaxRequest, $sessionStarted = true) {
$this->json = new Mapbender_JSON();
if (is_array($ajaxRequest)) {
@@ -123,18 +123,20 @@
$this->message = _mb("Fatal error: Could not detect ID of AJAX request.");
$this->send();
}
+ if ($sessionStarted === true) {
+ if (!Mapbender::session()->get("mb_user_id") ||
+ !Mapbender::session()->get("mb_user_ip") ||
+ Mapbender::session()->get("mb_user_ip") != $_SERVER['REMOTE_ADDR']) {
+ $this->setSuccess(false);
+ $this->error = array(
+ "code" => -2,
+ "message" => _mb("The session has expired. Please log in again.")
+ );
+ }
- if (!Mapbender::session()->get("mb_user_id") ||
- !Mapbender::session()->get("mb_user_ip") ||
- Mapbender::session()->get("mb_user_ip") != $_SERVER['REMOTE_ADDR']) {
- $this->setSuccess(false);
- $this->error = array(
- "code" => -2,
- "message" => _mb("The session has expired. Please log in again.")
- );
}
}
-
+
/**
* Set a message to be sent back to the client.
*
Modified: branches/3_dev/core/lib/class_User.php
===================================================================
--- branches/3_dev/core/lib/class_User.php 2010-04-10 14:57:07 UTC (rev 5892)
+++ branches/3_dev/core/lib/class_User.php 2010-04-10 15:04:16 UTC (rev 5893)
@@ -68,7 +68,35 @@
}
- /*
+ public function loginCountExceeded () {
+
+ $sql_count = "SELECT mb_user_login_count FROM mb_user WHERE mb_user_name = $1";
+ $params = array($name);
+ $types = array('s');
+ $res_count = db_prep_query($sql_count, $params, $types);
+ if ($row = db_fetch_array($res_count)) {
+ if ($row["mb_user_login_count"] > MAXLOGIN) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ public function resetLoginCount () {
+ $sql_del_cnt = "UPDATE mb_user SET mb_user_login_count = 0 WHERE mb_user_id = $1";
+ $v = array($this->id);
+ $t = array("i");
+ return db_prep_query($sql_del_cnt, $v, $t);
+ }
+
+ public function incrementLoginCount () {
+ $sql_set_cnt = "UPDATE mb_user SET mb_user_login_count = (mb_user_login_count + 1) WHERE mb_user_id = $1";
+ $v = array($this->id);
+ $t = array('s');
+ return db_prep_query($sql_set_cnt,$v,$t);
+ }
+
+ /*
* @return Assoc Array containing the fields to send to the user
*/
public function getFields() {
Modified: branches/3_dev/core/lib/js/ajax.js
===================================================================
--- branches/3_dev/core/lib/js/ajax.js 2010-04-10 14:57:07 UTC (rev 5892)
+++ branches/3_dev/core/lib/js/ajax.js 2010-04-10 15:04:16 UTC (rev 5893)
@@ -211,7 +211,7 @@
message = Mapbender.Ajax.Messages.fatalError;
}
if (resultObj.error.code == -1) {
- internalError = true;
+ //internalError = true;
}
else if (resultObj.error.code == -2) {
sessionExpired = true;
Modified: branches/3_dev/http/plugins/mb_login.js
===================================================================
--- branches/3_dev/http/plugins/mb_login.js 2010-04-10 14:57:07 UTC (rev 5892)
+++ branches/3_dev/http/plugins/mb_login.js 2010-04-10 15:04:16 UTC (rev 5893)
@@ -11,12 +11,31 @@
$loginDiv.dialog({
buttons: {
"Login": function () {
- $("form", $loginDiv).get(0).submit();
+ var name = $("form", $loginDiv).get(0).name.value;
+ var password = $("form", $loginDiv).get(0).password.value;
+ var req = new Mapbender.Ajax.Request({
+ url: "./plugins/mb_login_server.php",
+ method: "login",
+ parameters: {
+ name: name,
+ password: password
+ },
+ callback: function (obj, result, message) {
+ if (!result) {
+ alert(message);
+ return;
+ }
+ alert(message);
+ }
+ });
+ req.send();
+ return false;
}
},
modal: true,
resizable: false,
- draggable: false
+ draggable: false,
+ width: 400
});
});
}
Added: branches/3_dev/http/plugins/mb_login_server.php
===================================================================
--- branches/3_dev/http/plugins/mb_login_server.php (rev 0)
+++ branches/3_dev/http/plugins/mb_login_server.php 2010-04-10 15:04:16 UTC (rev 5893)
@@ -0,0 +1,99 @@
+<?php
+# License:
+# Copyright (c) 2009, Open Source Geospatial Foundation
+# This program is dual licensed under the GNU General Public License
+# and Simplified BSD license.
