From f391b896d495410e703e88e06f3cec86323e6a81 Mon Sep 17 00:00:00 2001 From: Simon Date: Sat, 29 Jan 2011 12:16:13 +0000 Subject: [PATCH] Use Sessions instead of saving password --- includes/http.h | 6 +++--- includes/interface.h | 2 ++ src/http.c | 27 ++++++++++++++++++++----- src/interface.c | 48 +++++++++++++++++++++++++++++++------------- 4 files changed, 61 insertions(+), 22 deletions(-) diff --git a/includes/http.h b/includes/http.h index 2ad7ccc28..af0971c32 100755 --- a/includes/http.h +++ b/includes/http.h @@ -24,10 +24,10 @@ void http_init(char *proxy); void http_done(void); char *http_simple_get(char *uri, int *ret, int *len); -char *http_auth_get(char *uri, char *user, char *pass, int *ret, int *len); +char *http_auth_get(char *uri, char *user, char *pass, char * session_id, int *ret, int *len); char *http_simple_post(char *uri, char *data, int dlen, int *ret, int *len); -void http_auth_headers(void *ctx, char *user, char *pass); +void http_auth_headers(void *ctx, char *user, char *pass, char * session_id); void *http_async_req_start(void *ctx, char *uri, char *data, int dlen, int keep); void http_async_add_header(void *ctx, char *name, char *data); @@ -36,7 +36,7 @@ void http_async_get_length(void *ctx, int *total, int *done); char *http_async_req_stop(void *ctx, int *ret, int *len); void http_async_req_close(void *ctx); -char *http_multipart_post(char *uri, char **names, char **parts, int *plens, char *user, char *pass, int *ret, int *len); +char *http_multipart_post(char *uri, char **names, char **parts, int *plens, char *user, char *pass, char * session_id, int *ret, int *len); char *http_ret_text(int ret); diff --git a/includes/interface.h b/includes/interface.h index 4bee583dd..15e857dee 100644 --- a/includes/interface.h +++ b/includes/interface.h @@ -118,6 +118,8 @@ extern int svf_admin; extern int svf_mod; extern char svf_user[64]; extern char svf_pass[64]; +extern char svf_user_id[64]; +extern char svf_session_id[64]; extern int svf_open; extern int svf_own; diff --git a/src/http.c b/src/http.c index a68ea45b4..a881c7335 100644 --- a/src/http.c +++ b/src/http.c @@ -680,7 +680,7 @@ char *http_simple_get(char *uri, int *ret, int *len) return http_async_req_stop(ctx, ret, len); } static char hex[] = "0123456789abcdef"; -void http_auth_headers(void *ctx, char *user, char *pass) +void http_auth_headers(void *ctx, char *user, char *pass, char *session_id) { char *tmp; int i; @@ -690,7 +690,6 @@ void http_auth_headers(void *ctx, char *user, char *pass) if (user) { - http_async_add_header(ctx, "X-Auth-User", user); if (pass) { md5_init(&md5); @@ -710,9 +709,18 @@ void http_auth_headers(void *ctx, char *user, char *pass) http_async_add_header(ctx, "X-Auth-Hash", tmp); free(tmp); } + if(session_id) + { + http_async_add_header(ctx, "X-Auth-User-Id", user); + http_async_add_header(ctx, "X-Auth-Session-Key", session_id); + } + else + { + http_async_add_header(ctx, "X-Auth-User", user); + } } } -char *http_auth_get(char *uri, char *user, char *pass, int *ret, int *len) +char *http_auth_get(char *uri, char *user, char *pass, char *session_id, int *ret, int *len) { void *ctx = http_async_req_start(NULL, uri, NULL, 0, 0); @@ -870,7 +878,7 @@ char *http_ret_text(int ret) return "Unknown Status Code"; } } -char *http_multipart_post(char *uri, char **names, char **parts, int *plens, char *user, char *pass, int *ret, int *len) +char *http_multipart_post(char *uri, char **names, char **parts, int *plens, char *user, char *pass, char *session_id, int *ret, int *len) { void *ctx; char *data = NULL, *tmp, *p; @@ -965,7 +973,7 @@ retry: if (user) { - http_async_add_header(ctx, "X-Auth-User", user); + //http_async_add_header(ctx, "X-Auth-User", user); if (pass) { md5_init(&md5); @@ -1023,6 +1031,15 @@ retry: http_async_add_header(ctx, "X-Auth-Hash", tmp); free(tmp); } + if(session_id) + { + http_async_add_header(ctx, "X-Auth-User-Id", user); + http_async_add_header(ctx, "X-Auth-Session-Key", session_id); + } + else + { + http_async_add_header(ctx, "X-Auth-User", user); + } } if (data) diff --git a/src/interface.c b/src/interface.c index 05016c278..eef4b5ba4 100644 --- a/src/interface.c +++ b/src/interface.c @@ -25,7 +25,9 @@ int svf_login = 0; int svf_admin = 0; int svf_mod = 0; char svf_user[64] = ""; +char svf_user_id[64] = ""; char svf_pass[64] = ""; +char svf_session_id[64] = ""; int svf_open = 0; int svf_own = 0; @@ -836,7 +838,7 @@ void login_ui(pixel *vid_buf) res = http_multipart_post( "http://" SERVER "/Login.api", NULL, NULL, NULL, - svf_user, svf_pass, + svf_user, svf_pass, NULL, &err, NULL); if (err != 200) { @@ -845,14 +847,27 @@ void login_ui(pixel *vid_buf) free(res); goto fail; } - if (res && !strncmp(res, "OK", 2)) + if (res && !strncmp(res, "OK ", 3)) { - if (!strcmp(res, "OK ADMIN")) + char *s_id,*u_e,*nres; + s_id = strchr(res+3, ' '); + *(s_id++) = 0; + + u_e = strchr(s_id, ' '); + *(u_e++) = 0; + + strcpy(svf_user_id, res+3); + strcpy(svf_session_id, s_id); + nres = mystrdup(u_e); + + printf("\n{%s} {%s} {%s}\n", svf_user_id, svf_session_id, nres); + + if (!strncmp(nres, "ADMIN", 5)) { svf_admin = 1; svf_mod = 0; } - else if (!strcmp(res, "OK MOD")) + else if (!strncmp(nres, "MOD", 3)) { svf_admin = 0; svf_mod = 1; @@ -874,6 +889,8 @@ void login_ui(pixel *vid_buf) fail: strcpy(svf_user, ""); strcpy(svf_pass, ""); + strcpy(svf_user_id, ""); + strcpy(svf_session_id, ""); svf_login = 0; svf_own = 0; svf_admin = 0; @@ -2489,7 +2506,8 @@ int search_ui(pixel *vid_buf) http = http_async_req_start(http, uri, NULL, 0, 1); if (svf_login) { - http_auth_headers(http, svf_user, svf_pass); + //http_auth_headers(http, svf_user, svf_pass); + http_auth_headers(http, svf_user_id, NULL, svf_session_id); } http_last_use = time(NULL); free(uri); @@ -2757,8 +2775,10 @@ int open_ui(pixel *vid_buf, char *save_id, char *save_date) http_2 = http_async_req_start(http_2, uri_2, NULL, 0, 1); if (svf_login) { - http_auth_headers(http, svf_user, svf_pass); - http_auth_headers(http_2, svf_user, svf_pass); + //http_auth_headers(http, svf_user, svf_pass); + //http_auth_headers(http_2, svf_user, svf_pass); + http_auth_headers(http, svf_user_id, NULL, svf_session_id); + http_auth_headers(http_2, svf_user_id, NULL, svf_session_id); } http_last_use = time(NULL); http_last_use_2 = time(NULL); @@ -3483,7 +3503,7 @@ int execute_tagop(pixel *vid_buf, char *op, char *tag) result = http_multipart_post( uri, names, parts, NULL, - svf_user, svf_pass, + svf_user_id, /*svf_pass*/NULL, svf_session_id, &status, NULL); free(uri); @@ -3543,7 +3563,7 @@ void execute_save(pixel *vid_buf) result = http_multipart_post( "http://" SERVER "/Save.api", names, parts, plens, - svf_user, svf_pass, + svf_user_id, /*svf_pass*/NULL, svf_session_id, &status, NULL); if (svf_last) @@ -3600,7 +3620,7 @@ int execute_delete(pixel *vid_buf, char *id) result = http_multipart_post( "http://" SERVER "/Delete.api", names, parts, NULL, - svf_user, svf_pass, + svf_user_id, /*svf_pass*/NULL, svf_session_id, &status, NULL); if (status!=200) @@ -3636,7 +3656,7 @@ void execute_submit(pixel *vid_buf, char *id, char *message) result = http_multipart_post( "http://" SERVER "/Comment.api", names, parts, NULL, - svf_user, svf_pass, + svf_user_id, /*svf_pass*/NULL, svf_session_id, &status, NULL); if (status!=200) @@ -3671,7 +3691,7 @@ int execute_report(pixel *vid_buf, char *id, char *reason) result = http_multipart_post( "http://" SERVER "/Report.api", names, parts, NULL, - svf_user, svf_pass, + svf_user_id, /*svf_pass*/NULL, svf_session_id, &status, NULL); if (status!=200) @@ -3706,7 +3726,7 @@ void execute_fav(pixel *vid_buf, char *id) result = http_multipart_post( "http://" SERVER "/Favourite.api", names, parts, NULL, - svf_user, svf_pass, + svf_user_id, /*svf_pass*/NULL, svf_session_id, &status, NULL); if (status!=200) @@ -3741,7 +3761,7 @@ int execute_vote(pixel *vid_buf, char *id, char *action) result = http_multipart_post( "http://" SERVER "/Vote.api", names, parts, NULL, - svf_user, svf_pass, + svf_user_id, /*svf_pass*/NULL, svf_session_id, &status, NULL); if (status!=200)