From: konrad Date: Mon, 10 Aug 2009 19:38:42 +0000 (+0000) Subject: move response status into header X-Git-Url: http://git.silmor.de/gitweb/?a=commitdiff_plain;h=1a4ced47cf8ef13d28ad3795850dd7ea39b6373e;p=web%2Fkonrad%2Fsmoke.git move response status into header enable change of own password git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@330 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33 --- diff --git a/src/overview.cpp b/src/overview.cpp index cd538e8..9c78545 100644 --- a/src/overview.cpp +++ b/src/overview.cpp @@ -381,13 +381,12 @@ MOverview::MOverview(QString pk) void MOverview::updateEvents() { - QListevl; - try{ - evl=req->queryGetAllEvents().getevents(); - }catch(WException e){ - qDebug("Error getting all events (%s): %s",e.component().toAscii().data(),e.error().toAscii().data()); + MTGetAllEvents gae=req->queryGetAllEvents(); + if(gae.stage()!=gae.Success){ + qDebug("Error getting all events (%s): %s",gae.errorType().toAscii().data(),gae.errorString().toAscii().data()); return; } + QListevl=gae.getevents(); eventmodel->clear(); eventmodel->insertColumns(0,6); eventmodel->setHorizontalHeaderLabels(QStringList()<changeMyPassword(pc.oldPassword(),pc.newPassword()); - if(e!="") - QMessageBox::warning(this,tr("Warning"),tr("Error setting password: %1").arg(e)); - }*/ + MTChangeMyPassword cmp=MTChangeMyPassword::query(pc.oldPassword(),pc.newPassword()); + if(cmp.hasError()) + QMessageBox::warning(this,tr("Warning"),tr("Error setting password: %1").arg(cmp.errorString())); + } } void MOverview::setUserPassword() {/*TODO @@ -1549,10 +1548,7 @@ void MOverview::doBackup() int gens=set.value("backupgenerations",3).toInt(); //get data MTBackup bc; - try{bc=MTBackup::query();}catch(WException e){ - QMessageBox::warning(this,tr("Warning"),tr("Error while executing backup (%1): %2").arg(e.component()).arg(e.error())); - return; - } + bc=MTBackup::query(); if(bc.stage()!=bc.Success){ QMessageBox::warning(this,tr("Warning"),tr("Backup failed with error (%2): %1").arg(bc.errorString()).arg(bc.errorType())); return; diff --git a/src/wbase/WTransaction.cpp b/src/wbase/WTransaction.cpp index 099b26a..a153a00 100644 --- a/src/wbase/WTransaction.cpp +++ b/src/wbase/WTransaction.cpp @@ -113,12 +113,16 @@ QByteArray WTransaction::executeQuery(QString hreq,QByteArray data) if(loglvl>WInterface::LogMinimal) log=QString("Request %3 with header:\n%1\n\nRequest Body:\n%2\n<---->\n").arg(hrh.toString()).arg(esc(data)).arg(m_httpid); qDebug("started req %i",m_httpid); + + ///////////////////////////////////////////////////////////////////// //start loop QTimer tmr; tmr.setSingleShot(true);tmr.start(iface->webTimeout()*1000); connect(&tmr,SIGNAL(timeout()),this,SLOT(webTimeout())); loop.exec(); tmr.stop();tmr.disconnect(SIGNAL(timeout()),this,SLOT(webTimeout())); + ///////////////////////////////////////////////////////////////////// + //process result if(m_stage==Error && m_errtype=="_timeout"){ //it did not finish yet, caught a timeout. @@ -138,6 +142,8 @@ QByteArray WTransaction::executeQuery(QString hreq,QByteArray data) return QByteArray(); } QHttpResponseHeader rsph=req.lastResponse(); + m_wobstatus=rsph.value("X-WobResponse-Status"); + m_wobstatus=m_wobstatus.replace("\"","").trimmed().toLower(); //check for high level error if(rsph.statusCode()!