mirror/The-Powder-Toy
1
0
Fork 0
mirror of https://github.com/The-Powder-Toy/The-Powder-Toy.git synced 2025-08-31 11:41:51 +02:00
Code Issues Projects Releases Wiki Activity

Use Sessions instead of saving password

Browse Source
This commit is contained in:
Simon
2011-01-29 12:16:13 +00:00
parent 9938378c0d
commit f391b896d4
4 changed files with 61 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
includes/http.h
View File

@@ -24,10 +24,10 @@ void http_init(char *proxy);
void http_done(void);
char *http_simple_get(char *uri, int *ret, int *len);
char *http_auth_get(char *uri, char *user, char *pass, int *ret, int *len);
char *http_auth_get(char *uri, char *user, char *pass, char * session_id, int *ret, int *len);
char *http_simple_post(char *uri, char *data, int dlen, int *ret, int *len);
void http_auth_headers(void *ctx, char *user, char *pass);
void http_auth_headers(void *ctx, char *user, char *pass, char * session_id);
void *http_async_req_start(void *ctx, char *uri, char *data, int dlen, int keep);
void http_async_add_header(void *ctx, char *name, char *data);
@@ -36,7 +36,7 @@ void http_async_get_length(void *ctx, int *total, int *done);
char *http_async_req_stop(void *ctx, int *ret, int *len);
void http_async_req_close(void *ctx);
char *http_multipart_post(char *uri, char **names, char **parts, int *plens, char *user, char *pass, int *ret, int *len);
char *http_multipart_post(char *uri, char **names, char **parts, int *plens, char *user, char *pass, char * session_id, int *ret, int *len);
char *http_ret_text(int ret);

2
includes/interface.h
View File

@@ -118,6 +118,8 @@ extern int svf_admin;
extern int svf_mod;
extern char svf_user[64];
extern char svf_pass[64];
extern char svf_user_id[64];
extern char svf_session_id[64];
extern int svf_open;
extern int svf_own;

27
src/http.c
View File

@@ -680,7 +680,7 @@ char *http_simple_get(char *uri, int *ret, int *len)
return http_async_req_stop(ctx, ret, len);
}
static char hex[] = "0123456789abcdef";
void http_auth_headers(void *ctx, char *user, char *pass)
void http_auth_headers(void *ctx, char *user, char *pass, char *session_id)
{
char *tmp;
int i;
@@ -690,7 +690,6 @@ void http_auth_headers(void *ctx, char *user, char *pass)
if (user)
{
http_async_add_header(ctx, "X-Auth-User", user);
if (pass)
{
md5_init(&md5);
@@ -710,9 +709,18 @@ void http_auth_headers(void *ctx, char *user, char *pass)
http_async_add_header(ctx, "X-Auth-Hash", tmp);
free(tmp);
}
if(session_id)
{
http_async_add_header(ctx, "X-Auth-User-Id", user);
http_async_add_header(ctx, "X-Auth-Session-Key", session_id);
}
else
{
http_async_add_header(ctx, "X-Auth-User", user);
}
}
char *http_auth_get(char *uri, char *user, char *pass, int *ret, int *len)
}
char *http_auth_get(char *uri, char *user, char *pass, char *session_id, int *ret, int *len)
{
void *ctx = http_async_req_start(NULL, uri, NULL, 0, 0);
@@ -870,7 +878,7 @@ char *http_ret_text(int ret)
return "Unknown Status Code";
}
}
char *http_multipart_post(char *uri, char **names, char **parts, int *plens, char *user, char *pass, int *ret, int *len)
char *http_multipart_post(char *uri, char **names, char **parts, int *plens, char *user, char *pass, char *session_id, int *ret, int *len)
{
void *ctx;
char *data = NULL, *tmp, *p;
@@ -965,7 +973,7 @@ retry:
if (user)
{
http_async_add_header(ctx, "X-Auth-User", user);
//http_async_add_header(ctx, "X-Auth-User", user);
if (pass)
{
md5_init(&md5);
@@ -1023,6 +1031,15 @@ retry:
http_async_add_header(ctx, "X-Auth-Hash", tmp);
free(tmp);
}
if(session_id)
{
http_async_add_header(ctx, "X-Auth-User-Id", user);
http_async_add_header(ctx, "X-Auth-Session-Key", session_id);
}
else
{
http_async_add_header(ctx, "X-Auth-User", user);
}
}
if (data)

