Commit ab2e986d authored by Leigh B. Stoller's avatar Leigh B. Stoller

Uh, lets commit the right version of this file.

parent 8de5f326
...@@ -23,7 +23,7 @@ use lib ( '../lib' ); ...@@ -23,7 +23,7 @@ use lib ( '../lib' );
use TWiki; use TWiki;
use TWiki::Plugins::SessionPlugin; use TWiki::Plugins::SessionPlugin;
my $oopsurl = "oopsnoweb"; my $oopsurl = "oopsloginfail";
$query= new CGI; $query= new CGI;
...@@ -33,12 +33,15 @@ sub main ...@@ -33,12 +33,15 @@ sub main
{ {
my $username = $query->param('username'); my $username = $query->param('username');
my $password = $query->param('password'); my $password = $query->param('password');
my $redurl = $query->param('redurl');
chomp($username); chomp($username);
chomp($password); chomp($password);
if (! ($username && $password)) { if (! ($username && $password)) {
my $url = &TWiki::getOopsUrl(undef, "", $oopsurl); my $url = &TWiki::getOopsUrl(undef, "", $oopsurl,
"Missing arguments (username or password)");
TWiki::redirect( $query, $url ); TWiki::redirect( $query, $url );
return; return;
} }
...@@ -48,8 +51,8 @@ sub main ...@@ -48,8 +51,8 @@ sub main
# #
my $pwentry; my $pwentry;
open(HTP, $htpasswdFilename) or open(HTP, $TWiki::htpasswdFilename) or
die("Could not open $htpasswdFilename\n"); die("Could not open $TWiki::htpasswdFilename\n");
while (<HTP>) { while (<HTP>) {
if ($_ =~ /^${username}:.*$/) { if ($_ =~ /^${username}:.*$/) {
...@@ -60,7 +63,8 @@ sub main ...@@ -60,7 +63,8 @@ sub main
close(HTP); close(HTP);
if (!defined($pwentry)) { if (!defined($pwentry)) {
my $url = &TWiki::getOopsUrl(undef, "", $oopsurl); my $url = &TWiki::getOopsUrl(undef, "", $oopsurl,
"No such user: '$username'");
TWiki::redirect( $query, $url ); TWiki::redirect( $query, $url );
return; return;
} }
...@@ -71,15 +75,38 @@ sub main ...@@ -71,15 +75,38 @@ sub main
my ($wikiname, $encryptedpasswd) = split(":", $pwentry); my ($wikiname, $encryptedpasswd) = split(":", $pwentry);
chomp($encryptedpasswd); chomp($encryptedpasswd);
my $salt = substr($encryptedpasswd, 0, 2); my $str = crypt($password, $encryptedpasswd);
my $str = crypt($password, $salt);
if ($str ne $encryptedpasswd) { if ($str ne $encryptedpasswd) {
my $url = &TWiki::getOopsUrl(undef, "", $oopsurl); my $url = &TWiki::getOopsUrl(undef, "", $oopsurl,
"Incorrect Password");
TWiki::redirect( $query, $url ); TWiki::redirect( $query, $url );
return; return;
} }
# This causes the query object to suddenly have a remote_user() value.
# SessionPlugin uses that ...
$ENV{REMOTE_USER} = $username;
#
# Stuff we need to pass down. Note that I am not bothering with the
# topic cause of how this script will typically be invoked.
#
my $thePathInfo = $query->path_info();
my $theRemoteUser = $query->remote_user();
my $theUrl = $query->url;
my $theTopic = (defined($redurl) ? $redurl : "");
# This appears to be necessary.
$query->delete_all();
my ($topic, $webName) =
&TWiki::initialize($thePathInfo, $theRemoteUser,
$theTopic, $theUrl, $query);
my $url = &TWiki::getViewUrl($webName, $topic);
$url .= ( '?' . $query->query_string() ) if $query->query_string();
&TWiki::redirect( $query, $url );
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment