Dariaceli's Git
Browse code

fix session handling (wasn't deleting old sessions)

Dario Rodriguez authored on 26/06/2014 19:29:31
Showing 4 changed files
README
History View file @ 94b5403
... ... 
@@ -1 +1,10 @@
1 1 
 Private group web
2 
+
3 
+Dependencies
4 
+============
5 
+
6 
+libmhash
7 
+libscrypt
8 
+webkernel
9 
+
10 
+
src/kakumei.c
History View file @ 94b5403
... ... 
@@ -156,7 +156,6 @@ callback_http(wk *web, int connid, wk_uri *uri, void *userptr)
156 156 
                 log_write("HTTP","Request: /newuser?...");
157 157 
         else
158 158 
                 log_write("HTTP","Request: %s",uri->path);
159 
-
160 159 
         /* extract the name */
161 160 
         strncpy(partialpath,uri->path,sizeof(partialpath)-1);
162 161 
         partialpath[sizeof(partialpath)-1]='\0';
... ... 
@@ -188,7 +187,7 @@ callback_http(wk *web, int connid, wk_uri *uri, void *userptr)
188 187 
                         return(wkact_finished);
189 188 
                 } else if((res=res_find(resindexdata,"index.html"))!=NULL) {
190 189 
                         log_write("HTTP","Not allowed page, redirecting to login");
191 
-                        wk_serve_buffer_as_file(web,connid,res->data,res->len,mime_getdefault(res->name,"application/octet-stream"));
190 
+                        wk_serve_redirect(web,connid,"/");
192 191 
                         return(wkact_finished);
193 192 
                 } else {
194 193 
                         log_write("EINT","%s:%i",__FILE__,__LINE__);
... ... 
@@ -287,8 +286,8 @@ http_newuser(wk *web, int connid, wk_uri *uri, void *userptr)
287 286 
         /* check validity */
288 287 
         if(kakumei_inviteexists(ka,i)!=0) {
289 288 
                 /* retry login */
290 
-                wk_serve_buffer_as_file(web,connid,"/",1,"text/plain");
291 289 
                 log_write("NEWU","invalid invite %s, redirecting to login",i);
290 
+                wk_serve_buffer_as_file(web,connid,"/",1,"text/plain");
292 291 
                 return(wkact_finished);
293 292 
         }
294 293 
         /* create user */
... ... 
@@ -303,8 +302,8 @@ http_newuser(wk *web, int connid, wk_uri *uri, void *userptr)
303 302 
         /* create session and go to "posts" page */
304 303 
         if(session_new(ka,u,session,sizeof(session))==NULL) {
305 304 
                 /* "autologin" didn't work, ask for login */
306 
-                wk_serve_buffer_as_file(web,connid,"/",1,"text/plain");
307 305 
                 log_write("NEWU","couldn't generate new session, redirecting to login");
306 
+                wk_serve_buffer_as_file(web,connid,"/",1,"text/plain");
308 307 
                 return(wkact_finished);
309 308 
         }
310 309 
         /* valid login */
src/kakumei.h
History View file @ 94b5403
... ... 
@@ -23,7 +23,7 @@
23 23 
 #define SESSIONSDIR "data/sessions"
24 24 
 #define MAXUSERSIZE 32
25 25 
 #define MAXPASSWDSIZE 64
26 
-#define SESSIONSIZE 65
26 
+#define SESSIONSIZE 33
27 27
28 28 
 typedef struct kakumei {
29 29 
         sselect *ssel;
src/kakumei_session.c
History View file @ 94b5403
... ... 
@@ -13,6 +13,7 @@
13 13 
 #include <fcntl.h>
14 14 
 #include <time.h>
15 15 
 #include <mhash.h>
16 
+#include "loglib.h"
16 17 
 #include "kakumei.h"
17 18 
 #include "kakumei_session.h"
18 19
... ... 
@@ -49,7 +50,7 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize)
49 50 
                 mhash(td,&n,sizeof(n));
50 51 
         }
51 52 
         mhash_deinit(td,&binhash);
52 
-        for(i=0;i<sizeof(binhash);i++) {
53 
+        for(i=0;i<sizeof(binhash) && i<SESSIONSIZE;i++) {
53 54 
                 c=(((unsigned char *)binhash)[i]>>4);
54 55 
                 c=(c>=10)?(c-10+'a'):c+'0';
55 56 
                 session[i<<1]=c;
... ... 
@@ -57,7 +58,7 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize)
57 58 
                 c=(c>=10)?(c-10+'a'):c+'0';
58 59 
                 session[(i<<1)+1]=c;
59 60 
         }
60 
-        session[sizeof(binhash)]='\0';
61 
+        session[SESSIONSIZE-1]='\0';
61 62 
         /* save the hash */
62 63 
         mkdir(DATADIR,0700);
63 64 
         mkdir(SESSIONSDIR,0700);
... ... 
@@ -100,7 +101,7 @@ session_check(kakumei *ka, char *session, char *user, int usersize)
100 101 
         if(ka==NULL || session==NULL || session[0]=='\0' || user==NULL || usersize<(MAXUSERSIZE+1))
101 102 
                 return(NULL);
102 103 
         for(i=0;session[i]!='\0';i++) {
103 
-                if(!(session[i]>='0' && session[i]<='0') &&
104 
+                if(!(session[i]>='0' && session[i]<='9') &&
104 105 
                    !(session[i]>='a' && session[i]<='f')) {
105 106 
                         return(NULL);
106 107 
                 }
... ... 
@@ -125,7 +126,7 @@ session_del(kakumei *ka, char *session)
125 126 
         if(ka==NULL || session==NULL || session[0]=='\0')
126 127 
                 return(-1);
127 128 
         for(i=0;session[i]!='\0';i++) {
128 
-                if(!(session[i]>='0' && session[i]<='0') &&
129 
+                if(!(session[i]>='0' && session[i]<='9') &&
129 130 
                    !(session[i]>='a' && session[i]<='f')) {
130 131 
                         return(-1);
131 132 
                 }