From 624342d1627cff804352f6a7eea194e37c767350 Mon Sep 17 00:00:00 2001 From: Metabox Date: Sun, 21 Apr 2019 05:33:50 +1000 Subject: [PATCH] Moved login control to do db structure checking. Added basic authentication. --- .vscode/launch.json | 32 +++++++++ .vstags | 16 +++-- htdocs/cgi-bin/login_ctr.cgi | 128 ++++++++++++++++++++--------------- htdocs/cgi-bin/main.cgi | 127 ++++++++++++++++++++-------------- run/thttpd.pid | 2 +- 5 files changed, 193 insertions(+), 112 deletions(-) create mode 100644 .vscode/launch.json diff --git a/.vscode/launch.json b/.vscode/launch.json new file mode 100644 index 0000000..2c6fb2a --- /dev/null +++ b/.vscode/launch.json @@ -0,0 +1,32 @@ +{ + // Use IntelliSense to learn about possible attributes. + // Hover to view descriptions of existing attributes. + // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 + "version": "0.2.0", + "configurations": [ + { + "type": "perl", + "request": "launch", + "name": "Perl-Debug local", + "console": "integratedTerminal", + "program": "${workspaceFolder}/${relativeFile}", + "exec": "perl", + "execArgs": [], + "root": "${workspaceRoot}/", + "inc": [], + "args": [], + "env": {}, + "stopOnEntry": true + }, + { + "type": "perl", + "request": "launch", + "name": "Perl-Debug remote", + "console": "remote", + "program": "${workspaceFolder}/${relativeFile}", + "root": "${workspaceRoot}/", + "stopOnEntry": true, + "port": 5000 + } + ] +} \ No newline at end of file diff --git a/.vstags b/.vstags index e16361e..065d9bb 100644 --- a/.vstags +++ b/.vstags @@ -7,14 +7,18 @@ ConfirmedDelition htdocs/cgi-bin/remove.cgi 132;" s DisplayDateDiffs htdocs/cgi-bin/remove.cgi 84;" s NotConfirmed htdocs/cgi-bin/remove.cgi 152;" s +authenticate htdocs/cgi-bin/main.cgi 522;" s big_money htdocs/cgi-bin/stats.cgi 105;" s boldDate htdocs/cgi-bin/remove.cgi 126;" s -build htdocs/cgi-bin/search.cgi 80;" s -buildNavigationButtons htdocs/cgi-bin/main.cgi 444;" s -checkCreateTables htdocs/cgi-bin/main.cgi 489;" s -checkCreateTablesAndSettings htdocs/cgi-bin/config.cgi 211;" s +build htdocs/cgi-bin/search.cgi 85;" s +buildNavigationButtons htdocs/cgi-bin/main.cgi 460;" s +checkCreateTables htdocs/cgi-bin/login_ctr.cgi 109;" s dateDiff htdocs/cgi-bin/remove.cgi 118;" s -processSubmit htdocs/cgi-bin/config.cgi 113;" s -processSubmit htdocs/cgi-bin/main.cgi 358;" s +getConfiguration htdocs/cgi-bin/config.cgi 225;" s +getConfiguration htdocs/cgi-bin/main.cgi 504;" s +processSubmit htdocs/cgi-bin/config.cgi 127;" s +processSubmit htdocs/cgi-bin/login_ctr.cgi 85;" s +processSubmit htdocs/cgi-bin/main.cgi 374;" s +selSQLTbl htdocs/cgi-bin/login_ctr.cgi 210;" s selectSQL htdocs/cgi-bin/stats.cgi 94;" s wanted htdocs/cgi-bin/e_vars.pl 211;" s diff --git a/htdocs/cgi-bin/login_ctr.cgi b/htdocs/cgi-bin/login_ctr.cgi index f7ac08a..2f15953 100755 --- a/htdocs/cgi-bin/login_ctr.cgi +++ b/htdocs/cgi-bin/login_ctr.cgi @@ -17,89 +17,100 @@ use Text::CSV; use Crypt::CBC; use Crypt::IDEA; - #DEFAULT SETTINGS HERE! -our $REC_LIMIT = 25; -our $TIME_ZONE = 'Australia/Sydney'; -our $PRC_WIDTH = '60'; -#END OF DEFAULT SETTINGS +our $REC_LIMIT = 25; +our $TIME_ZONE = 'Australia/Sydney'; +our $PRC_WIDTH = '60'; +our $LOG_PATH = '../../dbLifeLog/'; +our $SESSN_EXPR = '+2m'; +our $RELEASE_VER = '1.3'; +#END OF SETTINGS my $cgi = CGI->new; -my $session = new CGI::Session(undef,$cgi); -#dev session setting change to +1h, hard coded for now. - WB -$session->expire('+2m'); +my $session = new CGI::Session("driver:File",$cgi, {Directory=>$LOG_PATH}); +$session->expire($SESSN_EXPR); my $sid=$session->id(); my $cookie = $cgi->cookie(CGISESSID => $sid); + my $alias = $cgi->param('alias'); my $passw = $cgi->param('passw'); -if(!$alias){$alias=""}; -if(!$passw){$passw=""} +my $frm; + #This is the OS developer release key and cipher, replace on istallation. As it is not secure. my $cipher_key = '95d7a85ba891da896d0d87aca6d742d5'; my $cipher = new Crypt::CBC({key => $cipher_key, cipher => 'IDEA'}); + +if(&processSubmit==0){ + print $cgi->header(-expires=>"0s", -charset=>"UTF-8", -cookie=>$cookie); + print $cgi->start_html(-title => "Personal Log Login", + -script=>{-type => 'text/javascript', -src => 'wsrc/main.js'}, + -style =>{-type => 'text/css', -src => 'wsrc/main.css'}, + ); -if(&processSubmit){ -}else{ - -print $cgi->header(-expires=>"+6os", -charset=>"UTF-8", -cookie=>$cookie); -print $cgi->start_html(-title => "Personal Log Login", - -script=>{-type => 'text/javascript', -src => 'wsrc/main.js'}, - -style =>{-type => 'text/css', -src => 'wsrc/main.css'}, - ); -my $frm = qq( -
- + $frm = qq( +
+ - + - - + + - - -
LOGIN
Alias:
Password:
NOTICE!  If here the first time? Write down your alias and password, before proceeding. So you can comeback in the future to continue. Only you can know it. - -
); - - -print "
"; - print "\n
\n" . $frm ."\n
\n
"; -print "
"; -} + NOTICE!  If here the first time? Write down your alias and password, before proceeding. So you can comeback in the future to continue. Only you can know it. + + + + ); + + print "
"; + print "\n
\n" . $frm ."\n
\n
"; + print "
"; + print $cgi->end_html; +} +else{ + print $cgi->start_html; + print $cgi->end_html; +} -print $cgi->end_html; exit; sub processSubmit{ +try{ if($alias&&$passw){ - $passw = $cipher->encrypt_hex($passw); + + $passw = $cipher->encrypt_hex($passw); &checkCreateTables; - $session = CGI::Session->load(); + #ssion = CGI::Session->load(); $session->param('alias', $alias); $session->param('passw', $passw); - $session->param('database', 'data_'.$alias.'_log.db'); - $session->param('cipher', $cipher_key); - $session->save_param($cgi); - print $cgi->redirect('main.cgi'); - + $session->param('database', 'data_'.$alias.'_log.db'); + $session->flush(); + #print $cgi->redirect('main.cgi'."?CGISESSID=$sid"); + print $cgi->header(-expires=>"0s", -charset=>"UTF-8", -cookie=>$cookie, -location=>"main.cgi"); return 1; } return 0; +} + catch{ + print $cgi->header; + print "SERVER ERROR dump ->". $session->dump(); + print $cgi->end_html; + } } sub checkCreateTables{ try{ my $today = DateTime->now; $today->set_time_zone( $TIME_ZONE ); - my $database = '../../dbLifeLog/'.'data_'.$alias.'_log.db'; + my $database = $LOG_PATH.'data_'.$alias.'_log.db'; my $dsn= "DBI:SQLite:dbname=$database"; my $db = DBI->connect($dsn, $alias, $passw, { RaiseError => 1 }) or die "

Error->"& $DBI::errstri &"

"; @@ -156,16 +167,15 @@ try{ ); $rv = $db->do($stmt); if($rv < 0){print "

Error->"& $DBI::errstri &"

