diff --git a/scripts/login.cgi b/scripts/login.cgi index ccf29a3..ff0a100 100644 --- a/scripts/login.cgi +++ b/scripts/login.cgi @@ -5,6 +5,7 @@ import hashlib import cgi import os import http.cookies +import time # Get form data form = cgi.FieldStorage() @@ -25,8 +26,21 @@ if result: entered_password_hash = hashlib.sha256(password.encode()).hexdigest() if entered_password_hash == stored_password_hash: - # Create a session (a simple token could be enough for now) + # Create a session token and expiration time (e.g., 24 hours from now) session_token = hashlib.sha256(os.urandom(32)).hexdigest() + expires_at = int(time.time()) + 86400 # 24 hours + + # Log session creation for debugging + with open("/tmp/login_session_creation.log", "a") as f: + f.write(f"Creating session for user {username}\n") + f.write(f"Session Token: {session_token}\n") + f.write(f"Expires At: {expires_at}\n") + + # Store the session in the sessions table + cursor.execute("INSERT INTO sessions (session_id, username, expires_at) VALUES (?, ?, ?)", + (session_token, username, expires_at)) + db.commit() + # Set the session cookie print("Content-Type: text/html") print(f"Set-Cookie: session_id={session_token}; Path=/; HttpOnly") diff --git a/scripts/logout.cgi b/scripts/logout.cgi index 1e36b0f..bdd7b18 100644 --- a/scripts/logout.cgi +++ b/scripts/logout.cgi @@ -1,9 +1,10 @@ -# logout.cgi +#!/usr/bin/python3 -import sqlite3 import os +import sqlite3 import http.cookies +# Set HTTP headers print("Content-Type: text/html") print("Set-Cookie: session_id=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT") print() @@ -12,6 +13,10 @@ print() cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) session_id = cookie.get('session_id') +# Log the logout process for debugging +with open("/tmp/logout_session.log", "a") as f: + f.write(f"Session ID: {session_id.value if session_id else 'None'}\n") + if session_id: session_id = session_id.value # Connect to SQLite and remove the session @@ -21,5 +26,8 @@ if session_id: db.commit() db.close() -print("
This is your user panel.
") + if session_id: + session_id = session_id.value else: - print("This is your user panel.
") + print("Here, for now, you can only log out.
") + print("Log out") + else: + print("