=200){ m_errstr="HTTP Error, return code "+QString::number(rsph.statusCode())+" "+rsph.reasonPhrase(); diff --git a/src/wbase/WTransaction.h b/src/wbase/WTransaction.h index 4ebb71e..8de263a 100644 --- a/src/wbase/WTransaction.h +++ b/src/wbase/WTransaction.h @@ -46,7 +46,7 @@ class WTransaction:public QObject void webFinished(); protected: Stage m_stage; - QString m_errtype,m_errstr,m_iface; + QString m_errtype,m_errstr,m_iface,m_wobstatus; int m_httpid; }; diff --git a/wob/user.wolf b/wob/user.wolf index dadbf4b..e2545e9 100644 --- a/wob/user.wolf +++ b/wob/user.wolf @@ -113,6 +113,7 @@ + diff --git a/woc/phpout.cpp b/woc/phpout.cpp index 9eb00e5..da91d02 100644 --- a/woc/phpout.cpp +++ b/woc/phpout.cpp @@ -863,7 +863,6 @@ QString WocPHPServerOut::trnOutput(const WocTransaction&trn) QString code="\t/*start of output encoding*/\n"; code+="\ttry{\n\t\t$xml=new DOMDocument;\n"; code+="\t\t$root=$xml->createElement(\"WobResponse\");\n"; - code+="\t\t$root->setAttribute(\"status\",$this->statusString());\n"; for(int i=0;iisAuthenticated()){ - header("X-MagicSmoke-Status: Unauthenticated"); - die(tr("Not authenticated. Can't change password.")); - } - //parse XML - $dom=new DOMDocument; - if(!$dom->loadXML($txt)){ - header("X-MagicSmoke-Status: SyntaxError"); - die(tr("unable to parse XML data")); - } - $nl=$dom->getElementsByTagName("SetMyPasswd"); - if($nl->length!=1){ - header("X-MagicSmoke-Status: SyntaxError"); - die(tr("expected exactly one passwd element")); - } - $spw=$nl->item(0); - $old=$spw->getAttribute("oldpwd"); - $nwp=$spw->getAttribute("newpwd"); + $old=$trans->getoldpassword(); + $nwp=$trans->getnewpassword(); //sanity check - if($nwp==""){ - header("X-MagicSmoke-Status: SyntaxError"); - die(tr("cannot set an empty password")); - } + if($nwp=="")$trans->abortWithError(tr("cannot set an empty password")); //check old password global $db; - $res=$db->select("users","passwd","uname=".$db->escapeString($this->user)); - if(count($res)!=1){ - header("X-MagicSmoke-Status: Error"); - die(tr("Ooops. Unable to find user. You have been deleted.")); - } - if($old!=$res[0]["passwd"]){ - header("X-MagicSmoke-Status: Error"); - deleteSession(); - die(tr("Wrong password. Session hijacked, terminating it.")); + $res=$db->select("user","passwd","uname=".$db->escapeString($this->user)); + if(count($res)!=1) + $trans->abortWithError(tr("Ooops. Unable to find user. You have been deleted.")); + $splt=explode(" ",$res[0]["passwd"]); + if(count($splt)!=2) + $trans->abortWithError(tr("Ooops. Internal storage error - cannot verify old password.")); + $vrfy=sha1($splt[0].$old); + if($vrfy!=$splt[1]){ + $trans->abortWithError(tr("Wrong password. Request denied.")); } //set new password - $db->update("users",array("passwd"=>$nwp),"uname=".$db->escapeString($this->user)); - header("X-MagicSmoke-Status: Ok"); + $salt=getSalt(); + $pwh=sha1($salt.$nwp); + $db->update("user",array("passwd"=>($salt." ".$pwh)),"uname=".$db->escapeString($this->user)); } /**checks whether user can execute this transaction, returns true on success; it always returns true for admins*/ diff --git a/www/inc/wbase/transaction.php b/www/inc/wbase/transaction.php index 5fc248e..3dd1365 100644 --- a/www/inc/wbase/transaction.php +++ b/www/inc/wbase/transaction.php @@ -17,11 +17,6 @@ class WobTransactionBase { protected $tinput; protected $aoutput; protected $toutput; - protected $astatus=0; - protected $aerror; - - const Ok=0; - const Error=1; /**called to determine the correct transaction, aborts the script if there is none.*/ static public function getTransactionName(){ @@ -75,31 +70,12 @@ class WobTransactionBase { } /**called to abort a transactions flow*/ - public function abortWithError($type,$text){ + public function abortWithError($type,$text=""){ + if($text==""){$text=$type;$type="server";} header("X-WobResponse-Status: Error"); print("".xq($text)."\n"); exit(); } - - /**returns the status of the transaction as string*/ - public function statusString() - { - switch($this->astatus){ - case Ok:return "ok"; - case Error:return "error"; - default:return "unknown"; - } - } - - /**sets the status of the transaction*/ - public function setStatus($s) - { - if($s<0 && $s>1)throw Exception("Illegal Status Code ".$s); - $this->astatus=$s; - } - - /**returns the status of the transaction*/ - public function status(){return $this->astatus;} }; ?> \ No newline at end of file