user panel, logout script

This commit is contained in:
Tristan Smith 2024-09-23 01:21:45 -04:00
parent d2e62585c0
commit c980f32726
4 changed files with 62 additions and 33 deletions

View file

@ -5,6 +5,7 @@ import hashlib
import cgi import cgi
import os import os
import http.cookies import http.cookies
import time
# Get form data # Get form data
form = cgi.FieldStorage() form = cgi.FieldStorage()
@ -25,8 +26,21 @@ if result:
entered_password_hash = hashlib.sha256(password.encode()).hexdigest() entered_password_hash = hashlib.sha256(password.encode()).hexdigest()
if entered_password_hash == stored_password_hash: if entered_password_hash == stored_password_hash:
# Create a session (a simple token could be enough for now) # Create a session token and expiration time (e.g., 24 hours from now)
session_token = hashlib.sha256(os.urandom(32)).hexdigest() session_token = hashlib.sha256(os.urandom(32)).hexdigest()
expires_at = int(time.time()) + 86400 # 24 hours
# Log session creation for debugging
with open("/tmp/login_session_creation.log", "a") as f:
f.write(f"Creating session for user {username}\n")
f.write(f"Session Token: {session_token}\n")
f.write(f"Expires At: {expires_at}\n")
# Store the session in the sessions table
cursor.execute("INSERT INTO sessions (session_id, username, expires_at) VALUES (?, ?, ?)",
(session_token, username, expires_at))
db.commit()
# Set the session cookie # Set the session cookie
print("Content-Type: text/html") print("Content-Type: text/html")
print(f"Set-Cookie: session_id={session_token}; Path=/; HttpOnly") print(f"Set-Cookie: session_id={session_token}; Path=/; HttpOnly")

View file

@ -1,9 +1,10 @@
# logout.cgi #!/usr/bin/python3
import sqlite3
import os import os
import sqlite3
import http.cookies import http.cookies
# Set HTTP headers
print("Content-Type: text/html") print("Content-Type: text/html")
print("Set-Cookie: session_id=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT") print("Set-Cookie: session_id=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT")
print() print()
@ -12,6 +13,10 @@ print()
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
session_id = cookie.get('session_id') session_id = cookie.get('session_id')
# Log the logout process for debugging
with open("/tmp/logout_session.log", "a") as f:
f.write(f"Session ID: {session_id.value if session_id else 'None'}\n")
if session_id: if session_id:
session_id = session_id.value session_id = session_id.value
# Connect to SQLite and remove the session # Connect to SQLite and remove the session
@ -21,5 +26,8 @@ if session_id:
db.commit() db.commit()
db.close() db.close()
print("<h1>You have been logged out!</h1>") # Output the HTML for the logout page
print("<html><head><title>Logout</title></head>")
print("<body><h1>You have been logged out!</h1>")
print("<a href='/login/'>Login again</a>") print("<a href='/login/'>Login again</a>")
print("</body></html>")

View file

@ -1,15 +1,20 @@
import sqlite3 import sqlite3
import os
import http.cookies import http.cookies
import time import os
print("Content-Type: text/html") # Ensure the session_id is properly parsed
print() cookie = http.cookies.SimpleCookie(os.environ.get('HTTP_COOKIE', ''))
# Get the session ID from the cookie
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
session_id = cookie.get('session_id') session_id = cookie.get('session_id')
if session_id:
session_id = session_id.value
else:
session_id = None
# Log the session ID for debugging
with open("/tmp/user_panel_session.log", "a") as f:
f.write(f"Parsed session ID: {session_id}\n")
if session_id: if session_id:
session_id = session_id.value session_id = session_id.value
# Connect to SQLite and check the session # Connect to SQLite and check the session
@ -24,6 +29,8 @@ if session_id:
username = result[0] username = result[0]
print(f"<h1>Welcome, {username}!</h1>") print(f"<h1>Welcome, {username}!</h1>")
print("<p>This is your user panel.</p>") print("<p>This is your user panel.</p>")
print("<p>Here, for now, you can only log out.</p>")
print("<a href='/cgi-bin/logout.cgi'>Log out</a>")
else: else:
print("<h1>Session expired or invalid!</h1>") print("<h1>Session expired or invalid!</h1>")
print("<a href='/login/'>Login again</a>") print("<a href='/login/'>Login again</a>")

View file

@ -11,7 +11,7 @@
<!-- Header --> <!-- Header -->
<tr> <tr>
<td colspan="2" class="header"> <td colspan="2" class="header">
<h1>Welcome to Your User Panel</h1> <h1>Welcome to monotreme.org's User Panel</h1>
</td> </td>
</tr> </tr>