user panel, logout script
This commit is contained in:
parent
d2e62585c0
commit
c980f32726
4 changed files with 62 additions and 33 deletions
|
@ -5,6 +5,7 @@ import hashlib
|
||||||
import cgi
|
import cgi
|
||||||
import os
|
import os
|
||||||
import http.cookies
|
import http.cookies
|
||||||
|
import time
|
||||||
|
|
||||||
# Get form data
|
# Get form data
|
||||||
form = cgi.FieldStorage()
|
form = cgi.FieldStorage()
|
||||||
|
@ -25,8 +26,21 @@ if result:
|
||||||
entered_password_hash = hashlib.sha256(password.encode()).hexdigest()
|
entered_password_hash = hashlib.sha256(password.encode()).hexdigest()
|
||||||
|
|
||||||
if entered_password_hash == stored_password_hash:
|
if entered_password_hash == stored_password_hash:
|
||||||
# Create a session (a simple token could be enough for now)
|
# Create a session token and expiration time (e.g., 24 hours from now)
|
||||||
session_token = hashlib.sha256(os.urandom(32)).hexdigest()
|
session_token = hashlib.sha256(os.urandom(32)).hexdigest()
|
||||||
|
expires_at = int(time.time()) + 86400 # 24 hours
|
||||||
|
|
||||||
|
# Log session creation for debugging
|
||||||
|
with open("/tmp/login_session_creation.log", "a") as f:
|
||||||
|
f.write(f"Creating session for user {username}\n")
|
||||||
|
f.write(f"Session Token: {session_token}\n")
|
||||||
|
f.write(f"Expires At: {expires_at}\n")
|
||||||
|
|
||||||
|
# Store the session in the sessions table
|
||||||
|
cursor.execute("INSERT INTO sessions (session_id, username, expires_at) VALUES (?, ?, ?)",
|
||||||
|
(session_token, username, expires_at))
|
||||||
|
db.commit()
|
||||||
|
|
||||||
# Set the session cookie
|
# Set the session cookie
|
||||||
print("Content-Type: text/html")
|
print("Content-Type: text/html")
|
||||||
print(f"Set-Cookie: session_id={session_token}; Path=/; HttpOnly")
|
print(f"Set-Cookie: session_id={session_token}; Path=/; HttpOnly")
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
# logout.cgi
|
#!/usr/bin/python3
|
||||||
|
|
||||||
import sqlite3
|
|
||||||
import os
|
import os
|
||||||
|
import sqlite3
|
||||||
import http.cookies
|
import http.cookies
|
||||||
|
|
||||||
|
# Set HTTP headers
|
||||||
print("Content-Type: text/html")
|
print("Content-Type: text/html")
|
||||||
print("Set-Cookie: session_id=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT")
|
print("Set-Cookie: session_id=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT")
|
||||||
print()
|
print()
|
||||||
|
@ -12,6 +13,10 @@ print()
|
||||||
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
|
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
|
||||||
session_id = cookie.get('session_id')
|
session_id = cookie.get('session_id')
|
||||||
|
|
||||||
|
# Log the logout process for debugging
|
||||||
|
with open("/tmp/logout_session.log", "a") as f:
|
||||||
|
f.write(f"Session ID: {session_id.value if session_id else 'None'}\n")
|
||||||
|
|
||||||
if session_id:
|
if session_id:
|
||||||
session_id = session_id.value
|
session_id = session_id.value
|
||||||
# Connect to SQLite and remove the session
|
# Connect to SQLite and remove the session
|
||||||
|
@ -21,5 +26,8 @@ if session_id:
|
||||||
db.commit()
|
db.commit()
|
||||||
db.close()
|
db.close()
|
||||||
|
|
||||||
print("<h1>You have been logged out!</h1>")
|
# Output the HTML for the logout page
|
||||||
|
print("<html><head><title>Logout</title></head>")
|
||||||
|
print("<body><h1>You have been logged out!</h1>")
|
||||||
print("<a href='/login/'>Login again</a>")
|
print("<a href='/login/'>Login again</a>")
|
||||||
|
print("</body></html>")
|
||||||
|
|
|
@ -1,15 +1,20 @@
|
||||||
import sqlite3
|
import sqlite3
|
||||||
import os
|
|
||||||
import http.cookies
|
import http.cookies
|
||||||
import time
|
import os
|
||||||
|
|
||||||
print("Content-Type: text/html")
|
# Ensure the session_id is properly parsed
|
||||||
print()
|
cookie = http.cookies.SimpleCookie(os.environ.get('HTTP_COOKIE', ''))
|
||||||
|
|
||||||
# Get the session ID from the cookie
|
|
||||||
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
|
|
||||||
session_id = cookie.get('session_id')
|
session_id = cookie.get('session_id')
|
||||||
|
|
||||||
|
if session_id:
|
||||||
|
session_id = session_id.value
|
||||||
|
else:
|
||||||
|
session_id = None
|
||||||
|
|
||||||
|
# Log the session ID for debugging
|
||||||
|
with open("/tmp/user_panel_session.log", "a") as f:
|
||||||
|
f.write(f"Parsed session ID: {session_id}\n")
|
||||||
|
|
||||||
if session_id:
|
if session_id:
|
||||||
session_id = session_id.value
|
session_id = session_id.value
|
||||||
# Connect to SQLite and check the session
|
# Connect to SQLite and check the session
|
||||||
|
@ -24,6 +29,8 @@ if session_id:
|
||||||
username = result[0]
|
username = result[0]
|
||||||
print(f"<h1>Welcome, {username}!</h1>")
|
print(f"<h1>Welcome, {username}!</h1>")
|
||||||
print("<p>This is your user panel.</p>")
|
print("<p>This is your user panel.</p>")
|
||||||
|
print("<p>Here, for now, you can only log out.</p>")
|
||||||
|
print("<a href='/cgi-bin/logout.cgi'>Log out</a>")
|
||||||
else:
|
else:
|
||||||
print("<h1>Session expired or invalid!</h1>")
|
print("<h1>Session expired or invalid!</h1>")
|
||||||
print("<a href='/login/'>Login again</a>")
|
print("<a href='/login/'>Login again</a>")
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
<!-- Header -->
|
<!-- Header -->
|
||||||
<tr>
|
<tr>
|
||||||
<td colspan="2" class="header">
|
<td colspan="2" class="header">
|
||||||
<h1>Welcome to Your User Panel</h1>
|
<h1>Welcome to monotreme.org's User Panel</h1>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue