From: konrad Date: Fri, 14 Sep 2007 20:06:59 +0000 (+0000) Subject: fixed login X-Git-Url: http://git.silmor.de/gitweb/?a=commitdiff_plain;h=9a2dfbb0fb3fa48a026670fd337cab326589fce1;p=web%2Fkonrad%2Fsmoke.git fixed login can logout too git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@23 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33 --- diff --git a/src/hmac.h b/src/hmac.h index 0971eba..c37edc0 100644 --- a/src/hmac.h +++ b/src/hmac.h @@ -15,6 +15,7 @@ #include +/**Calculate a cryptographic HMAC (used by authentication algorithm)*/ class SMHmac { public: diff --git a/src/mainwindow.cpp b/src/mainwindow.cpp index fa306ab..a51d5bc 100644 --- a/src/mainwindow.cpp +++ b/src/mainwindow.cpp @@ -205,8 +205,7 @@ void MMainWindow::startLogin() return; } //open window - MOverview *mo=new MOverview; - mw->setParent(mo); + MOverview *mo=new MOverview(mw,profiles->itemData(profiles->currentIndex()).toString()); mo->show(); setEnabled(true); diff --git a/src/overview.cpp b/src/overview.cpp new file mode 100644 index 0000000..084c5da --- /dev/null +++ b/src/overview.cpp @@ -0,0 +1,38 @@ +// +// C++ Implementation: overview +// +// Description: +// +// +// Author: Konrad Rosenbaum , (C) 2007 +// +// Copyright: See README/COPYING files that come with this distribution +// +// + +#include "overview.h" +#include "webrequest.h" + +#include +#include + +MOverview::MOverview(MWebRequest*mw,QString pk) +{ + req=mw; + setAttribute(Qt::WA_DeleteOnClose); + setWindowTitle("MagicSmoke: "+QSettings().value("profiles/"+pk+"/name").toString()); +} + +void MOverview::closeEvent(QCloseEvent*ce) +{ + //make sure session is deleted + req->logout(); + //actually close window + QMainWindow::closeEvent(ce); +} + +MOverview::~MOverview() +{ + //free requestor + req->deleteLater(); +} diff --git a/src/overview.h b/src/overview.h index f410bed..9c216ec 100644 --- a/src/overview.h +++ b/src/overview.h @@ -15,8 +15,20 @@ #include +class MWebRequest; + +/**Main Overview Window*/ class MOverview:public QMainWindow { + public: + /**construct the window with web-request/session handler and QSettings-key for current profile*/ + MOverview(MWebRequest*,QString); + ~MOverview(); + protected: + void closeEvent(QCloseEvent*); + private: + MWebRequest*req; + QString profilekey; }; #endif diff --git a/src/smoke.pro b/src/smoke.pro index a76239b..41fef86 100644 --- a/src/smoke.pro +++ b/src/smoke.pro @@ -20,12 +20,14 @@ SOURCES = \ mainwindow.cpp \ hmac.cpp \ code39.cpp \ - webrequest.cpp + webrequest.cpp \ + overview.cpp HEADERS = \ keygen.h \ mainwindow.h \ hmac.h \ - webrequest.h + webrequest.h \ + overview.h TRANSLATIONS = \ smoke_de.ts \ diff --git a/src/webrequest.cpp b/src/webrequest.cpp index 16a96ad..82286cc 100644 --- a/src/webrequest.cpp +++ b/src/webrequest.cpp @@ -220,6 +220,11 @@ bool MWebRequest::login(QString usr,QString pwd,QString hostname) return true; } +void MWebRequest::logout() +{ + request("closesession",QByteArray()); +} + QString MWebRequest::errorString() { return errstr; diff --git a/src/webrequest.h b/src/webrequest.h index 1418b3d..62fa55b 100644 --- a/src/webrequest.h +++ b/src/webrequest.h @@ -20,6 +20,7 @@ #include #include +/**abstraction of requests to the web server, handles sessions and all data transfer*/ class MWebRequest:public QObject { Q_OBJECT @@ -27,21 +28,31 @@ class MWebRequest:public QObject MWebRequest(); ~MWebRequest(); - bool request(QString,QByteArray a=QByteArray()); + /**generic request method, use the macro functions if possible; this function blocks until the request either succeeds, times out or fails; returns false if the request failed or timed out*/ + bool request(QString requestName,QByteArray data=QByteArray()); + /**returns the last error as string*/ QString errorString(); public slots: + /**set