mirror/The-Powder-Toy
1
0
Fork 0
mirror of https://github.com/The-Powder-Toy/The-Powder-Toy.git synced 2025-08-30 19:29:52 +02:00
Code Issues Projects Releases Wiki Activity

Use Sessions instead of saving password

Browse Source
This commit is contained in:
Simon
2011-01-29 12:16:13 +00:00
parent 9938378c0d
commit f391b896d4
4 changed files with 61 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
includes/http.h
View File

@@ -24,10 +24,10 @@ void http_init(char *proxy);
void http_done(void); void http_done(void);
char *http_simple_get(char *uri, int *ret, int *len); char *http_simple_get(char *uri, int *ret, int *len);
char *http_auth_get(char *uri, char *user, char *pass, int *ret, int *len); char *http_auth_get(char *uri, char *user, char *pass, char * session_id, int *ret, int *len);
char *http_simple_post(char *uri, char *data, int dlen, int *ret, int *len); char *http_simple_post(char *uri, char *data, int dlen, int *ret, int *len);
void http_auth_headers(void *ctx, char *user, char *pass); void http_auth_headers(void *ctx, char *user, char *pass, char * session_id);
void *http_async_req_start(void *ctx, char *uri, char *data, int dlen, int keep); void *http_async_req_start(void *ctx, char *uri, char *data, int dlen, int keep);
void http_async_add_header(void *ctx, char *name, char *data); void http_async_add_header(void *ctx, char *name, char *data);
@@ -36,7 +36,7 @@ void http_async_get_length(void *ctx, int *total, int *done);
char *http_async_req_stop(void *ctx, int *ret, int *len); char *http_async_req_stop(void *ctx, int *ret, int *len);
void http_async_req_close(void *ctx); void http_async_req_close(void *ctx);
char *http_multipart_post(char *uri, char **names, char **parts, int *plens, char *user, char *pass, int *ret, int *len); char *http_multipart_post(char *uri, char **names, char **parts, int *plens, char *user, char *pass, char * session_id, int *ret, int *len);
char *http_ret_text(int ret); char *http_ret_text(int ret);

2
includes/interface.h
View File

@@ -118,6 +118,8 @@ extern int svf_admin;
extern int svf_mod; extern int svf_mod;
extern char svf_user[64]; extern char svf_user[64];
extern char svf_pass[64]; extern char svf_pass[64];
extern char svf_user_id[64];
extern char svf_session_id[64];
extern int svf_open; extern int svf_open;
extern int svf_own; extern int svf_own;

27
src/http.c
View File

@@ -680,7 +680,7 @@ char *http_simple_get(char *uri, int *ret, int *len)
return http_async_req_stop(ctx, ret, len); return http_async_req_stop(ctx, ret, len);
} }
static char hex[] = "0123456789abcdef"; static char hex[] = "0123456789abcdef";
void http_auth_headers(void *ctx, char *user, char *pass) void http_auth_headers(void *ctx, char *user, char *pass, char *session_id)
{ {
char *tmp; char *tmp;
int i; int i;
@@ -690,7 +690,6 @@ void http_auth_headers(void *ctx, char *user, char *pass)
if (user) if (user)
{ {
http_async_add_header(ctx, "X-Auth-User", user);
if (pass) if (pass)
{ {
md5_init(&md5); md5_init(&md5);
@@ -710,9 +709,18 @@ void http_auth_headers(void *ctx, char *user, char *pass)
http_async_add_header(ctx, "X-Auth-Hash", tmp); http_async_add_header(ctx, "X-Auth-Hash", tmp);
free(tmp); free(tmp);
} }
if(session_id)
{
http_async_add_header(ctx, "X-Auth-User-Id", user);
http_async_add_header(ctx, "X-Auth-Session-Key", session_id);
}
else
{
http_async_add_header(ctx, "X-Auth-User", user);
}
} }
} }
char *http_auth_get(char *uri, char *user, char *pass, int *ret, int *len) char *http_auth_get(char *uri, char *user, char *pass, char *session_id, int *ret, int *len)
{ {
void *ctx = http_async_req_start(NULL, uri, NULL, 0, 0); void *ctx = http_async_req_start(NULL, uri, NULL, 0, 0);
@@ -870,7 +878,7 @@ char *http_ret_text(int ret)
return "Unknown Status Code"; return "Unknown Status Code";
} }
} }
char *http_multipart_post(char *uri, char **names, char **parts, int *plens, char *user, char *pass, int *ret, int *len) char *http_multipart_post(char *uri, char **names, char **parts, int *plens, char *user, char *pass, char *session_id, int *ret, int *len)
{ {
void *ctx; void *ctx;
char *data = NULL, *tmp, *p; char *data = NULL, *tmp, *p;
@@ -965,7 +973,7 @@ retry:
if (user) if (user)
{ {
http_async_add_header(ctx, "X-Auth-User", user); //http_async_add_header(ctx, "X-Auth-User", user);
if (pass) if (pass)
{ {
md5_init(&md5); md5_init(&md5);
@@ -1023,6 +1031,15 @@ retry:
http_async_add_header(ctx, "X-Auth-Hash", tmp); http_async_add_header(ctx, "X-Auth-Hash", tmp);
free(tmp); free(tmp);
} }
if(session_id)
{
http_async_add_header(ctx, "X-Auth-User-Id", user);
http_async_add_header(ctx, "X-Auth-Session-Key", session_id);
}
else
{
http_async_add_header(ctx, "X-Auth-User", user);
}
} }
if (data) if (data)

