Thread Ohne Cockies (33 answers)
Opened by jan10001 at 2003-08-16 12:38

pktm
 2003-08-17 00:22
#28934 #28934
User since
2003-08-07
2921 articles
BenutzerIn
[Homepage]
user image
Da dachte ich mir, poste ich auch noch gleich den Code:
Code: (dl )
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
...
use constant SESSION_TIME => '60000'; #ms
...
# ---- CGI
my $cgi = CGI->new();
my $query = $cgi->Vars();
# ---- SETTINGS
my %subs = ();
$subs{relative_url} = $cgi->url(-relative=>1);
$subs{full_url} = $cgi->url(-full=>1);
...
print $cgi->header(-charset=>'ISO-8859-1',
                  -expires=>'+1s',
                  -type=>'text/html',
                  );

if( (exists $query->{sid})                                                      # wenn session existiert
and validate_session( $query->{sid} ) ){                                          # und gültig ist
       #session verlängern
       $query->{sid} = time() . "XY" . (split /XY/, $query->{sid})[1];
       #settings
       $subs{self} = $subs{relative_url} . '?sid=' . $query->{sid} . '&file=' . $query->{file};
       $subs{query} = '?sid=' . $query->{sid} . '&file=' . $query->{file};
       $subs{domain} = "http://" . DOMAIN;
       $subs{sid} = $query->{sid};
       $subs{file} = $query->{file};
...
}else{ #wenn keine session existiert / session nicht gültig ist
       if( exists $query->{action}
       and $query->{action} eq "login"
       and main::validate_login($query->{usn}, $query->{pwd}) ){
           $query->{sid} = time() . "XY" . rand(1);
           $query->{sid} =~ s/\./PT/g;
           #settings
           $subs{self} = $subs{relative_url} . '?sid=' . $query->{sid} . '&file=' . $query->{file};
           $subs{query} = '?sid=' . $query->{sid} . '&file=' . $query->{file};
           $subs{domain} = "http://" . DOMAIN;
           # erstes einloggen => INDEX
           print qq~<h1>Login korrekt!</h1>~;
           print qq~<p><a href="$subs{self}">weiter &gt;&gt;&gt;</a></p>~;
           print qq~<p>SID: $query->{sid}</p>~;
           print qq~<p>file: $query->{file}</p>~;
       }else{
           print $loginForm;
       }
}
exit( 1 );
...
# --------------------------------------------------------
# SUBS
# --------------------------------------------------------
sub validate_login{
# ---- usage
# if( validate_login( $query->{usn}, $query->{pwd} ) ){ print "Login ok!\n"; }
# ---- requirements
# modul: Crypt::PasswdMD5
# $passfile -> File mit USN|PWD(cryptedBy: Crypt::PasswdMD5)\n
   my ($usn, $pwd) = @_;
   my $return = 0;
   open(DAT, $passfile) || die "$! ($passfile)";
   flock DAT, 1 if UNIX;
   my @passfile = <DAT>;
   close(DAT);
   foreach ( @passfile ){
       chomp $_;
       if( $usn eq (split /\|/,$_)[0] ){
           if (unix_md5_crypt($pwd, (split /\|/,$_)[1])
              eq (split /\|/,$_)[1] ) {
               # Passwort in Ordnung
               $return = 1;
           }else{
               $return = 0;
           }
       }else{
           $return = 0;
       }
   }
   return $return;
}
# --------------------------------------------------------
sub validate_session{
# ---- usage
# if( validate_session( $sessionDataToValidate ) ){ print "Session Ok!\n"; }
# ----
# prüfen, ob gültige sid: a)muster b)haltbarkeit
   my $session = $_[0];
   my $return = 0;
   if( $session =~ /\d{10}XY\d*PT\d{10}/
   and (split /XY/, $session)[0] > time() - SESSION_TIME ){
           $return = 1;
   }
   return $return;
}
# --------------------------------------------------------

Müsste so in etwa stimmen.
mfg pktm\n\n

<!--EDIT|pktm|1061065495-->
http://www.intergastro-service.de (mein erstes CMS :) )

View full thread Ohne Cockies