diff --git a/examples/authentication_conf.lua b/examples/authentication_conf.lua index 02ef655..df710fe 100755 --- a/examples/authentication_conf.lua +++ b/examples/authentication_conf.lua @@ -6,7 +6,7 @@ -- $Id: authentication_conf.lua,v 1.1 2007/12/05 18:40:17 carregal Exp $ ---------------------------- -require"cgilua.authentication" +cgilua.authentication = require"cgilua.authentication" local options = { -- Authentication method: "simpledatabase", "webserver", "ldap", "test" @@ -14,7 +14,7 @@ local options = { -- How Authentication is stored on the client -- This directive can be "cookie" or "url" - tokenPersistence="url", + tokenPersistence="cookie", -- Name used for the token persitence tokenName = "userhash", @@ -35,7 +35,7 @@ options.simpledatabase = { sourcename="users", dbusername="root", dbpassword="pass", - passwd_hash_function=(require"md5") and md5.sumhexa, -- for MD5 encription + passwd_hash_function=(require"md5") and require("md5").sumhexa, -- for MD5 encription -- passwd_hash_function = function(arg) return arg end , -- for no encription users_table="Users", user_name_field="Name", diff --git a/examples/cgilua/config.lua b/examples/cgilua/config.lua index dc3e599..d0fbb66 100755 --- a/examples/cgilua/config.lua +++ b/examples/cgilua/config.lua @@ -8,7 +8,7 @@ -- cgilua.use_executable_name = true -- Enables CGILua authentication --- cgilua.doif (CGILUA_CONF.."/authentication_conf.lua") +cgilua.doif (CGILUA_CONF.."/../authentication_conf.lua") -- Emulating old behavior loading file "env.lua" from the script's directory --[[ @@ -18,8 +18,7 @@ end) --]] -- Basic configuration for using sessions ---[[ -require"cgilua.session" +cgilua.session = require"cgilua.session" cgilua.session.setsessiondir (CGILUA_TMP) -- The following function must be called by every script that needs session. local already_enabled = false @@ -32,7 +31,9 @@ function cgilua.enablesession () cgilua.session.open () cgilua.addclosefunction (cgilua.session.close) end ---]] + +cgilua.setmaxinput(5 * 1024 * 1024) +cgilua.setmaxfilesize(5 * 1024 * 1024) -- Optional compatibility values -- cgilua.preprocess = cgilua.handlelp diff --git a/examples/check.lua b/examples/check.lua index ba6efc3..5fa928a 100755 --- a/examples/check.lua +++ b/examples/check.lua @@ -1,6 +1,7 @@ -- Checking script example -- Assumes that the login form will use two fields called username and pass +local lp = require 'cgilua.lp' local username = cgilua.POST.username local pass = cgilua.POST.pass local logged, err, logoutURL @@ -21,7 +22,7 @@ else err = err or "" cgilua.htmlheader() - cgilua.lp.include ("login.lp", { + lp.include ("login.lp", { logged = logged, errorMsg = err, username = username, cgilua = cgilua, logoutURL = logoutURL}) end diff --git a/examples/login.lp b/examples/login.lp index c4220f4..d886ddd 100755 --- a/examples/login.lp +++ b/examples/login.lp @@ -4,6 +4,9 @@ + <% + cgilua.enablesession () + %> <% if logged then %>

User <%= username %> logged in

Logout @@ -17,4 +20,4 @@ <% end %> - \ No newline at end of file + diff --git a/examples/test.lp b/examples/test.lp index 517f0f2..319f009 100755 --- a/examples/test.lp +++ b/examples/test.lp @@ -8,7 +8,7 @@ <% - require"cgilua.cookies" + cgilua.cookies = require"cgilua.cookies" if cgilua.POST.user then cgilua.cookies.sethtml("cookie_kepler", cgilua.POST.user) end diff --git a/src/cgilua/authentication.lua b/src/cgilua/authentication.lua index de27918..fc86bf7 100755 --- a/src/cgilua/authentication.lua +++ b/src/cgilua/authentication.lua @@ -53,6 +53,10 @@ function M.currentURL() if query_string ~= "" then query_string = "?"..query_string end + --DIRK: hack + if path_info == "/" then + path_info = "" + end return cgilua.mkabsoluteurl(script_name..path_info..query_string) end @@ -88,13 +92,14 @@ function M.username() if configuration.tokenPersistence == "url" then token = M.getToken() elseif configuration.tokenPersistence == "cookie" then - token = cgilua.cookies.get(configuration.tokenName) + token = cookies.get(configuration.tokenName) end if token then authenticatedUserData = md5.decrypt(M.decodeURLbase64(token), configuration.criptKey) -- check if IP in crypted data match with client IP local authenticatedUserIP = authenticatedUserData and string.gsub(authenticatedUserData, ",.