48
src/interface.c
View File

@@ -25,7 +25,9 @@ int svf_login = 0;
int svf_admin = 0; int svf_admin = 0;
int svf_mod = 0; int svf_mod = 0;
char svf_user[64] = ""; char svf_user[64] = "";
char svf_user_id[64] = "";
char svf_pass[64] = ""; char svf_pass[64] = "";
char svf_session_id[64] = "";
int svf_open = 0; int svf_open = 0;
int svf_own = 0; int svf_own = 0;
@@ -836,7 +838,7 @@ void login_ui(pixel *vid_buf)
res = http_multipart_post( res = http_multipart_post(
"http://" SERVER "/Login.api", "http://" SERVER "/Login.api",
NULL, NULL, NULL, NULL, NULL, NULL,
svf_user, svf_pass, svf_user, svf_pass, NULL,
&err, NULL); &err, NULL);
if (err != 200) if (err != 200)
{ {
@@ -845,14 +847,27 @@ void login_ui(pixel *vid_buf)
free(res); free(res);
goto fail; goto fail;
} }
if (res && !strncmp(res, "OK", 2)) if (res && !strncmp(res, "OK ", 3))
{ {
if (!strcmp(res, "OK ADMIN")) char *s_id,*u_e,*nres;
s_id = strchr(res+3, ' ');
*(s_id++) = 0;
u_e = strchr(s_id, ' ');
*(u_e++) = 0;
strcpy(svf_user_id, res+3);
strcpy(svf_session_id, s_id);
nres = mystrdup(u_e);
printf("\n{%s} {%s} {%s}\n", svf_user_id, svf_session_id, nres);
if (!strncmp(nres, "ADMIN", 5))
{ {
svf_admin = 1; svf_admin = 1;
svf_mod = 0; svf_mod = 0;
} }
else if (!strcmp(res, "OK MOD")) else if (!strncmp(nres, "MOD", 3))
{ {
svf_admin = 0; svf_admin = 0;
svf_mod = 1; svf_mod = 1;
@@ -874,6 +889,8 @@ void login_ui(pixel *vid_buf)
fail: fail:
strcpy(svf_user, ""); strcpy(svf_user, "");
strcpy(svf_pass, ""); strcpy(svf_pass, "");
strcpy(svf_user_id, "");
strcpy(svf_session_id, "");
svf_login = 0; svf_login = 0;
svf_own = 0; svf_own = 0;
svf_admin = 0; svf_admin = 0;
@@ -2489,7 +2506,8 @@ int search_ui(pixel *vid_buf)
http = http_async_req_start(http, uri, NULL, 0, 1); http = http_async_req_start(http, uri, NULL, 0, 1);
if (svf_login) if (svf_login)
{ {
http_auth_headers(http, svf_user, svf_pass); //http_auth_headers(http, svf_user, svf_pass);
http_auth_headers(http, svf_user_id, NULL, svf_session_id);
} }
http_last_use = time(NULL); http_last_use = time(NULL);
free(uri); free(uri);
@@ -2757,8 +2775,10 @@ int open_ui(pixel *vid_buf, char *save_id, char *save_date)
http_2 = http_async_req_start(http_2, uri_2, NULL, 0, 1); http_2 = http_async_req_start(http_2, uri_2, NULL, 0, 1);
if (svf_login) if (svf_login)
{ {
http_auth_headers(http, svf_user, svf_pass); //http_auth_headers(http, svf_user, svf_pass);
http_auth_headers(http_2, svf_user, svf_pass); //http_auth_headers(http_2, svf_user, svf_pass);
http_auth_headers(http, svf_user_id, NULL, svf_session_id);
http_auth_headers(http_2, svf_user_id, NULL, svf_session_id);
} }
