lunarmodules · srdgame · Dec 5, 2013 · Dec 5, 2013 · Jan 6, 2014
diff --git a/examples/authentication_conf.lua b/examples/authentication_conf.lua
@@ -6,15 +6,15 @@
 -- $Id: authentication_conf.lua,v 1.1 2007/12/05 18:40:17 carregal Exp $
 ----------------------------
 
-require"cgilua.authentication"
+cgilua.authentication = require"cgilua.authentication"
 
 local options = {
     -- Authentication method: "simpledatabase", "webserver", "ldap", "test"
     method = "test",
 
     -- How Authentication is stored on the client
     -- This directive can be "cookie" or "url"
-    tokenPersistence="url",
+    tokenPersistence="cookie",
 
     -- Name used for the token persitence
     tokenName = "userhash",
@@ -35,7 +35,7 @@ options.simpledatabase = {
     sourcename="users",
     dbusername="root",
     dbpassword="pass",
-    passwd_hash_function=(require"md5") and md5.sumhexa, -- for MD5 encription
+    passwd_hash_function=(require"md5") and require("md5").sumhexa, -- for MD5 encription
         -- passwd_hash_function = function(arg) return arg end , -- for no encription
     users_table="Users",
     user_name_field="Name",

diff --git a/examples/cgilua/config.lua b/examples/cgilua/config.lua
@@ -8,7 +8,7 @@
 -- cgilua.use_executable_name = true
 
 -- Enables CGILua authentication
--- cgilua.doif (CGILUA_CONF.."/authentication_conf.lua")
+cgilua.doif (CGILUA_CONF.."/../authentication_conf.lua")
 
 -- Emulating old behavior loading file "env.lua" from the script's directory
 --[[
@@ -18,8 +18,7 @@ end)
 --]]
 
 -- Basic configuration for using sessions
---[[
-require"cgilua.session"
+cgilua.session = require"cgilua.session"
 cgilua.session.setsessiondir (CGILUA_TMP)
 -- The following function must be called by every script that needs session.
 local already_enabled = false
@@ -32,7 +31,9 @@ function cgilua.enablesession ()
   cgilua.session.open ()
   cgilua.addclosefunction (cgilua.session.close)
 end
---]]
+
+cgilua.setmaxinput(5 * 1024 * 1024)
+cgilua.setmaxfilesize(5 * 1024 * 1024)
 
 -- Optional compatibility values
 -- cgilua.preprocess = cgilua.handlelp

diff --git a/examples/check.lua b/examples/check.lua
@@ -1,6 +1,7 @@
 -- Checking script example
 -- Assumes that the login form will use two fields called username and pass
 
+local lp = require 'cgilua.lp'
 local username = cgilua.POST.username
 local pass = cgilua.POST.pass
 local logged, err, logoutURL
@@ -21,7 +22,7 @@ else
     err = err or ""
 
 	cgilua.htmlheader()
-	cgilua.lp.include ("login.lp", {
+	lp.include ("login.lp", {
         logged = logged, errorMsg = err, username = username,
         cgilua = cgilua, logoutURL = logoutURL})
 end

diff --git a/examples/login.lp b/examples/login.lp
@@ -4,6 +4,9 @@
 </head>
 
 <body>
+	<%
+	cgilua.enablesession ()
+	%>
     <% if logged then %>
     <p>User <%= username %> logged in</p>
     <a href="<%= logoutURL %>">Logout</a>
@@ -17,4 +20,4 @@
     </form>
     <% end %>
 </body>
-</html>
+</html>
diff --git a/examples/test.lp b/examples/test.lp
@@ -8,7 +8,7 @@
     <link rel="stylesheet" href="css/doc.css" type="text/css"/>
 	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
     <%
-    require"cgilua.cookies"
+    cgilua.cookies = require"cgilua.cookies"
     if cgilua.POST.user then
         cgilua.cookies.sethtml("cookie_kepler", cgilua.POST.user)
     end

diff --git a/src/cgilua/authentication.lua b/src/cgilua/authentication.lua
@@ -53,6 +53,10 @@ function M.currentURL()
     if query_string ~= "" then
         query_string = "?"..query_string
     end
+	--DIRK: hack
+	if path_info == "/" then
+		path_info = ""
+	end
     return cgilua.mkabsoluteurl(script_name..path_info..query_string)
 end
 
