This commit is contained in:
Tristan Smith 2024-09-23 02:00:19 -04:00
parent 573551bd32
commit e5a06090c5
5 changed files with 131 additions and 102 deletions

View file

@ -59,5 +59,16 @@
</td> </td>
</tr> </tr>
</table> </table>
<script>
document.querySelector('form').addEventListener('submit', function(e) {
var password = document.getElementById('password').value;
var confirm_password = document.getElementById('confirm_password').value;
if (password !== confirm_password) {
e.preventDefault(); // Prevent form submission
alert('Passwords do not match!');
}
});
</script>
</body> </body>
</html> </html>

View file

@ -39,6 +39,8 @@ if result:
# Store the session in the sessions table # Store the session in the sessions table
cursor.execute("INSERT INTO sessions (session_id, username, expires_at) VALUES (?, ?, ?)", cursor.execute("INSERT INTO sessions (session_id, username, expires_at) VALUES (?, ?, ?)",
(session_token, username, expires_at)) (session_token, username, expires_at))
last_login = time.strftime('%Y-%m-%d %H:%M:%S', time.gmtime())
cursor.execute("UPDATE users SET last_login=? WHERE username=?", (last_login, username))
db.commit() db.commit()
# Set the session cookie # Set the session cookie

View file

@ -31,3 +31,4 @@ print("<html><head><title>Logout</title></head>")
print("<body><h1>You have been logged out!</h1>") print("<body><h1>You have been logged out!</h1>")
print("<a href='/login/'>Login again</a>") print("<a href='/login/'>Login again</a>")
print("</body></html>") print("</body></html>")

View file

@ -1,26 +1,26 @@
#!/bin/bash #!/bin/bash
echo "Content-type: text/html" echo "Content-type: text/html"
echo "" echo ""
# Log the raw POST data for debugging # Log the raw POST data for debugging
read POST_DATA read POST_DATA
echo "POST Data: $POST_DATA" >> /tmp/register_form.log echo "POST Data: $POST_DATA" >> /tmp/register_form.log
# URL decoding function # URL decoding function
urldecode() { urldecode() {
local url_encoded="${1//+/ }" local url_encoded="${1//+/ }"
printf '%b' "${url_encoded//%/\\x}" printf '%b' "${url_encoded//%/\\x}"
} }
# Parse the form data using IFS # Parse the form data using IFS
USERNAME="" USERNAME=""
EMAIL="" EMAIL=""
PASSWORD="" PASSWORD=""
CONFIRM_PASSWORD="" CONFIRM_PASSWORD=""
IFS='&' # Split fields by "&" IFS='&' # Split fields by "&"
for param in $POST_DATA; do for param in $POST_DATA; do
IFS='=' read -r key value <<< "$param" IFS='=' read -r key value <<< "$param"
key=$(urldecode "$key") key=$(urldecode "$key")
value=$(urldecode "$value") value=$(urldecode "$value")
@ -31,62 +31,66 @@
password) PASSWORD="$value" ;; password) PASSWORD="$value" ;;
confirm_password) CONFIRM_PASSWORD="$value" ;; confirm_password) CONFIRM_PASSWORD="$value" ;;
esac esac
done done
# Check if passwords match # Check if passwords match
if [ "$PASSWORD" != "$CONFIRM_PASSWORD" ]; then if [ "$PASSWORD" != "$CONFIRM_PASSWORD" ]; then
cat <<EOF cat <<EOF
<html> <html>
<head><title>Registration Failed</title></head> <head><title>Registration Failed</title></head>
<body> <body>
<h1>Passwords do not match!</h1> <h1>Passwords do not match!</h1>
<a href="/login/register/">Go back</a> <a href="/login/register/">Go back</a>
</body> </body>
</html> </html>
EOF EOF
exit 1 exit 1
fi fi
# Hash the password using SHA-256 # Hash the password using SHA-256
PASSWORD_HASH=$(echo -n "$PASSWORD" | sha256sum | awk '{print $1}') PASSWORD_HASH=$(echo -n "$PASSWORD" | sha256sum | awk '{print $1}')
# Insert the user into the SQLite database # Generate the current timestamp for date_joined in UTC format
DB_PATH="/var/lib/monotreme/data/monotreme.db" DATE_JOINED=$(date -u +"%Y-%m-%d %H:%M:%S")
sqlite3 $DB_PATH "INSERT INTO users (username, email, password_hash) VALUES ('$USERNAME', '$EMAIL', '$PASSWORD_HASH');" 2>> /tmp/register_form.log
# Log the username and email for debugging # Insert the user into the SQLite database, including date_joined
echo "Username: $USERNAME, Email: $EMAIL" >> /tmp/register_form.log DB_PATH="/var/lib/monotreme/data/monotreme.db"
sqlite3 $DB_PATH "INSERT INTO users (username, email, password_hash, date_joined) VALUES ('$USERNAME', '$EMAIL', '$PASSWORD_HASH', '$DATE_JOINED');" 2>> /tmp/register_form.log
# Create the email with proper headers # Log the username and email for debugging
EMAIL_BODY=$(cat <<EOF echo "Username: $USERNAME, Email: $EMAIL" >> /tmp/register_form.log
From: info@monotreme.org
To: $EMAIL
Subject: Welcome to monotreme.org
Hello $USERNAME, # Create the email with proper headers
EMAIL_BODY=$(cat <<EOF
From: info@monotreme.org
To: $EMAIL
Subject: Welcome to monotreme.org
Thank you for registering at monotreme.org. You can now log in with your credentials. I hope you enjoy the world of the monotreme! Hello $USERNAME,
Best regards, Thank you for registering at monotreme.org. You can now log in with your credentials. I hope you enjoy the world of the monotreme!
Tristan
monotreme.org team
EOF
)
# Log the email body for debugging Best regards,
echo "Email Body: $EMAIL_BODY" >> /tmp/register_form.log Tristan
monotreme.org team
EOF
)
# Send the email using msmtp (or your protonmail-bridge setup) # Log the email body for debugging
echo "$EMAIL_BODY" | msmtp --account=monotreme "$EMAIL" echo "Email Body: $EMAIL_BODY" >> /tmp/register_form.log
# Send the email using msmtp (or your protonmail-bridge setup)
echo "$EMAIL_BODY" | msmtp --account=monotreme "$EMAIL"
# Response back to the browser
cat <<EOF
<html>
<head><title>Registration Successful</title></head>
<body>
<h1>Registration successful!</h1>
<p>A confirmation email has been sent to $EMAIL.</p>
<a href="/login/">Go to login page</a>
</body>
</html>
EOF
# Response back to the browser
cat <<EOF
<html>
<head><title>Registration Successful</title></head>
<body>
<h1>Registration successful!</h1>
<p>A confirmation email has been sent to $EMAIL.</p>
<a href="/login/">Go to login page</a>
</body>
</html>
EOF

