Parent Directory
| 
Revision Log
- ContentGenerator.pm is now officially the superclass to all modules called by the dispatcher to generate content. - Authen.pm now has a single point of exit, which makes it easier to read, debug, and modify - Login.pm is now a subclass of ContentGenerator, and apart from the HTML, is in it's final form. - All code has been commented up - The authentication wrapper is now a working demonstration. Anyone could stick it on a webserver and try it out. The database code isn't written, so it authenticates against hardcoded strings (username: dennis, passwd: helloworld), but this at least proves that the system is workable. --Dennis
1 package WeBWorK::Authen; 2 3 sub new($$$) { 4 my $proto = shift; 5 my $class = ref($proto) || $proto; 6 my $self = {}; 7 ($self->{r}, $self->{courseEnvironment}) = @_; 8 bless $self, $class; 9 return $self; 10 } 11 12 # verify will return 1 if the person is who they say the are. 13 # If the verification failed because of of invalid authentication data, 14 # a note will be written in the request explaining why it failed. 15 # If the request failed because no authentication data was provided, however, 16 # no note will be written, as this is expected to happen whenever someone 17 # types in a URL manually, and is not considered an error condition. 18 sub verify($) { 19 # Definition: "magic data": passwd or key 20 my $self = shift; 21 my $r = $self->{r}; 22 23 my $user = $r->param('user'); 24 my $passwd = $r->param('passwd'); 25 my $key = $r->param('key'); 26 27 # Get this out of the way first thing. We don't want anything else 28 # having access to this. It's bad enough that it goes over the wire 29 # plaintext. 30 $r->param('passwd',undef); 31 32 my $return, $error; 33 34 # The first part of this big conditional checks to make that we have 35 # all of the form info that we need. It's pretty boring. The kooky 36 # authen stuff comes after that. 37 if (!defined $user && !defined $passwd && !defined $key) { 38 # The user hasn't even had a chance to say who he is, so we 39 # can't hold it against him that we don't know. 40 undef $error; 41 $return = 0; 42 } elsif (!$user) { 43 $error = "You must specify a username"; 44 $return = 0; 45 } elsif (!$passwd && !$key) { 46 $error = "You must enter a password"; 47 $return = 0; 48 } 49 # OK, we're done with the trivia. Now lets authenticate. 50 # This is the part that will get rewritten after Sam finishes 51 # his work on the database stuff. 52 elsif ($user ne "dennis") { 53 $error = "Unknown user"; 54 $return = 0; 55 } elsif ($passwd) { 56 if ($passwd eq "helloworld") { 57 $r->param('key','tH1siS@pH0n3Yk3y'); 58 $return = 1; 59 } else { 60 $error = "Incorrect password"; 61 $return = 0; 62 } 63 } elsif ($key) { 64 if ($key eq 'tH1siS@pH0n3Yk3y') { 65 $return = 1; 66 } else { 67 $error = "Your session has expired. You must re-login"; 68 $return = 0; 69 } 70 } else { 71 $error = "Unexpected authentication error!"; 72 $return = 0; 73 } 74 75 76 $r->notes("authen_error",$error); 77 return $return; 78 79 # Whatever you do, don't delete this! 80 critical($r); 81 } 82 83 1;
| aubreyja at gmail dot com | ViewVC Help |
| Powered by ViewVC 1.0.9 |