X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=scripts%2Flogin.ml;h=1132798fc8d8ad645e29db9091897939956e46e6;hb=cd059731a60fd3d4dcf426430ad26ff227b91910;hp=533054d098572b9629967d5b5119224c56f35cb8;hpb=1f125fd7a6794f352f30de71a3905d5356a07008;p=cocanwiki.git diff --git a/scripts/login.ml b/scripts/login.ml index 533054d..1132798 100644 --- a/scripts/login.ml +++ b/scripts/login.ml @@ -1,7 +1,22 @@ -(* Easy Web Pages (EWP) scripts. +(* COCANWIKI - a wiki written in Objective CAML. * Written by Richard W.M. Jones . * Copyright (C) 2004 Merjis Ltd. - * $Id: login.ml,v 1.2 2004/09/09 09:35:33 rich Exp $ + * $Id: login.ml,v 1.11 2006/03/28 16:24:07 rich Exp $ + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file COPYING. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + * Boston, MA 02111-1307, USA. *) open Apache @@ -14,42 +29,60 @@ open Cocanwiki_ok let expires = "Wed, 18-May-2033 04:33:20 GMT" -let run r (q : cgi) (dbh : Dbi.connection) hostid _ _ = +let run r (q : cgi) dbh hostid _ _ = let username = q#param "username" in let password = q#param "password" in let permanent = try "1" = q#param "permanent" with Not_found -> false in let redirect = try q#param "redirect" with Not_found -> "/" in - let sth = dbh#prepare_cached "select id from users - where name = ? and password = ? - and hostid = ?" in - sth#execute [`String username; `String password; `Int hostid]; + let rows = PGSQL(dbh) + "select id, force_password_change from users + where name = $username and password = $password and hostid = $hostid" in - try - let userid = sth#fetch1int () in + let userid, force_password_change = + match rows with + | [] -> + error + ~title:"Bad name or password" + ~back_button:true + dbh hostid q "The name or password was wrong."; + return () + | [ row ] -> row + | _ -> assert false in - (* Create a cookie. *) - let cookie = random_sessionid () in - let sth = dbh#prepare_cached "insert into usercookies (userid, cookie) - values (?, ?)" in - sth#execute [`Int userid; `String cookie]; + (* Create a cookie. *) + let cookie = random_sessionid () in + PGSQL(dbh) "insert into usercookies (userid, cookie) + values ($userid, $cookie)"; - dbh#commit (); + PGOCaml.commit dbh; - let cookie = - if permanent then - Cookie.cookie ~name:"auth" ~value:cookie ~path:"/" ~expires () - else - Cookie.cookie ~name:"auth" ~value:cookie ~path:"/" () in + (* Force password change? *) + let redirect = + if force_password_change then "/_bin/change_password_form.cmo" + else redirect in - ok ~title:"Logged in" ~buttons:[ok_button redirect] ~cookie - q ("Welcome back " ^ username ^ ".") - with - Not_found -> - error - ~title:"Bad name or password" - ~back_button:true - q "The name or password was wrong." + let cookie = + if permanent then + Cookie.cookie "auth" cookie ~path:"/" ~expires + else + Cookie.cookie "auth" cookie ~path:"/" in + + let ok_button = ok_button redirect in + let buttons = + if redirect <> "/" && redirect <> "/index" then ( + ok_button :: + [ { Template.StdPages.label = " Home Page "; + Template.StdPages.link = "/"; + Template.StdPages.method_ = None; + Template.StdPages.params = [] } ] + ) else [ ok_button ] in + + ok ~title:"Logged in" ~buttons ~cookie + dbh hostid q + ("Welcome " ^ username ^ "." ^ + if force_password_change then " Please change your password now." + else "") let () = register_script run