From ad9d0c8ec7ecb1063f197c8cd4e5b5ff18b93fbe Mon Sep 17 00:00:00 2001 From: Metabox Date: Mon, 22 Apr 2019 06:37:38 +1000 Subject: [PATCH] Implemented authentication. --- htdocs/cgi-bin/login_ctr.cgi | 17 +++++++---------- htdocs/cgi-bin/main.cgi | 26 +++++++++++++++++--------- 2 files changed, 24 insertions(+), 19 deletions(-) diff --git a/htdocs/cgi-bin/login_ctr.cgi b/htdocs/cgi-bin/login_ctr.cgi index 620f013..80ac675 100755 --- a/htdocs/cgi-bin/login_ctr.cgi +++ b/htdocs/cgi-bin/login_ctr.cgi @@ -15,15 +15,14 @@ use DateTime; use DateTime::Format::SQLite; use DateTime::Duration; use Text::CSV; -use Crypt::CBC; -use Crypt::IDEA; + #DEFAULT SETTINGS HERE! our $REC_LIMIT = 25; our $TIME_ZONE = 'Australia/Sydney'; our $PRC_WIDTH = '60'; our $LOG_PATH = '../../dbLifeLog/'; -our $SESSN_EXPR = '+2m'; +our $SESSN_EXPR = '+12m'; our $RELEASE_VER = '1.3'; #END OF SETTINGS @@ -40,10 +39,9 @@ my $passw = $cgi->param('passw'); my $frm; -#This is the OS developer release key and cipher, replace on istallation. As it is not secure. -my $cipher_key = '95d7a85ba891da896d0d87aca6d742d5'; -my $cipher = new Crypt::CBC({key => $cipher_key, cipher => 'IDEA'}); - +#This is the OS developer release key, replace on istallation. As it is not secure. +my $cipher_key = '95d7a85ba891da'; + if(&processSubmit==0){ print $cgi->header(-expires=>"0s", -charset=>"UTF-8", -cookie=>$cookie); @@ -88,14 +86,13 @@ sub processSubmit{ try{ if($alias&&$passw){ - $passw = $cipher->encrypt_hex($passw); + $passw = uc crypt $passw, hex $cipher_key; &checkCreateTables; #ssion = CGI::Session->load(); $session->param('alias', $alias); $session->param('passw', $passw); $session->param('database', 'data_'.$alias.'_log.db'); - $session->flush(); - #print $cgi->redirect('main.cgi'."?CGISESSID=$sid"); + $session->flush(); print $cgi->header(-expires=>"0s", -charset=>"UTF-8", -cookie=>$cookie, -location=>"main.cgi"); return 1; } diff --git a/htdocs/cgi-bin/main.cgi b/htdocs/cgi-bin/main.cgi index 62b7b96..98a0807 100755 --- a/htdocs/cgi-bin/main.cgi +++ b/htdocs/cgi-bin/main.cgi @@ -502,28 +502,36 @@ sub buildNavigationButtons{ sub authenticate{ try { - my $ct = ctime(stat($database)); - if($ct < str2time("20 Apr 2019")){ - return; - } - - my $st =$db->prepare("SELECT * FROM AUTH WHERE alias='$userid' and passw='$password';"); $st->execute(); if($st->fetchrow_array()){return;} + + #Check if passw has been wiped for reset? + $st =$db->prepare("SELECT * FROM AUTH WHERE alias='$userid';"); + $st->execute(); + my @w = $st->fetchrow_array(); + if(@w && $w[1]==""){ + #Wiped with -> UPDATE AUTH SET passw='' WHERE alias='$userid'; + $st =$db->prepare("UPDATE AUTH SET passw='$password' WHERE alias='$userid';"); + $st->execute(); + return; + } + + print $cgi->header(-expires=>"+0s", -charset=>"UTF-8"); print $cgi->start_html(-title => "Personal Log Login", - -script=>{-type => 'text/javascript', -src => 'wsrc/main.js'}, - -style =>{-type => 'text/css', -src => 'wsrc/main.css'}, + -script=>{-type => 'text/javascript', -src => 'wsrc/main.js'}, + -style =>{-type => 'text/css', -src => 'wsrc/main.css'}, ); - print $cgi->center($cgi->div("Access Denied! Invalid password! alias:$userid pass:$password")); + print $cgi->center($cgi->div("Access Denied! alias:$userid pass:$password")); print $cgi->end_html; $db->disconnect(); $session->flush(); exit; + } catch{ print $cgi->header(-expires=>"+0s", -charset=>"UTF-8"); -- 2.34.1