Menu
▾
▴
[popfile-commit] engine/Classifier Bayes.pm,1.340,1.341
|
From: John Graham-C. <jgr...@us...> - 2005-02-15 04:24:30
|
Update of /cvsroot/popfile/engine/Classifier In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20142/Classifier Modified Files: Bayes.pm Log Message: More work on v0.23.0 (Multi-user Support) Switch to using Cookies to keep client-side state concerning the current connection to POPFile's UI. Implement encrypted cookies and a login page that allow multiple users to be connected to POPFile's UI at the same time. Currently, it's possible to create users and login as people other than admin, but there's not a lot you can do with the users that are created. For the time being just login as admin (no password). My next commit will make multi-user mode actually work: there will be ability to logout, associations between POP3 accounts and POPFile users... DO NOT USE THIS FOR ANYTHING MORE THAN LOGGING IN AS ADMIN RIGHT NOW; STRANGE THINGS MAY HAPPEN! --- Classifer/Bayes.pm: Make API sessions keys much more robust and unlikely to clash by generating them randomly using a good random number source and using a long secure hash instead of my old system. UI/HTML.pm: New functions for cookie handling: handle_cookie__ (to deal with a received cookie), set_cookie__ (to send a cookie back to the client). password_page now asks for a username as well as a password and handle the creation of the API session and redirection with cookie. Remove the old api_session__ and replace with the sessions__ hash used to keep track of current sessions. Return the Set-Cookie: header. No hard-coded user '1' anywhere, all that is replaced with the user id derived by looking up the current session in the sessions__ hash. UI/HTTP.pm: New APIs decrypt_cookie__ and encrypt_cookie__ to handle encryption and decryption of cookies (with wrapping in base 64 for safety). Use Blowfish encryption with a randomly generated key each time POPFile is started. skins/default/*.thtml: Remove references to the old Session_Key (session= and hidden inputs) because it is no longer needed at all. skins/default/password-page.thtml: Password page now has a user name field and does not have an error message hard coded. skins/default/common-middle.thtml: The shutdown link is only available to admins, the tabs and shutdown are only available if you are logged in. skins/default/common-bottom.thtml: No information at all until you are logged in. languages/English.msg: Additional strings needed for the password page. Index: Bayes.pm =================================================================== RCS file: /cvsroot/popfile/engine/Classifier/Bayes.pm,v retrieving revision 1.340 retrieving revision 1.341 diff -C2 -d -r1.340 -r1.341 *** Bayes.pm 13 Feb 2005 02:16:33 -0000 1.340 --- Bayes.pm 15 Feb 2005 04:23:50 -0000 1.341 *************** *** 39,44 **** --- 39,47 ---- use DBI; use Digest::MD5 qw( md5_hex ); + use Digest::SHA qw( sha256_hex ); use MIME::Base64; + use Crypt::Random::Generator; + # This is used to get the hostname of the current machine # in a cross platform way *************** *** 1438,1465 **** my ( $self ) = @_; ! my @chars = ( 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', # PROFILE BLOCK START ! 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'U', 'V', 'W', 'X', 'Y', ! 'Z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A' ); # PROFILE BLOCK STOP ! ! my $session; ! ! do { ! $session = ''; ! my $length = int( 16 + rand(4) ); ! ! for my $i (0 .. $length) { ! my $random = $chars[int( rand(36) )]; ! ! # Just to add spice to things we sometimes lowercase the value ! ! if ( rand(1) < rand(1) ) { ! $random = lc($random); ! } ! ! $session .= $random; ! } ! } while ( defined( $self->{api_sessions__}{$session} ) ); ! return $session; } --- 1441,1451 ---- my ( $self ) = @_; ! # Generate a long random number, hash it and the time together to ! # get a random session key in hex ! my $r = new Crypt::Random::Generator; ! my $random = $r->makerandom_octet( Length => 128, Strength => 1 ); ! my $now = time; ! return sha256_hex( "$random$now" ); } |