*$","") or nil if authenticatedUserIP ~= cgilua.servervariable("REMOTE_ADDR") then + M.logout() return nil end authenticatedUser=authenticatedUserData and string.gsub(authenticatedUserData, "^.*,", "") or nil @@ -119,9 +124,9 @@ local function setUser(username) local cryptedUserData = cryptUserData() if configuration.tokenPersistence == "url" then M.setToken(cryptedUserData) - cgilua.cookies.delete(configuration.tokenName) -- removes an eventual previous cookie token + cookies.delete(configuration.tokenName) -- removes an eventual previous cookie token elseif configuration.tokenPersistence == "cookie" then - cgilua.cookies.set(configuration.tokenName, cryptedUserData) + cookies.set(configuration.tokenName, cryptedUserData) M.setToken() -- remove an eventual previous token from the URLs end end @@ -130,7 +135,7 @@ end -- User logout, clear everything function M.logout() setUser() - cgilua.cookies.delete(configuration.tokenName) + cookies.delete(configuration.tokenName) M.setToken() cgilua.QUERY.logout = nil end @@ -171,7 +176,7 @@ function M.checkURL(ref, tologout) if configuration.tokenPersistence == "url" then token = M.getToken() elseif configuration.tokenPersistence == "cookie" then - token = cgilua.cookies.get(configuration.tokenName) + token = cookies.get(configuration.tokenName) end -- As HTTP header referer information can violate privacy, @@ -197,16 +202,21 @@ end function M.refURL() local url local baseURL = cgilua.QUERY.ref or configuration.checkURL - if string.find(baseURL, "\?") then - url = string.gsub(baseURL, "\?", "?"..configuration.tokenName.."="..cryptUserData().."&") - else - url = baseURL.."?"..configuration.tokenName.."="..cryptUserData() - end + if configuration.tokenPersistence == 'url' then + if string.find(baseURL, "%?") then + url = string.gsub(baseURL, "%?", "?"..configuration.tokenName.."="..cryptUserData().."&") + else + url = baseURL.."?"..configuration.tokenName.."="..cryptUserData() + end + else + url = baseURL + end return url end -- Sets the current configuration function M.configure(options, methods) + authenticatedUser = nil configuration = options local method = methods[options.method] or {} diff --git a/src/cgilua/cgilua.lua b/src/cgilua/cgilua.lua index bdce5ac..69d3516 100755 --- a/src/cgilua/cgilua.lua +++ b/src/cgilua/cgilua.lua @@ -195,8 +195,8 @@ end -- @param filename String with the name of the file to be processed. -- @return The result of the execution of the file. ---------------------------------------------------------------------------- -function M.doscript (filename) - local env = buildscriptenv() +function M.doscript (filename, env) + local env = env or buildscriptenv() local f, err = loadfile(filename, "bt", env) if not f then error (format ("Cannot execute `%s'. Exiting.\n%s", filename, err)) diff --git a/src/cgilua/cookies.lua b/src/cgilua/cookies.lua index 17a7323..f6d96bc 100755 --- a/src/cgilua/cookies.lua +++ b/src/cgilua/cookies.lua @@ -14,9 +14,9 @@ local format, gsub, strfind = string.format, string.gsub, string.find local date = os.date local escape, unescape = urlcode.escape, urlcode.unescape -local header = SAPI.Response.header -local write = SAPI.Response.write -local servervariable = SAPI.Request.servervariable +--local header = SAPI.Response.header +--local write = SAPI.Response.write +--local servervariable = SAPI.Request.servervariable local M = {} @@ -54,7 +54,7 @@ end -- @param options Table with the options (optional). function M.set (name, value, options) - header("Set-Cookie", build(name, value, options)) + cgilua.header("Set-Cookie", build(name, value, options)) end @@ -66,7 +66,7 @@ end -- @param options Table with the options (optional). function M.sethtml (name, value, options) - write(format('', + cgilua.put(format('', build(name, value, options))) end @@ -77,7 +77,7 @@ end -- @return String with the value associated with the cookie. function M.get (name) - local cookies = servervariable"HTTP_COOKIE" or "" + local cookies = cgilua.servervariable("HTTP_COOKIE") or "" cookies = ";" .. cookies .. ";" cookies = gsub(cookies, "%s*;%s*", ";") -- remove extra spaces local pattern = ";" .. name .. "=(.-);"