tazbug rev 34

change Header call to javascript, add javascript log function , fix small bug, cookies are now set via javascript
author xfred222
date Mon Dec 17 09:21:14 2012 -0500 (2012-12-17)
parents 24effe14f521
children 2ccd2cd18ef5
files web/bugs.cgi
line diff
     1.1 --- a/web/bugs.cgi	Thu Dec 13 20:06:57 2012 -0500
     1.2 +++ b/web/bugs.cgi	Mon Dec 17 09:21:14 2012 -0500
     1.3 @@ -8,11 +8,10 @@
     1.4  [ -f "/etc/slitaz/bugs.conf" ] && . /etc/slitaz/bugs.conf
     1.5  
     1.6  # Internal variable
     1.7 -bugdir="bug"
     1.8 +bugdir="$TAZBUG/bug"
     1.9  plugins="plugins"
    1.10 -sessions="/tmp/tazbug/sessions"
    1.11 +sessions="/tmp/bugs/sessions"
    1.12  po=""
    1.13 -error_log_file="/var/log/tazbug-server.log"
    1.14  
    1.15  # Content negotiation for Gettext
    1.16  IFS=","
    1.17 @@ -61,8 +60,8 @@
    1.18  </div>
    1.19  
    1.20  <div id="footer">
    1.21 -	<a href="./">SliTaz Bugs</a> -
    1.22 -	<a href="./?README">README</a>
    1.23 +	<a href="$WEB_URL">SliTaz Bugs</a> -
    1.24 +	<a href="$WEB_URL?README">README</a>
    1.25  </div>
    1.26  
    1.27  </body>
    1.28 @@ -72,6 +71,42 @@
    1.29  
    1.30  
    1.31  
    1.32 +js_redirection_to()
    1.33 +{
    1.34 +	js_log "Redirecting to $1"
    1.35 +	echo "<script type=\"text/javascript\"> document.location = \"$1\"; </script>"
    1.36 +}
    1.37 +
    1.38 +
    1.39 +js_log()
    1.40 +{
    1.41 +	echo "<script type=\"text/javascript\">console.log('$1')</script>";
    1.42 +}
    1.43 +
    1.44 +
    1.45 +js_set_cookie()
    1.46 +{
    1.47 +	name=$1
    1.48 +	value=$2
    1.49 +
    1.50 +	js_log 'Setting cookie.'
    1.51 +	echo "<script type=\"text/javascript\">"
    1.52 +		echo "document.cookie = \"$name=$value; expires=0; path=/\"";
    1.53 +	echo "</script>"
    1.54 +}
    1.55 +
    1.56 +
    1.57 +js_unset_cookie()
    1.58 +{
    1.59 +	name=$1
    1.60 +
    1.61 +	js_log 'Unsetting cookie.'
    1.62 +	echo "<script type=\"text/javascript\">"
    1.63 +		echo "document.cookie = \"$1=\"\"; expires=-1; path=/";
    1.64 +	echo "</script>"
    1.65 +}
    1.66 +
    1.67 +
    1.68  # Check if user is auth
    1.69  check_auth() {
    1.70  	auth="$(COOKIE auth)"
    1.71 @@ -85,13 +120,13 @@
    1.72  	fi
    1.73  }
    1.74  
    1.75 +
    1.76  # Authentified or not
    1.77  user_box() {
    1.78  
    1.79 -#bug id to remember
    1.80  IDLOC=""
    1.81  if [[ "$(GET id)" ]] ;then
    1.82 -IDLOC="&id=$(GET id)"
    1.83 +	IDLOC="&id=$(GET id)"
    1.84  fi
    1.85  
    1.86  	if check_auth; then
    1.87 @@ -113,7 +148,7 @@
    1.88  	cat << EOT
    1.89  
    1.90  <div id="search">
    1.91 -	<form method="get" action="./">
    1.92 +	<form method="get" action="$WEB_URL">
    1.93  		<input type="text" name="search" placeholder="$(gettext 'Search')" />
    1.94  		<!-- <input type="submit" value="$(gettext 'Search')" /> -->
    1.95  	</form>
    1.96 @@ -125,14 +160,14 @@
    1.97  EOT
    1.98  }
    1.99  
   1.100 +
   1.101  # Login page
   1.102  login_page() {
   1.103  IDLOC=""
   1.104  if [[ "$(GET id)" ]] ;then
   1.105 -IDLOC="?id=$(GET id)"
   1.106 +	IDLOC="?id=$(GET id)"
   1.107  fi
   1.108  
   1.109 -
   1.110  	cat << EOT
   1.111  <h2>$(gettext 'Login')</h2>
   1.112  
   1.113 @@ -144,7 +179,7 @@
   1.114  </div>
   1.115  
   1.116  <div id="login">
   1.117 -	<form method="post" action="$SCRIPT_NAME$IDLOC">
   1.118 +	<form method="post" action="$SCRIPT_NAME">
   1.119  		<input type="text" name="auth" placeholder="$(gettext 'User name')" />
   1.120  		<input type="password" name="pass" placeholder="$(gettext 'Password')" />
   1.121  		<div>
   1.122 @@ -158,6 +193,7 @@
   1.123  EOT
   1.124  }
   1.125  
   1.126 +
   1.127  # Display user public profile.
