From e5a06090c5f18be6a2a15064c37df6599a7b21f7 Mon Sep 17 00:00:00 2001 From: Tristan Smith Date: Mon, 23 Sep 2024 02:00:19 -0400 Subject: [PATCH] updates --- login/register/index.html | 11 +++ scripts/login.cgi | 2 + scripts/logout.cgi | 1 + scripts/register.cgi | 156 +++++++++++++++++++------------------- scripts/user_panel.cgi | 63 ++++++++------- 5 files changed, 131 insertions(+), 102 deletions(-) diff --git a/login/register/index.html b/login/register/index.html index 612af03..9cf2493 100644 --- a/login/register/index.html +++ b/login/register/index.html @@ -59,5 +59,16 @@ + diff --git a/scripts/login.cgi b/scripts/login.cgi index ff0a100..eb63a74 100644 --- a/scripts/login.cgi +++ b/scripts/login.cgi @@ -39,6 +39,8 @@ if result: # Store the session in the sessions table cursor.execute("INSERT INTO sessions (session_id, username, expires_at) VALUES (?, ?, ?)", (session_token, username, expires_at)) + last_login = time.strftime('%Y-%m-%d %H:%M:%S', time.gmtime()) + cursor.execute("UPDATE users SET last_login=? WHERE username=?", (last_login, username)) db.commit() # Set the session cookie diff --git a/scripts/logout.cgi b/scripts/logout.cgi index bdd7b18..e56bcaf 100644 --- a/scripts/logout.cgi +++ b/scripts/logout.cgi @@ -31,3 +31,4 @@ print("Logout") print("

You have been logged out!

") print("Login again") print("") + \ No newline at end of file diff --git a/scripts/register.cgi b/scripts/register.cgi index b4a0c27..4d7e553 100644 --- a/scripts/register.cgi +++ b/scripts/register.cgi @@ -1,92 +1,96 @@ - #!/bin/bash +#!/bin/bash - echo "Content-type: text/html" - echo "" +echo "Content-type: text/html" +echo "" - # Log the raw POST data for debugging - read POST_DATA - echo "POST Data: $POST_DATA" >> /tmp/register_form.log +# Log the raw POST data for debugging +read POST_DATA +echo "POST Data: $POST_DATA" >> /tmp/register_form.log - # URL decoding function - urldecode() { - local url_encoded="${1//+/ }" - printf '%b' "${url_encoded//%/\\x}" - } +# URL decoding function +urldecode() { + local url_encoded="${1//+/ }" + printf '%b' "${url_encoded//%/\\x}" +} - # Parse the form data using IFS - USERNAME="" - EMAIL="" - PASSWORD="" - CONFIRM_PASSWORD="" +# Parse the form data using IFS +USERNAME="" +EMAIL="" +PASSWORD="" +CONFIRM_PASSWORD="" - IFS='&' # Split fields by "&" - for param in $POST_DATA; do - IFS='=' read -r key value <<< "$param" - key=$(urldecode "$key") - value=$(urldecode "$value") - - case $key in - username) USERNAME="$value" ;; - email) EMAIL="$value" ;; - password) PASSWORD="$value" ;; - confirm_password) CONFIRM_PASSWORD="$value" ;; - esac - done +IFS='&' # Split fields by "&" +for param in $POST_DATA; do + IFS='=' read -r key value <<< "$param" + key=$(urldecode "$key") + value=$(urldecode "$value") + + case $key in + username) USERNAME="$value" ;; + email) EMAIL="$value" ;; + password) PASSWORD="$value" ;; + confirm_password) CONFIRM_PASSWORD="$value" ;; + esac +done - # Check if passwords match - if [ "$PASSWORD" != "$CONFIRM_PASSWORD" ]; then - cat < - Registration Failed - -

Passwords do not match!

- Go back - - - EOF - exit 1 - fi +# Check if passwords match +if [ "$PASSWORD" != "$CONFIRM_PASSWORD" ]; then + cat < +Registration Failed + +

Passwords do not match!

+Go back + + +EOF + exit 1 +fi - # Hash the password using SHA-256 - PASSWORD_HASH=$(echo -n "$PASSWORD" | sha256sum | awk '{print $1}') +# Hash the password using SHA-256 +PASSWORD_HASH=$(echo -n "$PASSWORD" | sha256sum | awk '{print $1}') - # Insert the user into the SQLite database - DB_PATH="/var/lib/monotreme/data/monotreme.db" - sqlite3 $DB_PATH "INSERT INTO users (username, email, password_hash) VALUES ('$USERNAME', '$EMAIL', '$PASSWORD_HASH');" 2>> /tmp/register_form.log +# Generate the current timestamp for date_joined in UTC format +DATE_JOINED=$(date -u +"%Y-%m-%d %H:%M:%S") - # Log the username and email for debugging - echo "Username: $USERNAME, Email: $EMAIL" >> /tmp/register_form.log +# Insert the user into the SQLite database, including date_joined +DB_PATH="/var/lib/monotreme/data/monotreme.db" +sqlite3 $DB_PATH "INSERT INTO users (username, email, password_hash, date_joined) VALUES ('$USERNAME', '$EMAIL', '$PASSWORD_HASH', '$DATE_JOINED');" 2>> /tmp/register_form.log - # Create the email with proper headers - EMAIL_BODY=$(cat <> /tmp/register_form.log - Hello $USERNAME, +# Create the email with proper headers +EMAIL_BODY=$(cat <> /tmp/register_form.log +Best regards, +Tristan +monotreme.org team +EOF +) - # Send the email using msmtp (or your protonmail-bridge setup) - echo "$EMAIL_BODY" | msmtp --account=monotreme "$EMAIL" +# Log the email body for debugging +echo "Email Body: $EMAIL_BODY" >> /tmp/register_form.log - # Response back to the browser - cat < - Registration Successful - -

Registration successful!

-

A confirmation email has been sent to $EMAIL.

- Go to login page - - - EOF +# Send the email using msmtp (or your protonmail-bridge setup) +echo "$EMAIL_BODY" | msmtp --account=monotreme "$EMAIL" + +# Response back to the browser +cat < +Registration Successful + +

Registration successful!

+

A confirmation email has been sent to $EMAIL.

+Go to login page + + +EOF + \ No newline at end of file diff --git a/scripts/user_panel.cgi b/scripts/user_panel.cgi index c6895e7..f49a418 100644 --- a/scripts/user_panel.cgi +++ b/scripts/user_panel.cgi @@ -1,9 +1,9 @@ #!/usr/bin/python3 import sqlite3 -import http.cookies import os -import time # Ensure we import time for the timestamp check +import http.cookies +import time print("Content-Type: text/html") print() @@ -12,44 +12,55 @@ print() cookie = http.cookies.SimpleCookie(os.environ.get('HTTP_COOKIE', '')) session_id = cookie.get('session_id') -# Log the session ID for debugging -with open("/tmp/user_panel_session.log", "a") as f: - f.write(f"Parsed session ID: {session_id.value if session_id else 'None'}\n") - if session_id: session_id = session_id.value - # Connect to SQLite and check the session db = sqlite3.connect('/var/lib/monotreme/data/monotreme.db') cursor = db.cursor() - # Log the current timestamp for debugging - current_time = int(time.time()) - with open("/tmp/user_panel_session.log", "a") as f: - f.write(f"Current time (UNIX timestamp): {current_time}\n") - # Check if the session exists and is still valid - cursor.execute("SELECT username, expires_at FROM sessions WHERE session_id=? AND expires_at > ?", (session_id, current_time)) + cursor.execute("SELECT username FROM sessions WHERE session_id=? AND expires_at > ?", (session_id, int(time.time()))) result = cursor.fetchone() if result: - username, expires_at = result - - # Log the session expiration time for debugging - with open("/tmp/user_panel_session.log", "a") as f: - f.write(f"Session found for user: {username}\n") - f.write(f"Session expires at: {expires_at}, Current time: {current_time}\n") - - # Print the user panel + username = result[0] print(f"

Welcome, {username}!

") print("

This is your user panel.

") - print("

This panel contains nothing but the ability to logout.

") - print('Logout') + print("

This page contains a couple things once I figure out how databases work.

") + + # Fetch and display profile info + cursor.execute("SELECT email, date_joined, last_login FROM users WHERE username=?", (username,)) + profile_info = cursor.fetchone() + if profile_info: + email, date_joined, last_login = profile_info + print(f"

Email: {email}

") + print(f"

Date Joined: {date_joined}

") + print(f"

Last Login: {last_login}

") + + # Fetch and display recent activity + cursor.execute("SELECT action, timestamp FROM activity_log WHERE username=? ORDER BY timestamp DESC LIMIT 5", (username,)) + recent_activity = cursor.fetchall() + print("

Recent Activity

") + if recent_activity: + for action, timestamp in recent_activity: + time_str = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(timestamp)) + print(f"

{action} at {time_str}

") + else: + print("

No recent activity

") + + # Fetch and display notifications + cursor.execute("SELECT message, timestamp FROM notifications WHERE username=? AND read=0 ORDER BY timestamp DESC", (username,)) + notifications = cursor.fetchall() + print("

Notifications

") + if notifications: + for message, timestamp in notifications: + time_str = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(timestamp)) + print(f"

{message} at {time_str}

") + else: + print("

No new notifications

") else: - with open("/tmp/user_panel_session.log", "a") as f: - f.write("Session expired or invalid.\n") print("

Session expired or invalid!

") print("Login again") else: print("

No session found!

") - print("Login again") \ No newline at end of file + print("Login again")