From c980f3272696a076bb270f6f885e3593db843996 Mon Sep 17 00:00:00 2001 From: Tristan Smith Date: Mon, 23 Sep 2024 01:21:45 -0400 Subject: [PATCH] user panel, logout script --- scripts/login.cgi | 16 ++++++++++- scripts/logout.cgi | 14 ++++++++-- scripts/user_panel.cgi | 63 +++++++++++++++++++++++------------------- user_panel/index.html | 2 +- 4 files changed, 62 insertions(+), 33 deletions(-) diff --git a/scripts/login.cgi b/scripts/login.cgi index ccf29a3..ff0a100 100644 --- a/scripts/login.cgi +++ b/scripts/login.cgi @@ -5,6 +5,7 @@ import hashlib import cgi import os import http.cookies +import time # Get form data form = cgi.FieldStorage() @@ -25,8 +26,21 @@ if result: entered_password_hash = hashlib.sha256(password.encode()).hexdigest() if entered_password_hash == stored_password_hash: - # Create a session (a simple token could be enough for now) + # Create a session token and expiration time (e.g., 24 hours from now) session_token = hashlib.sha256(os.urandom(32)).hexdigest() + expires_at = int(time.time()) + 86400 # 24 hours + + # Log session creation for debugging + with open("/tmp/login_session_creation.log", "a") as f: + f.write(f"Creating session for user {username}\n") + f.write(f"Session Token: {session_token}\n") + f.write(f"Expires At: {expires_at}\n") + + # Store the session in the sessions table + cursor.execute("INSERT INTO sessions (session_id, username, expires_at) VALUES (?, ?, ?)", + (session_token, username, expires_at)) + db.commit() + # Set the session cookie print("Content-Type: text/html") print(f"Set-Cookie: session_id={session_token}; Path=/; HttpOnly") diff --git a/scripts/logout.cgi b/scripts/logout.cgi index 1e36b0f..bdd7b18 100644 --- a/scripts/logout.cgi +++ b/scripts/logout.cgi @@ -1,9 +1,10 @@ -# logout.cgi +#!/usr/bin/python3 -import sqlite3 import os +import sqlite3 import http.cookies +# Set HTTP headers print("Content-Type: text/html") print("Set-Cookie: session_id=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT") print() @@ -12,6 +13,10 @@ print() cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) session_id = cookie.get('session_id') +# Log the logout process for debugging +with open("/tmp/logout_session.log", "a") as f: + f.write(f"Session ID: {session_id.value if session_id else 'None'}\n") + if session_id: session_id = session_id.value # Connect to SQLite and remove the session @@ -21,5 +26,8 @@ if session_id: db.commit() db.close() -print("

You have been logged out!

") +# Output the HTML for the logout page +print("Logout") +print("

You have been logged out!

") print("Login again") +print("") diff --git a/scripts/user_panel.cgi b/scripts/user_panel.cgi index 7fa5220..42abbbd 100644 --- a/scripts/user_panel.cgi +++ b/scripts/user_panel.cgi @@ -1,32 +1,39 @@ -import sqlite3 -import os -import http.cookies -import time + import sqlite3 + import http.cookies + import os -print("Content-Type: text/html") -print() + # Ensure the session_id is properly parsed + cookie = http.cookies.SimpleCookie(os.environ.get('HTTP_COOKIE', '')) + session_id = cookie.get('session_id') -# Get the session ID from the cookie -cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) -session_id = cookie.get('session_id') - -if session_id: - session_id = session_id.value - # Connect to SQLite and check the session - db = sqlite3.connect('/var/lib/monotreme/data/monotreme.db') - cursor = db.cursor() - - # Check if the session exists and is still valid - cursor.execute("SELECT username FROM sessions WHERE session_id=? AND expires_at > ?", (session_id, int(time.time()))) - result = cursor.fetchone() - - if result: - username = result[0] - print(f"

Welcome, {username}!

") - print("

This is your user panel.

") + if session_id: + session_id = session_id.value else: - print("

Session expired or invalid!

") + session_id = None + + # Log the session ID for debugging + with open("/tmp/user_panel_session.log", "a") as f: + f.write(f"Parsed session ID: {session_id}\n") + + if session_id: + session_id = session_id.value + # Connect to SQLite and check the session + db = sqlite3.connect('/var/lib/monotreme/data/monotreme.db') + cursor = db.cursor() + + # Check if the session exists and is still valid + cursor.execute("SELECT username FROM sessions WHERE session_id=? AND expires_at > ?", (session_id, int(time.time()))) + result = cursor.fetchone() + + if result: + username = result[0] + print(f"

Welcome, {username}!

") + print("

This is your user panel.

") + print("

Here, for now, you can only log out.

") + print("Log out") + else: + print("

Session expired or invalid!

") + print("Login again") + else: + print("

No session found!

") print("Login again") -else: - print("

No session found!

") - print("Login again") diff --git a/user_panel/index.html b/user_panel/index.html index 2f68e51..f4d3465 100644 --- a/user_panel/index.html +++ b/user_panel/index.html @@ -11,7 +11,7 @@ -

Welcome to Your User Panel

+

Welcome to monotreme.org's User Panel