   1.128  public_people() {
   1.129  	cat << EOT
   1.130 @@ -167,6 +203,7 @@
   1.131  EOT
   1.132  }
   1.133  
   1.134 +
   1.135  # Display authentified user profile. TODO: change password
   1.136  auth_people() {
   1.137  	cat << EOT
   1.138 @@ -178,6 +215,7 @@
   1.139  EOT
   1.140  }
   1.141  
   1.142 +
   1.143  # Usage: list_bugs STATUS
   1.144  list_bugs() {
   1.145  	bug="$1"
   1.146 @@ -187,7 +225,7 @@
   1.147  		for bug in $(fgrep -H "$1" $bugdir/*/bug.conf | cut -d ":" -f 1)
   1.148  		do
   1.149  			. $bug
   1.150 -			id=$(dirname $bug | cut -d "/" -f 2)
   1.151 +			id=$(basename $(dirname $bug))
   1.152  			if [ "$PRIORITY" == "$pr" ]; then
   1.153  				cat << EOT
   1.154  <pre>
   1.155 @@ -201,6 +239,7 @@
   1.156  	done
   1.157  }
   1.158  
   1.159 +
   1.160  # Stripped down Wiki parser for bug desc and messages which are simply
   1.161  # displayed in <pre>
   1.162  wiki_parser() {
   1.163 @@ -209,6 +248,7 @@
   1.164  		-e s"#http://\([^']*\).*# <a href='\0'>\1</a>#"g
   1.165  }
   1.166  
   1.167 +
   1.168  # Bug page
   1.169  bug_page() {
   1.170  	if [ -f "$PEOPLE/$CREATOR/account.conf" ]; then
   1.171 @@ -218,7 +258,7 @@
   1.172  	fi
   1.173  	cat << EOT
   1.174  <h2>$(eval_gettext 'Bug $id')</h2>
   1.175 -<form method="get" action="./">
   1.176 +<form method="get" action="$WEB_URL">
   1.177  
   1.178  <p>
   1.179  	$(get_gravatar $MAIL 32)
   1.180 @@ -284,6 +324,7 @@
   1.181  	fi
   1.182  }
   1.183  
   1.184 +
   1.185  # Write a new message
   1.186  new_msg() {
   1.187  	date=$(date "+%Y-%m-%d %H:%M")
   1.188 @@ -292,6 +333,7 @@
   1.189  	if check_auth; then
   1.190  		USER="$user"
   1.191  	fi
   1.192 +	js_log "Will write message in $bugdir/$id/msg.$count "
   1.193  	sed "s/$(echo -en '\r') /\n/g" > $bugdir/$id/msg.$count << EOT
   1.194  USER="$USER"
   1.195  DATE="$date"
   1.196 @@ -299,6 +341,7 @@
   1.197  EOT
   1.198  }
   1.199  
   1.200 +
   1.201  # Create a new Bug
   1.202  new_bug() {
   1.203  	count=$(ls -1 $bugdir | wc -l)
   1.204 @@ -324,13 +367,14 @@
   1.205  EOT
   1.206  }
   1.207  
   1.208 +
   1.209  # New bug page for the web interface
   1.210  new_bug_page() {
   1.211  	cat << EOT
   1.212  <h2>$(gettext "New Bug")</h2>
   1.213  <div id="newbug">
   1.214  
   1.215 -<form method="get" action="./" onsubmit="return checkNewBug();">
   1.216 +<form method="get" action="$WEB_URL" onsubmit="return checkNewBug();">
   1.217  	<input type="hidden" name="addbug" />
   1.218  	<table>
   1.219  		<tbody>
   1.220 @@ -368,13 +412,14 @@
   1.221  EOT
   1.222  }
   1.223  
   1.224 +
   1.225  # Edit/Save a bug configuration file
   1.226  edit_bug() {
   1.227  	cat << EOT
   1.228  <h2>$(eval_gettext 'Edit Bug $bug')</h2>
   1.229  <div id="edit">
   1.230  
