Use Sessions instead of saving password

author: Simon <simon@hardwired.org.uk> 2011-01-29 12:16:13 (GMT)
committer: Simon <simon@hardwired.org.uk> 2011-01-29 12:16:13 (GMT)
commit: f391b896d495410e703e88e06f3cec86323e6a81 (patch)
tree: 18f20c74be09dcfd7d8edb920bc2c62910be386e /src
parent: 9938378c0d7eed11dc3cf2db67dfd32d0c31dfd7 (diff)
download: powder-f391b896d495410e703e88e06f3cec86323e6a81.zip
powder-f391b896d495410e703e88e06f3cec86323e6a81.tar.gz
2 files changed, 57 insertions, 20 deletions
diff --git a/src/http.c b/src/http.c
index a68ea45..a881c73 100644
--- a/src/http.c
+++ b/src/http.c
@@ -680,7 +680,7 @@ char *http_simple_get(char *uri, int *ret, int *len)
 	return http_async_req_stop(ctx, ret, len);
 }
 static char hex[] = "0123456789abcdef";
-void http_auth_headers(void *ctx, char *user, char *pass)
+void http_auth_headers(void *ctx, char *user, char *pass, char *session_id)
 {
 	char *tmp;
 	int i;
@@ -690,7 +690,6 @@ void http_auth_headers(void *ctx, char *user, char *pass)
 
 	if (user)
 	{
-		http_async_add_header(ctx, "X-Auth-User", user);
 		if (pass)
 		{
 			md5_init(&md5);
@@ -710,9 +709,18 @@ void http_auth_headers(void *ctx, char *user, char *pass)
 			http_async_add_header(ctx, "X-Auth-Hash", tmp);
 			free(tmp);
 		}
+		if(session_id)
+		{
+			http_async_add_header(ctx, "X-Auth-User-Id", user);
+			http_async_add_header(ctx, "X-Auth-Session-Key", session_id);
+		}
+		else
+		{
+			http_async_add_header(ctx, "X-Auth-User", user);
+		}
 	}
 }
-char *http_auth_get(char *uri, char *user, char *pass, int *ret, int *len)
+char *http_auth_get(char *uri, char *user, char *pass, char *session_id, int *ret, int *len)
 {
 	void *ctx = http_async_req_start(NULL, uri, NULL, 0, 0);
 
@@ -870,7 +878,7 @@ char *http_ret_text(int ret)
 		return "Unknown Status Code";
 	}
 }
-char *http_multipart_post(char *uri, char **names, char **parts, int *plens, char *user, char *pass, int *ret, int *len)
+char *http_multipart_post(char *uri, char **names, char **parts, int *plens, char *user, char *pass, char *session_id, int *ret, int *len)
 {
 	void *ctx;
 	char *data = NULL, *tmp, *p;
@@ -965,7 +973,7 @@ retry:
 
 	if (user)
 	{
-		http_async_add_header(ctx, "X-Auth-User", user);
+		//http_async_add_header(ctx, "X-Auth-User", user);
 		if (pass)
 		{
 			md5_init(&md5);
@@ -1023,6 +1031,15 @@ retry:
 			http_async_add_header(ctx, "X-Auth-Hash", tmp);
 			free(tmp);
 		}
+		if(session_id)
+		{
+			http_async_add_header(ctx, "X-Auth-User-Id", user);
+			http_async_add_header(ctx, "X-Auth-Session-Key", session_id);
+		}
+		else
+		{
+			http_async_add_header(ctx, "X-Auth-User", user);
+		}
 	}
 
 	if (data)
diff --git a/src/interface.c b/src/interface.c
index 05016c2..eef4b5b 100644
--- a/src/interface.c
+++ b/src/interface.c
@@ -25,7 +25,9 @@ int svf_login = 0;
 int svf_admin = 0;
 int svf_mod = 0;
 char svf_user[64] = "";
+char svf_user_id[64] = "";
 char svf_pass[64] = "";
+char svf_session_id[64] = "";
 
