diff options
| author | 3dB <3db@3decibels.net> | 2009-07-24 03:40:23 -0400 |
|---|---|---|
| committer | 3dB <3db@3decibels.net> | 2009-07-24 03:40:23 -0400 |
| commit | a1fc2a9a103e0f426ac4e496200408a2deccaaf0 (patch) | |
| tree | d19e8f0e867341cfe53dd1f6891689a66ad6c8a2 | |
| parent | 54e93c0f6b1ef23516d7c7ba88efaa601e7318cc (diff) | |
Checkin of auth rewrite progress.
Added a new DB library for handling sessions.
New update SQL file for database changes.
Added a line to the global config file to set a global salt. It is separate
from the cookie_key because it is much more important that it not be changed.
| -rw-r--r-- | data/global.pl | 1 | ||||
| -rw-r--r-- | lib/VNDB/DB/Sessions.pm | 43 | ||||
| -rw-r--r-- | util/updates/update_2.6.sql | 14 |
3 files changed, 58 insertions, 0 deletions
diff --git a/data/global.pl b/data/global.pl index 7f3ab7a2..a1835d0a 100644 --- a/data/global.pl +++ b/data/global.pl @@ -21,6 +21,7 @@ our %S = (%S, skin_default => 'angel', cookie_domain => '.vndb.org', cookie_key => 'any-private-string-here', + global_salt => 'another-private-string-here', source_url => 'http://git.blicky.net/vndb.git/?h=master', admin_email => 'contact@vndb.org', sharedmem_key => 'VNDB', diff --git a/lib/VNDB/DB/Sessions.pm b/lib/VNDB/DB/Sessions.pm new file mode 100644 index 00000000..031c5ac3 --- /dev/null +++ b/lib/VNDB/DB/Sessions.pm @@ -0,0 +1,43 @@ + +package VNDB::DB::Sessions; + +use strict; +use warnings; +use Exporter 'import'; + +our @EXPORT = qw| dbSessionAdd dbSessionDel dbSessionCheck |; + + +# uid, 40 character session token, expiration time (int) +sub dbSessionAdd { + my($s, @o) = @_; + $s->dbExec(q|INSERT INTO sessions (uid, token, expiration) VALUES(?, ?, ?)|, + @o[0..2]); +} + + +# Deletes session(s) from the database +# If no token is supplied, all sessions for the uid are destroyed +# uid, token (optional) +sub dbSessionDel { + my($s, @o) = @_; + if (defined $o[1]) { + $s->dbExec(q|DELETE FROM sessions WHERE uid = ? AND token = ?|, + @o[0..1]); + } else { + $s->dbExec(q|DELETE FROM sessions WHERE uid = ?|, + $o[0]); + } +} + + +# Queries the database for the validity of a session +# Returns 1 if corresponding session found, 0 if not +# uid, token +sub dbSessionCheck { + my($s, @o) = @_; + return $s->dbRow(q|SELECT count(uid) AS count FROM sessions WHERE uid = ? AND token = ? LIMIT 1|, @o); +} + + +1; diff --git a/util/updates/update_2.6.sql b/util/updates/update_2.6.sql new file mode 100644 index 00000000..6d38c8b8 --- /dev/null +++ b/util/updates/update_2.6.sql @@ -0,0 +1,14 @@ + +-- Create table for session data storage + +CREATE TABLE sessions ( + uid integer NOT NULL REFERENCES users(id) ON UPDATE CASCADE ON DELETE CASCADE, + token character(40) NOT NULL, + expiration bigint DEFAULT 0 NOT NULL, + PRIMARY KEY (uid, token) +); + +-- Add column to users for salt storage + +ALTER TABLE users ADD COLUMN salt character(9) NOT NULL DEFAULT 0; + |