   1.231 -<form method="get" action="./">
   1.232 +<form method="get" action="$WEB_URL">
   1.233  	<textarea name="bugconf">$(cat $bugdir/$bug/bug.conf)</textarea>
   1.234  	<input type="hidden" name="bug" value="$bug" />
   1.235  	<input type="submit" value="$(gettext 'Save configuration')" />
   1.236 @@ -384,6 +429,7 @@
   1.237  EOT
   1.238  }
   1.239  
   1.240 +
   1.241  save_bug() {
   1.242  	bug="$(GET bug)"
   1.243  	content="$(GET bugconf)"
   1.244 @@ -392,16 +438,19 @@
   1.245  EOT
   1.246  }
   1.247  
   1.248 +
   1.249  # Close a fixed bug
   1.250  close_bug() {
   1.251  	sed -i s'/OPEN/CLOSED/' $bugdir/$id/bug.conf
   1.252  }
   1.253  
   1.254 +
   1.255  # Re open an old bug
   1.256  open_bug() {
   1.257  	sed -i s'/CLOSED/OPEN/' $bugdir/$id/bug.conf
   1.258  }
   1.259  
   1.260 +
   1.261  # Get and display Gravatar image: get_gravatar email size
   1.262  # Link to profile: <a href="http://www.gravatar.com/$md5">...</a>
   1.263  get_gravatar() {
   1.264 @@ -413,15 +462,15 @@
   1.265  	echo "<img src=\"$url/$md5?d=identicon&amp;s=$size\" alt=\"\" />"
   1.266  }
   1.267  
   1.268 +
   1.269  # Create a new user in AUTH_FILE and PEOPLE
   1.270  new_user_config() {
   1.271 -
   1.272 -
   1.273  	mail="$(GET mail)"
   1.274  	pass="$(GET pass)"
   1.275  	key=$(echo -n "$user:$mail:$pass" | md5sum | awk '{print $1}')
   1.276 +	echo "Server Key generated"
   1.277  	echo "$user:$pass" >> $AUTH_FILE
   1.278 -	mkdir -p $PEOPLE/$user/
   1.279 +	mkdir -pm0700 $PEOPLE/$user/
   1.280  	cat > $PEOPLE/$user/account.conf << EOT
   1.281  # SliTaz user configuration
   1.282  #
   1.283 @@ -437,29 +486,56 @@
   1.284  PACKAGES="$(GET packages)"
   1.285  EOT
   1.286  	chmod 0600 $PEOPLE/$user/account.conf
   1.287 +	if [ ! -f $PEOPLE/$user/account.conf ]; then
   1.288 +		echo "ERROR: User creation failed!"
   1.289 +		fi;
   1.290  	}
   1.291  
   1.292 -#
   1.293 +
   1.294 +
   1.295 +
   1.296 +###################################################
   1.297  # POST actions
   1.298 -#
   1.299 +###################################################
   1.300  
   1.301  case " $(POST) " in
   1.302  	*\ auth\ *)
   1.303 +		header
   1.304 +		html_header
   1.305  		# Authenticate user. Create a session file in $sessions to be used
   1.306  		# by check_auth. We have the user login name and a peer session
   1.307  		# md5 string in the COOKIE.
   1.308  		user="$(POST auth)"
   1.309 -		pass="$(md5crypt "$(POST pass)")"
   1.310 +		pass="$(echo -n "$(POST pass)" | md5sum | awk '{print $1}')"
   1.311 +
   1.312 +		IDLOC=""
   1.313 +			if [[ "$(GET id)" ]] ;then
   1.314 +				IDLOC="&id=$(GET id)"
   1.315 +			fi
   1.316 +
   1.317 +		if [  ! -f $AUTH_FILE ] ; then
   1.318 +			js_log "$AUTH_FILE (defined in \$AUTH_FILE) have not been found."