"}; - - } - - $st = $db->prepare("SELECT * FROM AUTH WHERE alias='$alias' AND passw='$passw';"); - $st->execute(); - if(!$st->fetchrow_array()) { + $st = $db->prepare("SELECT * FROM AUTH WHERE alias='$alias' AND passw='$passw';"); + $st->execute(); + if(!$st->fetchrow_array()) { $st = $db->prepare('INSERT INTO AUTH VALUES (?,?)'); $st->execute($alias, $passw); + } } + $st = $db->prepare(selSQLTbl('CONFIG')); $st->execute(); if(!$st->fetchrow_array()) { @@ -179,18 +189,26 @@ try{ $rv = $db->do($stmt); $st = $db->prepare('INSERT INTO CONFIG VALUES (?,?)'); - $st->execute("REC_LIMIT", $REC_LIMIT); - $st->execute("TIME_ZONE", $TIME_ZONE); - $st->execute("PRC_WIDTH", $PRC_WIDTH); + $st->execute(0,"RELEASE_VER",$RELEASE_VER); + $st->execute(1,"REC_LIMIT", $REC_LIMIT); + $st->execute(3,"TIME_ZONE", $TIME_ZONE); + $st->execute(5,"PRC_WIDTH", $PRC_WIDTH); + $st->execute(8,"SESSN_EXPR", $SESSN_EXPR); + } + else{ + #TODO Check table and update existing table for subsequent releases with new settings. } } - catch{ + catch{ + print $cgi->header; print "SERVER ERROR:".$_; + print $cgi->end_html; + exit; } } sub selSQLTbl{ - my $name = @_; + my $name = $_[0]; return "SELECT name FROM sqlite_master WHERE type='table' AND name='$name';" } diff --git a/htdocs/cgi-bin/main.cgi b/htdocs/cgi-bin/main.cgi index 9f40369..1ab84e6 100755 --- a/htdocs/cgi-bin/main.cgi +++ b/htdocs/cgi-bin/main.cgi @@ -15,57 +15,55 @@ use DBI; use DateTime; use DateTime::Format::SQLite; use DateTime::Duration; +use Date::Parse; +use Time::localtime; use Regexp::Common qw /URI/; -use Crypt::CBC; -use Crypt::IDEA; +#DEFAULT SETTINGS HERE! +our $REC_LIMIT = 25; +our $TIME_ZONE = 'Australia/Sydney'; +our $PRC_WIDTH = '60'; +our $LOG_PATH = '../../dbLifeLog/'; +our $SESSN_EXPR = '+2m'; +our $RELEASE_VER = '1.3'; +#END OF SETTINGS -my $q = CGI->new; -my $session = new CGI::Session(undef, $q); +my $cgi = CGI->new; +my $session = new CGI::Session("driver:File",$cgi, {Directory=>$LOG_PATH}); my $sid=$session->id(); -my $dbname=$session->param('database'); -my $userid=$session->param('alias'); +my $dbname =$session->param('database'); +my $userid =$session->param('alias'); my $password=$session->param('passw'); -my $cphr=$session->param('cipher'); +$session->expire('+2m'); -### Authenticate session to alias password -# -if(!$userid || !$dbname){ - print $q->redirect('login_ctr.cgi'); +if(!$userid||!$dbname){ + print $cgi->redirect("login_ctr.cgi?CGISESSID=$sid"); exit; } -# "../../dbLifeLog/data_log.db"; -#my $database = "/home/will/dev/LifeLog/dbLifeLog/data_log.db"; -my $cipher = new Crypt::CBC({key => $cphr, cipher => 'IDEA'}); my $database = '../../dbLifeLog/'.$dbname; my $dsn= "DBI:SQLite:dbname=$database"; my $db = DBI->connect($dsn, $userid, $password, { RaiseError => 1 }) or die "

Error->"& $DBI::errstri &"

"; - - -#SETTINGS HERE! -our $REC_LIMIT = 25; -our $TIME_ZONE = 'Australia/Sydney'; -our $PRC_WIDTH = '60'; -#END OF SETTINGS +### Authenticate session to alias password +&authenticate; &getConfiguration($db); my $tbl_rc = 0; my $tbl_rc_prev = 0; my $tbl_cur_id; -my $rs_keys = $q->param('keywords'); -my $rs_cat_idx = $q->param('category'); -my $rs_dat_from = $q->param('v_from'); -my $rs_dat_to = $q->param('v_to'); -my $rs_prev = $q->param('rs_prev'); -my $rs_cur = $q->param('rs_cur'); +my $rs_keys = $cgi->param('keywords'); +my $rs_cat_idx = $cgi->param('category'); +my $rs_dat_from = $cgi->param('v_from'); +my $rs_dat_to = $cgi->param('v_to'); +my $rs_prev = $cgi->param('rs_prev'); +my $rs_cur = $cgi->param('rs_cur'); my $stmS = "SELECT rowid, ID_CAT, DATE, LOG, AMMOUNT from LOG WHERE"; my $stmE = " ORDER BY DATE DESC;"; my $stmD = ""; if(!