I am having problem with the autodelete mod (relational db) after added Session Cookie Mod by Matt Script. All records were not deleted after the expiry date. The rest works fine.
I supposed it could be problem with the &auto_delete in the auth.pl. Please advise if the below code is correct after adding the session cookie mod.
sub auth_check_password {
# --------------------------------------------------------
# This routine checks to see if the password and userid found
# in %in (must be 'pw' and 'userid') match a valid password and
# userid in the password file.
# It returns a status message and a userid which is built by a
# "user name" + "random number"
# which get's stored in the query string.
my ($pass, @passwd, $userid, $pw, @permissions, $file, $uid);
my ($server_auth) = $ENV{'REMOTE_USER'} || $ENV{'AUTH_USER'};
if ($auth_no_authentication || (($db_uid eq 'default') && $auth_allow_default)) {
return ('ok', 'default', @auth_default_permissions);
}
elsif ($server_auth) { # The user has logged in via server authentication.
return ('ok', $server_auth, &auth_check_permissions($server_auth));
}
elsif ($in{'login'}) { # The user is trying to login.
open (PASSWD, "<$auth_pw_file") || &cgierr("unable to open password file. Reason: $!\n");
@passwds = <PASSWD>; # Let's get the user id and passwords..
close PASSWD;
my ($view, $add, $mod, $del, $admin);
PASS: foreach $pass (@passwds) { # Go through each pass and see if we match..
next PASS if ($pass =~ /^$/); # Skip blank lines.
next PASS if ($pass =~ /^#/); # Skip Comment lines.
chomp ($pass);
($userid, $pw, $view, $add, $del, $mod, $admin) = split (/:/, $pass);
if (($in{'userid'} eq $userid) && (crypt($in{'pw'}, $pw) eq $pw)) {
srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
$db_uid = "$userid." . time() . (int(rand(100000)) + 1);# Build User Id
open(AUTH, ">$auth_dir/$db_uid") or &cgierr("unable to open auth file: $auth_dir/$uid. Reason: $!\n");
print AUTH "$view:$add:$del:$mod:$admin:$ENV{'REMOTE_HOST'}\n";
close AUTH;
&auto_delete; #### added for autodelete mod
foreach (0 .. 3) { $permissions[$_] = int($permissions[$_]); }
&auth_logging('logged on', $userid) if ($auth_logging);
&SetCookies('session',$db_uid); # Session Cookie Mod
return ('ok', $db_uid, $view, $add, $del, $mod, $admin);
}
}
return ("Invalid ID/Password");
}
elsif ($db_uid) { # The user already has a user id given by the program.
(-e "$auth_dir/$db_uid") ?
return ('ok', $db_uid, &auth_check_permissions($db_uid)) :
return ('Invalid/expired user session');
}
else { # Session Cookie Mod.
&GetCookies('session');
if (length($Cookies{'session'}) > 4) {
$db_uid = $Cookies{'session'};
if (-e "$auth_dir/$db_uid") {
open(AUTH, "<$auth_dir/$db_uid") or &cgierr("unable to open auth file: &auth_dir/$uid. Reason: $!\n");
@perm = <AUTH>;
close AUTH;
($view, $add, $del, $mod, $admin, $host) = split (/:/, @perm[0]);
return ('ok', $db_uid, $view, $add, $del, $mod, $admin);}
else {
&SetCookies('session','');
return 'no login';
}
}
else {return 'no login';}
}
}
I supposed it could be problem with the &auto_delete in the auth.pl. Please advise if the below code is correct after adding the session cookie mod.
sub auth_check_password {
# --------------------------------------------------------
# This routine checks to see if the password and userid found
# in %in (must be 'pw' and 'userid') match a valid password and
# userid in the password file.
# It returns a status message and a userid which is built by a
# "user name" + "random number"
# which get's stored in the query string.
my ($pass, @passwd, $userid, $pw, @permissions, $file, $uid);
my ($server_auth) = $ENV{'REMOTE_USER'} || $ENV{'AUTH_USER'};
if ($auth_no_authentication || (($db_uid eq 'default') && $auth_allow_default)) {
return ('ok', 'default', @auth_default_permissions);
}
elsif ($server_auth) { # The user has logged in via server authentication.
return ('ok', $server_auth, &auth_check_permissions($server_auth));
}
elsif ($in{'login'}) { # The user is trying to login.
open (PASSWD, "<$auth_pw_file") || &cgierr("unable to open password file. Reason: $!\n");
@passwds = <PASSWD>; # Let's get the user id and passwords..
close PASSWD;
my ($view, $add, $mod, $del, $admin);
PASS: foreach $pass (@passwds) { # Go through each pass and see if we match..
next PASS if ($pass =~ /^$/); # Skip blank lines.
next PASS if ($pass =~ /^#/); # Skip Comment lines.
chomp ($pass);
($userid, $pw, $view, $add, $del, $mod, $admin) = split (/:/, $pass);
if (($in{'userid'} eq $userid) && (crypt($in{'pw'}, $pw) eq $pw)) {
srand( time() ^ ($$ + ($$ << 15)) ); # Seed Random Number
$db_uid = "$userid." . time() . (int(rand(100000)) + 1);# Build User Id
open(AUTH, ">$auth_dir/$db_uid") or &cgierr("unable to open auth file: $auth_dir/$uid. Reason: $!\n");
print AUTH "$view:$add:$del:$mod:$admin:$ENV{'REMOTE_HOST'}\n";
close AUTH;
&auto_delete; #### added for autodelete mod
foreach (0 .. 3) { $permissions[$_] = int($permissions[$_]); }
&auth_logging('logged on', $userid) if ($auth_logging);
&SetCookies('session',$db_uid); # Session Cookie Mod
return ('ok', $db_uid, $view, $add, $del, $mod, $admin);
}
}
return ("Invalid ID/Password");
}
elsif ($db_uid) { # The user already has a user id given by the program.
(-e "$auth_dir/$db_uid") ?
return ('ok', $db_uid, &auth_check_permissions($db_uid)) :
return ('Invalid/expired user session');
}
else { # Session Cookie Mod.
&GetCookies('session');
if (length($Cookies{'session'}) > 4) {
$db_uid = $Cookies{'session'};
if (-e "$auth_dir/$db_uid") {
open(AUTH, "<$auth_dir/$db_uid") or &cgierr("unable to open auth file: &auth_dir/$uid. Reason: $!\n");
@perm = <AUTH>;
close AUTH;
($view, $add, $del, $mod, $admin, $host) = split (/:/, @perm[0]);
return ('ok', $db_uid, $view, $add, $del, $mod, $admin);}
else {
&SetCookies('session','');
return 'no login';
}
}
else {return 'no login';}
}
}