   1.319 +			js_redirection_to "$WEB_URL?login$IDLOC"
   1.320 +		fi;
   1.321 +
   1.322  		valid=$(fgrep "${user}:" $AUTH_FILE | cut -d ":" -f 2)
   1.323  		if [ "$pass" == "$valid" ] && [ "$pass" != "" ]; then
   1.324 +			if [[ "$(GET id)" ]] ;then
   1.325 +				IDLOC="?id=$(GET id)"
   1.326 +			fi
   1.327  			md5session=$(echo -n "$$:$user:$pass:$$" | md5sum | awk '{print $1}')
   1.328  			mkdir -p $sessions
   1.329  			echo "$md5session" > $sessions/$user
   1.330 -			header "Location: $WEB_URL" \
   1.331 -				"Set-Cookie: auth=$user:$md5session; HttpOnly"
   1.332 +			js_set_cookie 'auth' "$user:$md5session"
   1.333 +			js_log "Login authentification have been executed & accepted :)"
   1.334 +			js_redirection_to "$WEB_URL$IDLOC"
   1.335  		else
   1.336 -			header "Location: $cd /va	?login&error"
   1.337 -		fi ;;
   1.338 +			js_log "Login authentification have been executed & refused"
   1.339 +			js_redirection_to "$WEB_URL?login&error$IDLOC"
   1.340 +		fi
   1.341 +
   1.342 +		html_footer
   1.343 +		;;
   1.344  esac
   1.345  
   1.346  #
   1.347 @@ -471,9 +547,12 @@
   1.348  	[ -x "$plugins/$p/$p.cgi" ] && . $plugins/$p/$p.cgi
   1.349  done
   1.350  
   1.351 -#
   1.352 +
   1.353 +
   1.354 +
   1.355 +###################################################
   1.356  # GET actions
   1.357 -#
   1.358 +###################################################
   1.359  
   1.360  case " $(GET) " in
   1.361  	*\ README\ *)
   1.362 @@ -502,11 +581,13 @@
   1.363  		login_page
   1.364  		html_footer ;;
   1.365  	*\ logout\ *)
   1.366 -		# Set a Cookie in the past to logout.
   1.367 -		expires="Expires=Wed, 01-Jan-1980 00:00:00 GMT"
   1.368 +		header
   1.369 +		html_header
   1.370  		if check_auth; then
   1.371  			rm -f "$sessions/$user"
   1.372 -			header "Location: $WEB_URL" "Set-Cookie: auth=none; $expires; HttpOnly"
   1.373 +			js_unset_cookie 'auth'
   1.374 +			js_redirection_to "$WEB_URL"
   1.375 +
   1.376  		fi ;;
   1.377  	*\ user\ *)
   1.378  		# User profile
   1.379 @@ -534,9 +615,11 @@
   1.380  		html_footer ;;
   1.381  	*\ addbug\ *)
   1.382  		# Add a bug from web interface.
   1.383 +		header
   1.384 +		html_header
   1.385  		if check_auth; then
   1.386  			new_bug
   1.387 -			header "Location: $WEB_URL?id=$count"
   1.388 +			js_redirection_to "$WEB_URL?id=$count"
   1.389  		fi ;;
   1.390  	*\ edit\ *)
   1.391  		bug="$(GET edit)"
   1.392 @@ -546,12 +629,16 @@
   1.393  		edit_bug
   1.394  		html_footer ;;
   1.395  	*\ bugconf\ *)
   1.396 +		header
   1.397 +		html_header
   1.398  		if check_auth; then
   1.399  			save_bug
   1.400 -			header "Location: $WEB_URL?id=$bug"
   1.401 +			js_redirection_to "$WEB_URL?id=$bug"
   1.402  		fi ;;
   1.403  	*\ id\ *)
   1.404  		# Empty deleted messages to keep msg count working.
   1.405 +		header
   1.406 +		html_header
   1.407  		id="$(GET id)"
   1.408  		[ "$(GET close)" ] && close_bug
   1.409  		[ "$(GET open)" ] && open_bug
   1.410 @@ -559,8 +646,6 @@
   1.411  		[ "$(GET delmsg)" ] && rm -f $bugdir/$id/msg.$(GET delmsg) && \
   1.412  			touch $bugdir/$id/msg.$(GET delmsg)
   1.413  		msgs=$(fgrep MSG= $bugdir/$id/msg.* | wc -l)
   1.414 -		header
   1.415 -		html_header
   1.416  		user_box
   1.417  		. $bugdir/$id/bug.conf
   1.418  		bug_page
   1.419 @@ -611,7 +696,7 @@
   1.420  		user_box
   1.421  		cat << EOT
   1.422  <h2>$(gettext "Search")</h2>
   1.423 -<form method="get" action="./">
   1.424 +<form method="get" action="$WEB_URL">
   1.425  	<input type="text" name="search" />
   1.426  	<input type="submit" value="$(gettext 'Search')" />
   1.427  </form>