Changeset 225
- Timestamp:
- 09/18/04 22:32:45 (9 years ago)
- Location:
- trunk/wifidog-auth
- Files:
-
- 5 modified
-
ChangeLog (modified) (1 diff)
-
wifidog/auth/index.php (modified) (4 diffs)
-
wifidog/config.php (modified) (1 diff)
-
wifidog/login/index.php (modified) (1 diff)
-
wifidog/user_management/index.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/wifidog-auth/ChangeLog
r224 r225 1 1 # $Header$ 2 2004-09-18 Benoit Gr�goire <bock@step.polymtl.ca> 3 * wifidog/config.php: Add VALIDATION_GRACE_TIME configuration parameter. 4 * wifidog/auth/index.php: Move grace time date arithmetics to the database, fixes validation period not working. Stop storing VALIDATION_FAILES status to the database. Add check for validation period expiration at stage login, not just stage counters, this will fix one minute validation period. 5 * wifidog/login/index.php: Check validation period activation, and if period is expired, explain to the user instead of redirecting to the gateway. 6 * wifidog/user_management/index.php: Fix SQL error at new user registration. 7 2 8 2004-09-02 Benoit Gr�goire <bock@step.polymtl.ca> 3 9 * wifidog/node_list.php: Complete the status page -
trunk/wifidog-auth/wifidog/auth/index.php
r206 r225 29 29 $auth_response = ACCOUNT_STATUS_DENIED; 30 30 $auth_message = ''; 31 31 32 $token = $db->EscapeString($_REQUEST['token']); 32 $db->ExecSqlUniqueRes("SELECT * FROM users,connections WHERE users.user_id=connections.user_id AND connections.token='$token'", $info, false);33 $db->ExecSqlUniqueRes("SELECT *, CASE WHEN ((NOW() - reg_date) > interval '".VALIDATION_GRACE_TIME." minutes') THEN true ELSE false END AS validation_grace_time_expired FROM users,connections WHERE users.user_id=connections.user_id AND connections.token='$token'", $info, false); 33 34 if ($info != null) 34 35 { … … 37 38 if ($info['token_status'] == TOKEN_UNUSED) 38 39 { 40 /* This is for the 15 minutes validation period, the exact same code is also present in when the stage is counters. If you update this one don't forget to update the other one! */ 41 if (($info['account_status'] == ACCOUNT_STATUS_VALIDATION) && ($info['validation_grace_time_expired']=='t')) 42 { 43 $auth_response = ACCOUNT_STATUS_VALIDATION_FAILED; 44 $auth_message .= "| The validation grace period which began at ".$info['reg_date']." has now expired. "; 45 } 46 else 47 { 48 49 39 50 $auth_response = $info['account_status']; 40 51 /* Login the user */ … … 58 69 . "WHERE token_status='" . TOKEN_UNUSED . "' AND user_id = '{$info['user_id']}';\n"; 59 70 $db->ExecSqlUpdate($sql, false); 71 } 60 72 } 61 73 else … … 79 91 if ($info['token_status'] == TOKEN_INUSE) 80 92 { 81 /* This is for the 15 minutes validation period */82 if (($info['account_status'] == ACCOUNT_STATUS_VALIDATION) && ( time() >= (strtotime($info['reg_date']) + (60*15))))93 /* This is for the 15 minutes validation period, the exact same code is also present in when the stage is login. If you update this one don't forget to update the other one! */ 94 if (($info['account_status'] == ACCOUNT_STATUS_VALIDATION) && ($info['validation_grace_time_expired']=='t')) 83 95 { 84 96 $auth_response = ACCOUNT_STATUS_VALIDATION_FAILED; 85 $db->ExecSqlUpdate("UPDATE users SET account_status='".ACCOUNT_STATUS_VALIDATION_FAILED."' WHERE user_id='{$info['user_id']}'"); 86 $auth_message .= "| The validation period has now expired. "; 97 $auth_message .= "| The validation grace period which began at ".$info['reg_date']." has now expired. "; 87 98 } 88 99 else -
trunk/wifidog-auth/wifidog/config.php
