From 3f7830de7012e45d4508f41eda4e675159d2cc44 Mon Sep 17 00:00:00 2001
From: Mike Mason <ms13sp@gmail.com>
Date: Sat, 26 Jan 2008 16:39:08 +0000
Subject: Changes effect only the log in|out functions. Will work now. Next
 working on updating to prevent misuse of the login function.

git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@656 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 app/acf-util/logon-model.lua | 58 ++++++++++++++++++++++++++++++++++++++------
 1 file changed, 51 insertions(+), 7 deletions(-)

(limited to 'app/acf-util/logon-model.lua')

diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua
index 839c989..5eaf93b 100644
--- a/app/acf-util/logon-model.lua
+++ b/app/acf-util/logon-model.lua
@@ -5,6 +5,11 @@ module (..., package.seeall)
 require ("session")
 require ("html")
 
+--varibles for time in case of logons,expired,lockouts
+minutes_expired_events=30
+minutes_count_events=30
+limit_count_events=10
+
 -- load an authenticator
 -- FIXME: use an "always true" as default?
 
@@ -16,7 +21,49 @@ else
 end
 
 
-logon = function (self, id, password )
+logon = function (self, id_user, password_user,sessdata )
+session.expired_events(conf.sessiondir, minutes_expired_events)
+local userid=cfe({ name="userid",type="text" })
+local password=cfe({ name="password" ,type="password"})
+local logon=cfe({ name="Logon", type="submit"})
+local s = ""
+
+if session.check_session(conf.sessiondir, sessdata) ~= "an unknown user" then
+userid.errtxt="Currently logged onto the system. Please Logoff"
+end
+
+	if id_user and password_user then
+		if auth.authenticate (self, id_user, password_user) then
+			local t = auth.get_userinfo (self, id_user)
+			sessiondata.id = session.random_hash(512)
+			sessiondata.userinfo = t or {}
+			self.conf.prefix="/acf-util/"
+			self.conf.action="status"
+			self.conf.type="redir"
+			self.conf.controller="logon"
+			error(self.conf)
+		else
+		userid.errtxt = "Invalid Attempt"
+		session.record_event(conf.sessiondir, id_user)
+	return (cfe {type="form",
+		option={script=ENV["SCRIPT_NAME"],
+		prefix=self.conf.prefix,
+		controller=self.conf.controller,
+		action="logon" },
+		value={userid,password,logon} 
+		})
+		end
+	else
+	return ( cfe{ type="form",
+	option={script=ENV["SCRIPT_NAME"],
+	prefix=self.conf.prefix,
+	controller=self.conf.controller,
+	action="logon" } ,
+	value={userid,password,logon}
+	})
+	end
+end
+		
 	-- logged on?
 	--	record event and ignore the attempt
 	-- too many attempts for this ip?
@@ -27,12 +74,8 @@ logon = function (self, id, password )
 	--	record event and ignore the attempt
 	-- All ok?
 	--	look up their role, issue new session
-	if auth.authenticate (self, id, password) then
-		return auth.get_userinfo (self, id)
-	else
-		return nil
-	end
-end
+	
+	--this goes through and will return true or false if limit reached
 
 logoff = function (self, sessdata)
 	-- sessionid invalid?
@@ -61,3 +104,4 @@ status = function(self, sessdata)
 	checkme = session.check_session(self.conf.sessiondir,sessdata)	
 	return ( cfe { checkme={value=checkme,name="checkme"}, sessid={value=sessid,name="sessid" } })	
 end
+
-- 
cgit v1.2.3