View file

@ -1,9 +1,9 @@
#!/usr/bin/python3 #!/usr/bin/python3
import sqlite3 import sqlite3
import http.cookies
import os import os
import time # Ensure we import time for the timestamp check import http.cookies
import time
print("Content-Type: text/html") print("Content-Type: text/html")
print() print()
@ -12,42 +12,53 @@ print()
cookie = http.cookies.SimpleCookie(os.environ.get('HTTP_COOKIE', '')) cookie = http.cookies.SimpleCookie(os.environ.get('HTTP_COOKIE', ''))
session_id = cookie.get('session_id') session_id = cookie.get('session_id')
# Log the session ID for debugging
with open("/tmp/user_panel_session.log", "a") as f:
f.write(f"Parsed session ID: {session_id.value if session_id else 'None'}\n")
if session_id: if session_id:
session_id = session_id.value session_id = session_id.value
# Connect to SQLite and check the session # Connect to SQLite and check the session
db = sqlite3.connect('/var/lib/monotreme/data/monotreme.db') db = sqlite3.connect('/var/lib/monotreme/data/monotreme.db')
cursor = db.cursor() cursor = db.cursor()
# Log the current timestamp for debugging
current_time = int(time.time())
with open("/tmp/user_panel_session.log", "a") as f:
f.write(f"Current time (UNIX timestamp): {current_time}\n")
# Check if the session exists and is still valid # Check if the session exists and is still valid
cursor.execute("SELECT username, expires_at FROM sessions WHERE session_id=? AND expires_at > ?", (session_id, current_time)) cursor.execute("SELECT username FROM sessions WHERE session_id=? AND expires_at > ?", (session_id, int(time.time())))
result = cursor.fetchone() result = cursor.fetchone()
if result: if result:
username, expires_at = result username = result[0]
# Log the session expiration time for debugging
with open("/tmp/user_panel_session.log", "a") as f:
f.write(f"Session found for user: {username}\n")
f.write(f"Session expires at: {expires_at}, Current time: {current_time}\n")
# Print the user panel
print(f"<h1>Welcome, {username}!</h1>") print(f"<h1>Welcome, {username}!</h1>")
print("<p>This is your user panel.</p>") print("<p>This is your user panel.</p>")
print("<p>This panel contains nothing but the ability to logout.</p>") print("<p>This page contains a couple things once I figure out how databases work.</p>")
print('<a href="/cgi-bin/logout.cgi">Logout</a>')
# Fetch and display profile info
cursor.execute("SELECT email, date_joined, last_login FROM users WHERE username=?", (username,))
profile_info = cursor.fetchone()
if profile_info:
email, date_joined, last_login = profile_info
print(f"<p>Email: {email}</p>")
print(f"<p>Date Joined: {date_joined}</p>")
print(f"<p>Last Login: {last_login}</p>")
# Fetch and display recent activity
cursor.execute("SELECT action, timestamp FROM activity_log WHERE username=? ORDER BY timestamp DESC LIMIT 5", (username,))
recent_activity = cursor.fetchall()
print("<h3>Recent Activity</h3>")
if recent_activity:
for action, timestamp in recent_activity:
time_str = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(timestamp))
print(f"<p>{action} at {time_str}</p>")
else:
print("<p>No recent activity</p>")
# Fetch and display notifications
cursor.execute("SELECT message, timestamp FROM notifications WHERE username=? AND read=0 ORDER BY timestamp DESC", (username,))
notifications = cursor.fetchall()
print("<h3>Notifications</h3>")
if notifications:
for message, timestamp in notifications:
time_str = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(timestamp))
print(f"<p>{message} at {time_str}</p>")
else:
print("<p>No new notifications</p>")
else: else:
with open("/tmp/user_panel_session.log", "a") as f:
f.write("Session expired or invalid.\n")
print("<h1>Session expired or invalid!</h1>") print("<h1>Session expired or invalid!</h1>")
print("<a href='/login/'>Login again</a>") print("<a href='/login/'>Login again</a>")
else: else: