diff options
| author | Mike Mason <ms13sp@gmail.com> | 2008-01-26 16:39:08 +0000 |
|---|---|---|
| committer | Mike Mason <ms13sp@gmail.com> | 2008-01-26 16:39:08 +0000 |
| commit | 3f7830de7012e45d4508f41eda4e675159d2cc44 (patch) | |
| tree | 2a04ef8da642753035953577c1864c6f4ca64174 /app/acf-util/logon-model.lua | |
| parent | 8a2b52812304fb5a936a6a894df6ab1f40a0bda6 (diff) | |
| download | acf-core-3f7830de7012e45d4508f41eda4e675159d2cc44.tar.bz2 acf-core-3f7830de7012e45d4508f41eda4e675159d2cc44.tar.xz | |
Changes effect only the log in|out functions. Will work now. Next working on updating to prevent misuse of the login function.
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@656 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'app/acf-util/logon-model.lua')
| -rw-r--r-- | app/acf-util/logon-model.lua | 58 |
1 files changed, 51 insertions, 7 deletions
diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua index 839c989..5eaf93b 100644 --- a/app/acf-util/logon-model.lua +++ b/app/acf-util/logon-model.lua @@ -5,6 +5,11 @@ module (..., package.seeall) require ("session") require ("html") +--varibles for time in case of logons,expired,lockouts +minutes_expired_events=30 +minutes_count_events=30 +limit_count_events=10 + -- load an authenticator -- FIXME: use an "always true" as default? @@ -16,7 +21,49 @@ else end -logon = function (self, id, password ) +logon = function (self, id_user, password_user,sessdata ) +session.expired_events(conf.sessiondir, minutes_expired_events) +local userid=cfe({ name="userid",type="text" }) +local password=cfe({ name="password" ,type="password"}) +local logon=cfe({ name="Logon", type="submit"}) +local s = "" + +if session.check_session(conf.sessiondir, sessdata) ~= "an unknown user" then +userid.errtxt="Currently logged onto the system. Please Logoff" +end + + if id_user and password_user then + if auth.authenticate (self, id_user, password_user) then + local t = auth.get_userinfo (self, id_user) + sessiondata.id = session.random_hash(512) + sessiondata.userinfo = t or {} + self.conf.prefix="/acf-util/" + self.conf.action="status" + self.conf.type="redir" + self.conf.controller="logon" + error(self.conf) + else + userid.errtxt = "Invalid Attempt" + session.record_event(conf.sessiondir, id_user) + return (cfe {type="form", + option={script=ENV["SCRIPT_NAME"], + prefix=self.conf.prefix, + controller=self.conf.controller, + action="logon" }, + value={userid,password,logon} + }) + end + else + return ( cfe{ type="form", + option={script=ENV["SCRIPT_NAME"], + prefix=self.conf.prefix, + controller=self.conf.controller, + action="logon" } , + value={userid,password,logon} + }) + end +end + -- logged on? -- record event and ignore the attempt -- too many attempts for this ip? @@ -27,12 +74,8 @@ logon = function (self, id, password ) -- record event and ignore the attempt -- All ok? -- look up their role, issue new session - if auth.authenticate (self, id, password) then - return auth.get_userinfo (self, id) - else - return nil - end -end + + --this goes through and will return true or false if limit reached logoff = function (self, sessdata) -- sessionid invalid? @@ -61,3 +104,4 @@ status = function(self, sessdata) checkme = session.check_session(self.conf.sessiondir,sessdata) return ( cfe { checkme={value=checkme,name="checkme"}, sessid={value=sessid,name="sessid" } }) end + |