diff options
author | Christian Pointner <equinox@helsinki.at> | 2014-09-18 14:49:46 (GMT) |
---|---|---|
committer | Christian Pointner <equinox@helsinki.at> | 2014-09-18 14:49:46 (GMT) |
commit | a6fb1a8e95126a33fd742ff014bc813e9fa20be4 (patch) | |
tree | 07dca6b3ac4123a2b2cc6a931813ff95ff45cae3 | |
parent | d2df76a89f29acd03383da6a76839435c51e8621 (diff) |
added check_token routine
-rwxr-xr-x | authtoken.json | 9 | ||||
-rwxr-xr-x | lib/rddb.pm | 31 |
2 files changed, 31 insertions, 9 deletions
diff --git a/authtoken.json b/authtoken.json index dbdc64a..c080028 100755 --- a/authtoken.json +++ b/authtoken.json @@ -10,8 +10,13 @@ my $errorstring = 'unknown'; my $username = ''; my $token = ''; if(defined $ENV{REMOTE_USER}) { - ($token, $status, $errorstring) = rddb::get_token($ENV{REMOTE_USER}); - $username = $ENV{REMOTE_USER}; + my $dbh; + ($dbh, $status, $errorstring) = rddb::opendb(); + if(defined $dbh) { + ($token, $status, $errorstring) = rddb::get_token($dbh, $ENV{REMOTE_USER}); + $username = $ENV{REMOTE_USER}; + rddb::closedb($dbh); + } } else { $errorstring = 'no username defined - are you logged in?'; } diff --git a/lib/rddb.pm b/lib/rddb.pm index a7506a2..c12ea26 100755 --- a/lib/rddb.pm +++ b/lib/rddb.pm @@ -32,12 +32,7 @@ sub closedb sub get_token { - my $username = shift; - - my ($dbh, $state, $errorstring) = opendb(); - unless(defined $dbh) { - return ('', $state, $errorstring); - } + my ($dbh, $username) = @_; my $sth = $dbh->prepare('select PASSWORD from USERS where LOGIN_NAME = ?') or return ('', 'ERROR', "Database Error: " . $dbh->errstr); @@ -47,7 +42,6 @@ sub get_token my ($token) = $sth->fetchrow_array; $sth->finish(); - closedb($dbh); unless(defined $token) { return ('', 'ERROR', "user '" . $username . "' not known by rivendell") @@ -55,4 +49,27 @@ sub get_token return ($token, 'OK', 'success'); } +sub check_token +{ + my ($dbh, $username, $token) = @_; + + my $sth = $dbh->prepare('select PASSWORD from USERS where LOGIN_NAME = ?') + or return (0, 'ERROR', "Database Error: " . $dbh->errstr); + + $sth->execute($username) + or return (0, 'ERROR', "Database Error: " . $sth->errstr); + + my ($token_result) = $sth->fetchrow_array; + $sth->finish(); + + unless(defined $token_result) { + return (0, 'ERROR', "user '" . $username . "' not known by rivendell") + } + + if($token_result == $token) { + return (1, 'OK', 'success'); + } + return (0, 'ERROR', "wrong password"); +} + return 1; |