48
src/interface.c
View File

@@ -25,7 +25,9 @@ int svf_login = 0;
int svf_admin = 0;
int svf_mod = 0;
char svf_user[64] = "";
char svf_user_id[64] = "";
char svf_pass[64] = "";
char svf_session_id[64] = "";
int svf_open = 0;
int svf_own = 0;
@@ -836,7 +838,7 @@ void login_ui(pixel *vid_buf)
res = http_multipart_post(
"http://" SERVER "/Login.api",
NULL, NULL, NULL,
svf_user, svf_pass,
svf_user, svf_pass, NULL,
&err, NULL);
if (err != 200)
{
@@ -845,14 +847,27 @@ void login_ui(pixel *vid_buf)
free(res);
goto fail;
}
if (res && !strncmp(res, "OK", 2))
if (res && !strncmp(res, "OK ", 3))
{
if (!strcmp(res, "OK ADMIN"))
char *s_id,*u_e,*nres;
s_id = strchr(res+3, ' ');
*(s_id++) = 0;
u_e = strchr(s_id, ' ');
*(u_e++) = 0;
strcpy(svf_user_id, res+3);
strcpy(svf_session_id, s_id);
nres = mystrdup(u_e);
printf("\n{%s} {%s} {%s}\n", svf_user_id, svf_session_id, nres);
if (!strncmp(nres, "ADMIN", 5))
{
svf_admin = 1;
svf_mod = 0;
}
else if (!strcmp(res, "OK MOD"))
else if (!strncmp(nres, "MOD", 3))
{
svf_admin = 0;
svf_mod = 1;
@@ -874,6 +889,8 @@ void login_ui(pixel *vid_buf)
fail:
strcpy(svf_user, "");
strcpy(svf_pass, "");
strcpy(svf_user_id, "");
strcpy(svf_session_id, "");
svf_login = 0;
svf_own = 0;
svf_admin = 0;
@@ -2489,7 +2506,8 @@ int search_ui(pixel *vid_buf)
http = http_async_req_start(http, uri, NULL, 0, 1);
if (svf_login)
{
http_auth_headers(http, svf_user, svf_pass);
//http_auth_headers(http, svf_user, svf_pass);
http_auth_headers(http, svf_user_id, NULL, svf_session_id);
}
http_last_use = time(NULL);
free(uri);
@@ -2757,8 +2775,10 @@ int open_ui(pixel *vid_buf, char *save_id, char *save_date)
http_2 = http_async_req_start(http_2, uri_2, NULL, 0, 1);
if (svf_login)
{
http_auth_headers(http, svf_user, svf_pass);
http_auth_headers(http_2, svf_user, svf_pass);
//http_auth_headers(http, svf_user, svf_pass);
//http_auth_headers(http_2, svf_user, svf_pass);
http_auth_headers(http, svf_user_id, NULL, svf_session_id);
http_auth_headers(http_2, svf_user_id, NULL, svf_session_id);
}
http_last_use = time(NULL);
http_last_use_2 = time(NULL);
@@ -3483,7 +3503,7 @@ int execute_tagop(pixel *vid_buf, char *op, char *tag)
result = http_multipart_post(
uri,
names, parts, NULL,
svf_user, svf_pass,
svf_user_id, /*svf_pass*/NULL, svf_session_id,
&status, NULL);
free(uri);
@@ -3543,7 +3563,7 @@ void execute_save(pixel *vid_buf)
result = http_multipart_post(
"http://" SERVER "/Save.api",
names, parts, plens,
svf_user, svf_pass,
svf_user_id, /*svf_pass*/NULL, svf_session_id,
&status, NULL);
if (svf_last)
@@ -3600,7 +3620,7 @@ int execute_delete(pixel *vid_buf, char *id)
result = http_multipart_post(
"http://" SERVER "/Delete.api",
names, parts, NULL,
svf_user, svf_pass,
svf_user_id, /*svf_pass*/NULL, svf_session_id,
&status, NULL);
if (status!=200)
@@ -3636,7 +3656,7 @@ void execute_submit(pixel *vid_buf, char *id, char *message)
result = http_multipart_post(
"http://" SERVER "/Comment.api",
names, parts, NULL,
svf_user, svf_pass,
svf_user_id, /*svf_pass*/NULL, svf_session_id,
&status, NULL);
if (status!=200)
@@ -3671,7 +3691,7 @@ int execute_report(pixel *vid_buf, char *id, char *reason)
result = http_multipart_post(
"http://" SERVER "/Report.api",
names, parts, NULL,
svf_user, svf_pass,
svf_user_id, /*svf_pass*/NULL, svf_session_id,
&status, NULL);
if (status!=200)
@@ -3706,7 +3726,7 @@ void execute_fav(pixel *vid_buf, char *id)
result = http_multipart_post(
"http://" SERVER "/Favourite.api",
names, parts, NULL,
svf_user, svf_pass,
svf_user_id, /*svf_pass*/NULL, svf_session_id,
&status, NULL);
if (status!=200)
@@ -3741,7 +3761,7 @@ int execute_vote(pixel *vid_buf, char *id, char *action)
result = http_multipart_post(
"http://" SERVER "/Vote.api",
names, parts, NULL,
svf_user, svf_pass,
svf_user_id, /*svf_pass*/NULL, svf_session_id,
&status, NULL);
if (status!=200)