1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
# Compatibility shim around VNWeb::Auth, new code should use that instead.
package VNDB::Util::Auth;
use strict;
use warnings;
use Exporter 'import';
use TUWF ':html';
use VNWeb::Auth;
our @EXPORT = qw|
authInfo authCan authGetCode authCheckCode authPref
|;
sub authInfo {
# Used to return a lot more, but only the id is still used now.
# (code using other fields has been migrated)
+{ id => auth->uid }
}
# returns whether the currently loggedin or anonymous user can perform
# a certain action.
sub authCan {
my(undef, $act) = @_;
auth && auth->{user}{"perm_$act"}
}
# Generate a code to be used later on to validate that the form was indeed
# submitted from our site and by the same user/visitor. Not limited to
# logged-in users.
# Arguments:
# form-id (ignored nowadyas)
# time (also ignored)
sub authGetCode {
auth->csrftoken;
}
# Validates the correctness of the returned code, creates an error page and
# returns false if it's invalid, returns true otherwise. Codes are valid for at
# least two and at most three hours.
# Arguments:
# [ form-id, [ code ] ]
# If the code is not given, uses the 'formcode' form parameter instead. If
# form-id is not given, the path of the current requests is used.
sub authCheckCode {
my $self = shift;
my $id = shift;
my $code = shift || $self->reqParam('formcode');
return _incorrectcode($self) if !auth->csrfcheck($code);
1;
}
sub _incorrectcode {
my $self = shift;
$self->resInit;
$self->htmlHeader(title => 'Validation code expired', noindex => 1);
div class => 'mainbox';
h1 'Validation code expired';
div class => 'warning';
p 'Please hit the back-button of your browser, refresh the page and try again.';
end;
end;
$self->htmlFooter;
return 0;
}
sub authPref {
my(undef, $key, $val) = @_;
@_ == 2 ? auth->pref($key)||'' : auth->prefSet($key, $val);
}
1;
|