how long to wait for a web request*/ void setTimeout(int); + /**set URL to connect to*/ bool setUrl(QUrl); + /**set proxy to be used*/ void setProxy(QString,quint16,QString u=QString(),QString p=QString()); + /**log in to web server; requires username/password and the local host name as arguments*/ bool login(QString user,QString passwd,QString hostname); + /**log out of web server*/ + void logout(); private slots: + /**internal: used by wait loop for web requests*/ void httpFin(int,bool); signals: + /**internal: used by wait loop for web request*/ void requestFinInt(); private: diff --git a/www/inc/cauth_mhash.php b/www/inc/cauth_mhash.php index f20dcf2..7a1093e 100644 --- a/www/inc/cauth_mhash.php +++ b/www/inc/cauth_mhash.php @@ -15,12 +15,12 @@ function calcAuth($cha,$tok) { global $ClientAuthAlgo; switch($ClientAuthAlgo){ - case "md5":return mhash(MHASH_MD5,$cha.$tok); - case "sha1":return mhash(MHASH_SHA1,$cha.$tok); - case "sha256":return mhash(MHASH_SHA256,$cha.$tok); - case "hmac-md5":return mhash(MHASH_MD5,$cha,$tok); - case "hmac-sha1":return mhash(MHASH_SHA1,$cha,$tok); - case "hmac-sha256":return mhash(MHASH_SHA256,$cha,$tok); + case "md5":return bin2hex(mhash(MHASH_MD5,$cha.$tok)); + case "sha1":return bin2hex(mhash(MHASH_SHA1,$cha.$tok)); + case "sha256":return bin2hex(mhash(MHASH_SHA256,$cha.$tok)); + case "hmac-md5":return bin2hex(mhash(MHASH_MD5,$cha,$tok)); + case "hmac-sha1":return bin2hex(mhash(MHASH_SHA1,$cha,$tok)); + case "hmac-sha256":return bin2hex(mhash(MHASH_SHA256,$cha,$tok)); default:trigger_error("Internal error: unknown hash algorithm",E_USER_ERROR); } } diff --git a/www/inc/db.php b/www/inc/db.php index 453b46e..d429a84 100644 --- a/www/inc/db.php +++ b/www/inc/db.php @@ -175,13 +175,13 @@ abstract class DbEngine $ret.=$k."="; //append value if($dbScheme->isIntColumn($table,$k)) - $val.=$this->escapeInt($v); + $ret.=$this->escapeInt($v); else if($dbScheme->isStringColumn($table,$k)) - $val.=$this->escapeString($v); + $ret.=$this->escapeString($v); else //don't know how to escape it... - $val.="NULL"; + $ret.="NULL"; } $ret.=" WHERE ".$where; return $ret; diff --git a/www/inc/session.php b/www/inc/session.php index 3311ce3..9f76808 100644 --- a/www/inc/session.php +++ b/www/inc/session.php @@ -74,6 +74,14 @@ class Session return $this->user!=""; } + protected function xdie($str) + { + //debug version: +// print($str); + //all versions + exit(); + } + public function authenticate() { global $db,$REQUESTDATA; @@ -123,7 +131,7 @@ class Session if(count($ures)<1){ header("X-MagicSmoke-Status: Unauthenticated"); deleteSession(); - die("No such user"); + $this->xdie("No such user"); } //get allowed hosts $uhres=$db->select("userhosts","host","uname=".$db->escapeString($username)); @@ -142,7 +150,7 @@ class Session if(count($hres)<1){ header("X-MagicSmoke-Status: Unauthenticated"); deleteSession(); - die("unknown host"); + $this->xdie("unknown host"); } }else{ //check whether allowed @@ -150,13 +158,13 @@ class Session //host name not in allowed list header("X-MagicSmoke-Status: Unauthenticated"); deleteSession(); - die("host not allowed"); + $this->xdie("host not allowed"); } //check whether exists if(count($hres)<1){ header("X-MagicSmoke-Status: Unauthenticated"); deleteSession(); - die("No such host"); + $this->xdie("No such host"); } } //compare @@ -164,14 +172,14 @@ class Session if($ua!=$userauth){ header("X-MagicSmoke-Status: Unauthenticated"); deleteSession(); - die("Challenge failed $ua vs $userauth"); + $this->xdie("user challenge failed"); } if($needhostauth){ $ha=calcAuth($sres[0]["hchallenge"],$hres[0]["hostkey"]); if($ha!=$hostauth){ header("X-MagicSmoke-Status: Unauthenticated"); deleteSession(); - die("challenge failed"); + $this->xdie("host challenge failed"); } } //success