From a6fb1a8e95126a33fd742ff014bc813e9fa20be4 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@helsinki.at>
Date: Thu, 18 Sep 2014 14:49:46 +0000
Subject: added check_token routine


diff --git a/authtoken.json b/authtoken.json
index dbdc64a..c080028 100755
--- a/authtoken.json
+++ b/authtoken.json
@@ -10,8 +10,13 @@ my $errorstring = 'unknown';
 my $username = '';
 my $token = '';
 if(defined $ENV{REMOTE_USER}) {
-  ($token, $status, $errorstring) = rddb::get_token($ENV{REMOTE_USER});
-  $username = $ENV{REMOTE_USER};
+  my $dbh;
+  ($dbh, $status, $errorstring) = rddb::opendb();
+  if(defined $dbh) {
+    ($token, $status, $errorstring) = rddb::get_token($dbh, $ENV{REMOTE_USER});
+    $username = $ENV{REMOTE_USER};
+    rddb::closedb($dbh);
+  }
 } else {
   $errorstring = 'no username defined - are you logged in?';
 }
diff --git a/lib/rddb.pm b/lib/rddb.pm
index a7506a2..c12ea26 100755
--- a/lib/rddb.pm
+++ b/lib/rddb.pm
@@ -32,12 +32,7 @@ sub closedb
 
 sub get_token
 {
-  my $username = shift;
-
-  my ($dbh, $state, $errorstring) = opendb();
-  unless(defined $dbh) {
-    return ('', $state, $errorstring);
-  }
+  my ($dbh, $username) = @_;
 
   my $sth = $dbh->prepare('select PASSWORD from USERS where LOGIN_NAME = ?')
     or return ('', 'ERROR', "Database Error: " . $dbh->errstr);
@@ -47,7 +42,6 @@ sub get_token
 
   my ($token) = $sth->fetchrow_array;
   $sth->finish();
-  closedb($dbh);
 
   unless(defined $token) {
     return ('', 'ERROR', "user '" . $username . "' not known by rivendell")
@@ -55,4 +49,27 @@ sub get_token
   return ($token, 'OK', 'success');
 }
 
+sub check_token
+{
+  my ($dbh, $username, $token) = @_;
+
+  my $sth = $dbh->prepare('select PASSWORD from USERS where LOGIN_NAME = ?')
+    or return (0, 'ERROR', "Database Error: " . $dbh->errstr);
+
+  $sth->execute($username)
+    or return (0, 'ERROR', "Database Error: " . $sth->errstr);
+
+  my ($token_result) = $sth->fetchrow_array;
+  $sth->finish();
+
+  unless(defined $token_result) {
+    return (0, 'ERROR', "user '" . $username . "' not known by rivendell")
+  }
+  
+  if($token_result == $token) {
+    return (1, 'OK', 'success');
+  }
+  return (0, 'ERROR', "wrong password");
+}
+
 return 1;
-- 
cgit v0.10.2