r206 r225 18 18 define('VALIDATION_EMAIL_FROM_ADDRESS', 'validation@yourdomain.org'); 19 19 define('VALIDATION_EMAIL_SUBJECT', HOTSPOT_NETWORK_NAME.' new user validation'); 20 define('VALIDATION_GRACE_TIME', 20); /**< Number of minutes after new account creation during which internet access is available to validate your account. Once elapsed, you have to validate from home... */ 20 21 define('LOST_PASSWORD_EMAIL_SUBJECT', HOTSPOT_NETWORK_NAME.' new password request'); 21 22 define('LOST_USERNAME_EMAIL_SUBJECT', HOTSPOT_NETWORK_NAME.' lost username request'); -
trunk/wifidog-auth/wifidog/login/index.php
r216 r225 48 48 $user = $db->EscapeString($_REQUEST['user']); 49 49 $password_hash = get_password_hash($_REQUEST['pass']); 50 $db->ExecSqlUniqueRes("SELECT * FROM users WHERE (user_id='$user' OR email='$user') AND pass='$password_hash'", $user_info, false);50 $db->ExecSqlUniqueRes("SELECT *, CASE WHEN ((NOW() - reg_date) > interval '".VALIDATION_GRACE_TIME." minutes') THEN true ELSE false END AS validation_grace_time_expired FROM users WHERE (user_id='$user' OR email='$user') AND pass='$password_hash'", $user_info, false); 51 51 52 52 if ($user_info != null) 53 53 { 54 $token = gentoken(); 55 if ($_REQUEST['gw_id']) 54 if (($user_info['account_status'] == ACCOUNT_STATUS_VALIDATION) && ($user_info['validation_grace_time_expired']=='t')) 56 55 { 57 $node_id = $db->EscapeString($_REQUEST['gw_id']); 56 $login_successfull=false; 57 $validation_grace_time = VALIDATION_GRACE_TIME; 58 $login_failed_message = _("Sorry, your $validation_grace_time minutes grace period to retrieve your email and validate your account has now expired. ($validation_grace_time min grace period started on $user_info[reg_date]). You will have to connect to the internet and validate your account from another location."); 58 59 } 59 if ($_SERVER['REMOTE_ADDR'])60 else 60 61 { 61 $node_ip = $db->EscapeString($_SERVER['REMOTE_ADDR']); 62 $token = gentoken(); 63 if ($_REQUEST['gw_id']) 64 { 65 $node_id = $db->EscapeString($_REQUEST['gw_id']); 66 } 67 if ($_SERVER['REMOTE_ADDR']) 68 { 69 $node_ip = $db->EscapeString($_SERVER['REMOTE_ADDR']); 70 } 71 $db->ExecSqlUpdate("INSERT INTO connections (user_id, token, token_status, timestamp_in, node_id, node_ip, last_updated) VALUES ('{$user_info['user_id']}', '$token', '" . TOKEN_UNUSED . "', NOW(), '$node_id', '$node_ip', NOW())"); 72 73 $login_successfull=true; 74 $security->login($user, $password_hash); 75 header("Location: http://" . $_REQUEST['gw_address'] . ":" . $_REQUEST['gw_port'] . "/wifidog/auth?token=$token"); 62 76 } 63 $db->ExecSqlUpdate("INSERT INTO connections (user_id, token, token_status, timestamp_in, node_id, node_ip, last_updated) VALUES ('{$user_info['user_id']}', '$token', '" . TOKEN_UNUSED . "', NOW(), '$node_id', '$node_ip', NOW())");64 65 $login_successfull=true;66 $security->login($user, $password_hash);67 header("Location: http://" . $_REQUEST['gw_address'] . ":" . $_REQUEST['gw_port'] . "/wifidog/auth?token=$token");68 77 } 69 78 else 70 79 { 71 80 $user_info = null; 81 /* This is only used to discriminate if the problem was a non-existent user of a wrong password. */ 72 82 $db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$user' OR email='$user'", $user_info, false); 73 83 if($user_info == null) -
trunk/wifidog-auth/wifidog/user_management/index.php
r222 r225 574 574 $status = ACCOUNT_STATUS_VALIDATION; 575 575 $token = gentoken(); 576 $reg_date = time();577 576 $password_hash = get_password_hash($pass); 578 $update_successful = $db->ExecSqlUpdate("INSERT INTO users (user_id,email,pass,account_status,validation_token,reg_date) VALUES ('$username','$email','$password_hash','{$status}','{$token}', '{$reg_date}')");577 $update_successful = $db->ExecSqlUpdate("INSERT INTO users (user_id,email,pass,account_status,validation_token,reg_date) VALUES ('$username','$email','$password_hash','{$status}','{$token}',NOW())"); 579 578 if ($update_successful) 580 579 {