http_last_use = time(NULL); http_last_use = time(NULL);
http_last_use_2 = time(NULL); http_last_use_2 = time(NULL);
@@ -3483,7 +3503,7 @@ int execute_tagop(pixel *vid_buf, char *op, char *tag)
result = http_multipart_post( result = http_multipart_post(
uri, uri,
names, parts, NULL, names, parts, NULL,
svf_user, svf_pass, svf_user_id, /*svf_pass*/NULL, svf_session_id,
&status, NULL); &status, NULL);
free(uri); free(uri);
@@ -3543,7 +3563,7 @@ void execute_save(pixel *vid_buf)
result = http_multipart_post( result = http_multipart_post(
"http://" SERVER "/Save.api", "http://" SERVER "/Save.api",
names, parts, plens, names, parts, plens,
svf_user, svf_pass, svf_user_id, /*svf_pass*/NULL, svf_session_id,
&status, NULL); &status, NULL);
if (svf_last) if (svf_last)
@@ -3600,7 +3620,7 @@ int execute_delete(pixel *vid_buf, char *id)
result = http_multipart_post( result = http_multipart_post(
"http://" SERVER "/Delete.api", "http://" SERVER "/Delete.api",
names, parts, NULL, names, parts, NULL,
svf_user, svf_pass, svf_user_id, /*svf_pass*/NULL, svf_session_id,
&status, NULL); &status, NULL);
if (status!=200) if (status!=200)
@@ -3636,7 +3656,7 @@ void execute_submit(pixel *vid_buf, char *id, char *message)
result = http_multipart_post( result = http_multipart_post(
"http://" SERVER "/Comment.api", "http://" SERVER "/Comment.api",
names, parts, NULL, names, parts, NULL,
svf_user, svf_pass, svf_user_id, /*svf_pass*/NULL, svf_session_id,
&status, NULL); &status, NULL);
if (status!=200) if (status!=200)
@@ -3671,7 +3691,7 @@ int execute_report(pixel *vid_buf, char *id, char *reason)
result = http_multipart_post( result = http_multipart_post(
"http://" SERVER "/Report.api", "http://" SERVER "/Report.api",
names, parts, NULL, names, parts, NULL,
svf_user, svf_pass, svf_user_id, /*svf_pass*/NULL, svf_session_id,
&status, NULL); &status, NULL);
if (status!=200) if (status!=200)
@@ -3706,7 +3726,7 @@ void execute_fav(pixel *vid_buf, char *id)
result = http_multipart_post( result = http_multipart_post(
"http://" SERVER "/Favourite.api", "http://" SERVER "/Favourite.api",
names, parts, NULL, names, parts, NULL,
svf_user, svf_pass, svf_user_id, /*svf_pass*/NULL, svf_session_id,
&status, NULL); &status, NULL);
if (status!=200) if (status!=200)
@@ -3741,7 +3761,7 @@ int execute_vote(pixel *vid_buf, char *id, char *action)
result = http_multipart_post( result = http_multipart_post(
"http://" SERVER "/Vote.api", "http://" SERVER "/Vote.api",
names, parts, NULL, names, parts, NULL,
svf_user, svf_pass, svf_user_id, /*svf_pass*/NULL, svf_session_id,
&status, NULL); &status, NULL);
if (status!=200) if (status!=200)