+# http://svn.osgeo.org/mapbender/trunk/mapbender/license/license.txt
+
+require_once dirname(__FILE__) . "/../../core/globalSettings.php";
+require_once dirname(__FILE__)."/../../core/lib/class_Mapbender.php";
+require_once dirname(__FILE__)."/../../core/lib/class_User.php";
+
+function auth_user ($name,$pw) {
+ $setEncPw = false;
+ $sql = "SELECT * FROM mb_user WHERE mb_user_name = $1 AND mb_user_password = $2";
+ $v = array($name, md5($pw));
+ $t = array('s', 's');
+ $res = db_prep_query($sql,$v,$t);
+ if($row = db_fetch_array($res)){
+ return $row;
+ }
+ else if(SYS_DBTYPE == 'pgsql' && $setEncPw == true){
+ // unencrypted pw in postgres without md5-support?
+ $sql = "SELECT * FROM mb_user WHERE mb_user_name = $1 AND mb_user_password = $2";
+ $v = array($name,$pw);
+ $t = array('s','s');
+ $resn = db_prep_query($sql,$v,$t);
+ if($rown = db_fetch_array($resn)){
+ $sqlu = "UPDATE mb_user SET mb_user_password = $1 WHERE mb_user_id = $2";
+ $vu = array(md5($pw),$rown["mb_user_id"]);
+ $tu = array('s','i');
+ $rowu = db_prep_query($sqlu,$vu,$tu);
+ return $rown;
+ }
+ }
+ return null;
+}
+
+function setSession() {
+ session_start();
+ session_write_close();
+}
+
+function killSession() {
+ Mapbender::session()->kill();
+}
+
+$ajaxResponse = new AjaxResponse($_POST, false);
+
+switch ($ajaxResponse->getMethod()) {
+ case "login" :
+
+ $name = $ajaxResponse->getParameter("name");
+ $password = $ajaxResponse->getParameter("password");
+
+ $resultObj = array();
+
+ $user = User::byName($name);
+ if (is_null($user)) {
+ $ajaxResponse->setSuccess(false);
+ $ajaxResponse->setMessage(_mb("Login failed."));
+ break;
+ }
+ if ($user->loginCountExceeded()) {
+ $ajaxResponse->setSuccess(false);
+ $ajaxResponse->setMessage(_mb("Permission denied. Login failed %d times. Your account has been deactivated. Please contact your administrator!", MAXLOGIN));
+ break;
+ }
+
+ $row = auth_user($name, $password);
+
+ // if given user data is found in database, set session data (db_fetch_array returns false if no row is found)
+ if($row){
+ setSession();
+ include dirname(__FILE__)."/../../conf/session.conf";
+ }
+
+ if (Mapbender::session()->get("mb_user_id")) {
+ if ($row["mb_user_login_count"] <= MAXLOGIN) {
+ $user->resetLoginCount();
+ $applicationArray = $user->getApplicationsByPermission();
+
+ Mapbender::session()->set("mb_user_guis", $applicationArray);
+// Mapbender::session()->set("mb_login", $login);
+ }
+ $ajaxResponse->setSuccess(true);
+ $ajaxResponse->setMessage(_mb("Login success."));
+ break;
+ }
+ $user->incrementLoginCount();
+ $ajaxResponse->setSuccess(false);
+ $ajaxResponse->setMessage(_mb("Login failed."));
+ break;
+ default:
+ $ajaxResponse->setSuccess(false);
+ $ajaxResponse->setMessage(_mb("An unknown error occured."));
+ break;
+}
+$ajaxResponse->send();
+?>
\ No newline at end of file
More information about the Mapbender_commits
mailing list