$rs_dat_to){ - $rs_dat_to = 'now'; + $rs_dat_to = 'now'; } if($rs_dat_from && $rs_dat_to){ @@ -73,20 +71,19 @@ if($rs_dat_from && $rs_dat_to){ } my $toggle =""; if($rs_keys||$rs_cat_idx||$stmD){$toggle=1;}; + +$session->expire($SESSN_EXPR); -print $q->header(-expires=>"+6os", -charset=>"UTF-8"); -print $q->start_html(-title => "Personal Log", - -script=>{-type => 'text/javascript',-src => 'wsrc/main.js'}, - -style =>{-type => 'text/css', -src => 'wsrc/main.css'}, - -onload => "loadedBody('".$toggle."');" +print $cgi->header(-expires=>"0s", -charset=>"UTF-8"); +print $cgi->start_html(-title => "Personal Log", + -script=>{-type => 'text/javascript',-src => 'wsrc/main.js'}, + -style =>{-type => 'text/css', -src => 'wsrc/main.css'}, + -onload => "loadedBody('".$toggle."');" ); -#print $q->div("session->".$session->header()); -#print $q->div("user:".$userid." passw:".$password); - my $rv; my $st; my $today = DateTime->now; -$today->set_time_zone( $TIME_ZONE ); + $today->set_time_zone( $TIME_ZONE ); my $stmtCat = "SELECT * FROM CAT;"; @@ -161,7 +158,7 @@ else{ ############### # # Enable to see main query statement issued! - #print $q->pre("### -> ".$stmt); + #print $cgi->pre("### -> ".$stmt); my $tfId = 0; @@ -363,10 +360,10 @@ print "
"; print '
Configure Log (Careful)
'; print "
"; -print $q->end_html; +print $cgi->end_html; $st->finish; $db->disconnect(); -$session->flush(); +undef($session); exit; ### CGI END @@ -377,14 +374,14 @@ exit; sub processSubmit { - my $date = $q->param('date'); - my $log = $q->param('log'); - my $cat = $q->param('cat'); - my $amm = $q->param('am'); + my $date = $cgi->param('date'); + my $log = $cgi->param('log'); + my $cat = $cgi->param('cat'); + my $amm = $cgi->param('am'); - my $edit_mode = $q->param('submit_is_edit'); - my $view_mode = $q->param('submit_is_view'); - my $view_all = $q->param('rs_all'); + my $edit_mode = $cgi->param('submit_is_edit'); + my $view_mode = $cgi->param('submit_is_view'); + my $view_all = $cgi->param('rs_all'); try{ @@ -438,7 +435,7 @@ try{ $dtCur = $dtCur - DateTime::Duration->new(days => 1); if($dtCur> $dt){ - print $q->p('Insert is in the past!'); + print $cgi->p('Insert is in the past!'); #Renumerate directly (not proper SQL but faster); $st = $db->prepare('select rowid from LOG ORDER BY DATE;'); $st->execute(); @@ -506,7 +503,7 @@ sub buildNavigationButtons{ sub getConfiguration{ my $st = $_[0]->prepare("SELECT * FROM CONFIG;"); - $st->execute(); + $st->execute(); while (my @r=$st->fetchrow_array()){ switch ($r[1]) { @@ -523,5 +520,35 @@ sub getConfiguration{ sub authenticate{ - return 0; +try { + + my $ct = ctime(stat($database)); + if($ct < str2time("20 Apr 2019")){ + return; + } + + + my $st =$db->prepare("SELECT * FROM AUTH WHERE alias='$userid' and passw='$password';"); + $st->execute(); + if($st->fetchrow_array()){return;} + + print $cgi->header(-expires=>"+0s", -charset=>"UTF-8"); + print $cgi->start_html(-title => "Personal Log Login", + -script=>{-type => 'text/javascript', -src => 'wsrc/main.js'}, + -style =>{-type => 'text/css', -src => 'wsrc/main.css'}, + ); + + print $cgi->center($cgi->div("Access Denied! Invalid password! alias:$userid pass:$password")); + print $cgi->end_html; + + $db->disconnect(); + $session->flush(); + exit; + +} catch{ + print $cgi->header(-expires=>"+0s", -charset=>"UTF-8"); + print $cgi->p("ERROR:".$_); + print $cgi->end_html; + exit; +} } \ No newline at end of file diff --git a/run/thttpd.pid b/run/thttpd.pid index 59b6a99..4494ce2 100644 --- a/run/thttpd.pid +++ b/run/thttpd.pid @@ -1 +1 @@ -5775 +7237 -- 2.34.1