@@ -88,13 +92,14 @@ function M.username()
 		if configuration.tokenPersistence == "url" then
             token = M.getToken()
 		elseif configuration.tokenPersistence == "cookie" then
-			token = cgilua.cookies.get(configuration.tokenName)
+			token = cookies.get(configuration.tokenName)
 		end
         if token then
             authenticatedUserData = md5.decrypt(M.decodeURLbase64(token), configuration.criptKey)
             -- check if IP in crypted data match with client IP
             local authenticatedUserIP = authenticatedUserData and string.gsub(authenticatedUserData, ",.*$","") or nil
             if authenticatedUserIP ~= cgilua.servervariable("REMOTE_ADDR") then
+				M.logout()
                 return nil
             end
             authenticatedUser=authenticatedUserData and string.gsub(authenticatedUserData, "^.*,", "") or nil
@@ -119,9 +124,9 @@ local function setUser(username)
         local cryptedUserData = cryptUserData()
         if configuration.tokenPersistence == "url" then
             M.setToken(cryptedUserData)
-            cgilua.cookies.delete(configuration.tokenName) -- removes an eventual previous cookie token
+            cookies.delete(configuration.tokenName) -- removes an eventual previous cookie token
         elseif configuration.tokenPersistence == "cookie" then
-            cgilua.cookies.set(configuration.tokenName, cryptedUserData)
+            cookies.set(configuration.tokenName, cryptedUserData)
             M.setToken() -- remove an eventual previous token from the URLs
         end
     end
@@ -130,7 +135,7 @@ end
 -- User logout, clear everything
 function M.logout()
     setUser()
-    cgilua.cookies.delete(configuration.tokenName)
+    cookies.delete(configuration.tokenName)
     M.setToken()
     cgilua.QUERY.logout = nil
 end
@@ -171,7 +176,7 @@ function M.checkURL(ref, tologout)
     if configuration.tokenPersistence == "url" then
         token = M.getToken()
     elseif configuration.tokenPersistence == "cookie" then
-        token = cgilua.cookies.get(configuration.tokenName)
+        token = cookies.get(configuration.tokenName)
     end
 
     -- As HTTP header referer information can violate privacy, 
@@ -197,16 +202,21 @@ end
 function M.refURL()
     local url
     local baseURL = cgilua.QUERY.ref or configuration.checkURL
-    if string.find(baseURL, "\?") then
-        url = string.gsub(baseURL, "\?", "?"..configuration.tokenName.."="..cryptUserData().."&")
-    else
-        url = baseURL.."?"..configuration.tokenName.."="..cryptUserData()
-    end
+	if configuration.tokenPersistence == 'url' then
+		if string.find(baseURL, "%?") then
+			url = string.gsub(baseURL, "%?", "?"..configuration.tokenName.."="..cryptUserData().."&")
+		else
+			url = baseURL.."?"..configuration.tokenName.."="..cryptUserData()
+		end
+	else
+		url = baseURL
+	end
 	return url
 end
 
 -- Sets the current configuration
 function M.configure(options, methods)
+	authenticatedUser = nil
     configuration = options
     local method = methods[options.method] or {}
 

diff --git a/src/cgilua/cgilua.lua b/src/cgilua/cgilua.lua
@@ -195,8 +195,8 @@ end
 -- @param filename String with the name of the file to be processed.
 -- @return The result of the execution of the file.
 ----------------------------------------------------------------------------
-function M.doscript (filename)
-	local env = buildscriptenv()
+function M.doscript (filename, env)
+	local env = env or buildscriptenv()
 	local f, err = loadfile(filename, "bt", env)
 	if not f then
 		error (format ("Cannot execute `%s'. Exiting.\n%s", filename, err))

diff --git a/src/cgilua/cookies.lua b/src/cgilua/cookies.lua
@@ -14,9 +14,9 @@ local format, gsub, strfind = string.format, string.gsub, string.find
 local date = os.date
 local escape, unescape = urlcode.escape, urlcode.unescape
 
-local header = SAPI.Response.header
-local write = SAPI.Response.write
-local servervariable = SAPI.Request.servervariable
+--local header = SAPI.Response.header
+--local write = SAPI.Response.write
+--local servervariable = SAPI.Request.servervariable
 
 local M = {}
 
@@ -54,7 +54,7 @@ end
 -- @param options Table with the options (optional).
 
 function M.set (name, value, options)
-	header("Set-Cookie", build(name, value, options))
+	cgilua.header("Set-Cookie", build(name, value, options))
 end
 
 
@@ -66,7 +66,7 @@ end
 -- @param options Table with the options (optional).
 
 function M.sethtml (name, value, options)
-	write(format('<meta http-equiv="Set-Cookie" content="%s">', 
+	cgilua.put(format('<meta http-equiv="Set-Cookie" content="%s">', 
 		build(name, value, options)))
 end
 
@@ -77,7 +77,7 @@ end
 -- @return String with the value associated with the cookie.
 
 function M.get (name)
-	local cookies = servervariable"HTTP_COOKIE" or ""
+	local cookies = cgilua.servervariable("HTTP_COOKIE") or ""
 	cookies = ";" .. cookies .. ";"
 	cookies = gsub(cookies, "%s*;%s*", ";")	 -- remove extra spaces
 	local pattern = ";" .. name .. "=(.-);"