 int svf_open = 0;
 int svf_own = 0;
@@ -836,7 +838,7 @@ void login_ui(pixel *vid_buf)
 	res = http_multipart_post(
 	          "http://" SERVER "/Login.api",
 	          NULL, NULL, NULL,
-	          svf_user, svf_pass,
+	          svf_user, svf_pass, NULL,
 	          &err, NULL);
 	if (err != 200)
 	{
@@ -845,14 +847,27 @@ void login_ui(pixel *vid_buf)
 			free(res);
 		goto fail;
 	}
-	if (res && !strncmp(res, "OK", 2))
-	{
-		if (!strcmp(res, "OK ADMIN"))
+	if (res && !strncmp(res, "OK ", 3))
+	{
+		char *s_id,*u_e,*nres;
+		s_id = strchr(res+3, ' ');
+		*(s_id++) = 0;
+		
+		u_e = strchr(s_id, ' ');
+		*(u_e++) = 0;
+		
+		strcpy(svf_user_id, res+3);
+		strcpy(svf_session_id, s_id);
+		nres = mystrdup(u_e);
+		
+		printf("\n{%s} {%s} {%s}\n", svf_user_id, svf_session_id, nres);
+		
+		if (!strncmp(nres, "ADMIN", 5))
 		{
 			svf_admin = 1;
 			svf_mod = 0;
 		}
-		else if (!strcmp(res, "OK MOD"))
+		else if (!strncmp(nres, "MOD", 3))
 		{
 			svf_admin = 0;
 			svf_mod = 1;
@@ -874,6 +889,8 @@ void login_ui(pixel *vid_buf)
 fail:
 	strcpy(svf_user, "");
 	strcpy(svf_pass, "");
+	strcpy(svf_user_id, "");
+	strcpy(svf_session_id, "");
 	svf_login = 0;
 	svf_own = 0;
 	svf_admin = 0;
@@ -2489,7 +2506,8 @@ int search_ui(pixel *vid_buf)
 			http = http_async_req_start(http, uri, NULL, 0, 1);
 			if (svf_login)
 			{
-				http_auth_headers(http, svf_user, svf_pass);
+				//http_auth_headers(http, svf_user, svf_pass);
+				http_auth_headers(http, svf_user_id, NULL, svf_session_id);
 			}
 			http_last_use = time(NULL);
 			free(uri);
@@ -2757,8 +2775,10 @@ int open_ui(pixel *vid_buf, char *save_id, char *save_date)
 	http_2 = http_async_req_start(http_2, uri_2, NULL, 0, 1);
 	if (svf_login)
 	{
-		http_auth_headers(http, svf_user, svf_pass);
-		http_auth_headers(http_2, svf_user, svf_pass);
+		//http_auth_headers(http, svf_user, svf_pass);
+		//http_auth_headers(http_2, svf_user, svf_pass);
+		http_auth_headers(http, svf_user_id, NULL, svf_session_id);
+		http_auth_headers(http_2, svf_user_id, NULL, svf_session_id);
 	}
 	http_last_use = time(NULL);
 	http_last_use_2 = time(NULL);
@@ -3483,7 +3503,7 @@ int execute_tagop(pixel *vid_buf, char *op, char *tag)
 	result = http_multipart_post(
 	             uri,
 	             names, parts, NULL,
-	             svf_user, svf_pass,
+	             svf_user_id, /*svf_pass*/NULL, svf_session_id,
 	             &status, NULL);
 
 	free(uri);
@@ -3543,7 +3563,7 @@ void execute_save(pixel *vid_buf)
 	result = http_multipart_post(
 	             "http://" SERVER "/Save.api",
 	             names, parts, plens,
-	             svf_user, svf_pass,
+	             svf_user_id, /*svf_pass*/NULL, svf_session_id,
 	             &status, NULL);
 
 	if (svf_last)
@@ -3600,7 +3620,7 @@ int execute_delete(pixel *vid_buf, char *id)
 	result = http_multipart_post(
 	             "http://" SERVER "/Delete.api",
 	             names, parts, NULL,
-	             svf_user, svf_pass,
+	             svf_user_id, /*svf_pass*/NULL, svf_session_id,
 	             &status, NULL);
 
 	if (status!=200)
@@ -3636,7 +3656,7 @@ void execute_submit(pixel *vid_buf, char *id, char *message)
 	result = http_multipart_post(
 	             "http://" SERVER "/Comment.api",
 	             names, parts, NULL,
-	             svf_user, svf_pass,
+	             svf_user_id, /*svf_pass*/NULL, svf_session_id,
 	             &status, NULL);
 
 	if (status!=200)
@@ -3671,7 +3691,7 @@ int execute_report(pixel *vid_buf, char *id, char *reason)
 	result = http_multipart_post(
 	             "http://" SERVER "/Report.api",
 	             names, parts, NULL,
-	             svf_user, svf_pass,
+	             svf_user_id, /*svf_pass*/NULL, svf_session_id,
 	             &status, NULL);
 
 	if (status!=200)
@@ -3706,7 +3726,7 @@ void execute_fav(pixel *vid_buf, char *id)
 	result = http_multipart_post(
 	             "http://" SERVER "/Favourite.api",
 	             names, parts, NULL,
-	             svf_user, svf_pass,
+	             svf_user_id, /*svf_pass*/NULL, svf_session_id,
 	             &status, NULL);
 
 	if (status!=200)
@@ -3741,7 +3761,7 @@ int execute_vote(pixel *vid_buf, char *id, char *action)
 	result = http_multipart_post(
 	             "http://" SERVER "/Vote.api",
 	             names, parts, NULL,
-	             svf_user, svf_pass,
+	             svf_user_id, /*svf_pass*/NULL, svf_session_id,
 	             &status, NULL);
 
 	if (status!=200)
author	Simon <simon@hardwired.org.uk>	2011-01-29 12:16:13 (GMT)
committer	Simon <simon@hardwired.org.uk>	2011-01-29 12:16:13 (GMT)
commit	f391b896d495410e703e88e06f3cec86323e6a81 (patch)
tree	18f20c74be09dcfd7d8edb920bc2c62910be386e /src
parent	9938378c0d7eed11dc3cf2db67dfd32d0c31dfd7 (diff)
download	powder-f391b896d495410e703e88e06f3cec86323e6a81.zip powder-f391b896d495410e703e88e06f3cec86323e6a81.tar.gz