/* Form login service routine. Called in response to a form-based login request. Only used when httpSetAuthForm is utilized. The password is clear-text so this must be used over SSL to be secure. */ static void loginServiceProc(HttpConn *conn) { HttpAuth *auth; cchar *username, *password, *referrer; auth = conn->rx->route->auth; username = httpGetParam(conn, "username", 0); password = httpGetParam(conn, "password", 0); if (httpLogin(conn, username, password)) { if ((referrer = httpGetSessionVar(conn, "referrer", 0)) != 0) { /* Preserve protocol scheme from existing connection */ HttpUri *where = httpCreateUri(referrer, 0); httpCompleteUri(where, conn->rx->parsedUri); referrer = httpUriToString(where, 0); httpRedirect(conn, HTTP_CODE_MOVED_TEMPORARILY, referrer); } else { if (auth->loggedIn) { httpRedirect(conn, HTTP_CODE_MOVED_TEMPORARILY, auth->loggedIn); } else { httpRedirect(conn, HTTP_CODE_MOVED_TEMPORARILY, "~"); } } } else { httpRedirect(conn, HTTP_CODE_MOVED_TEMPORARILY, auth->loginPage); } }
/* Authenticate a user using the session stored username. This will set HttpRx.authenticated if authentication succeeds. Note: this does not call httpLogin except for auto-login cases where a password is not used. */ PUBLIC bool httpAuthenticate(HttpConn *conn) { HttpRx *rx; HttpAuth *auth; cchar *ip, *username; rx = conn->rx; auth = rx->route->auth; if (!rx->authenticateProbed) { rx->authenticateProbed = 1; ip = httpGetSessionVar(conn, HTTP_SESSION_IP, 0); username = httpGetSessionVar(conn, HTTP_SESSION_USERNAME, 0); if (!smatch(ip, conn->ip) || !username) { if (auth->username && *auth->username) { /* Auto-login */ httpLogin(conn, auth->username, NULL); username = httpGetSessionVar(conn, HTTP_SESSION_USERNAME, 0); } if (!username) { return 0; } } httpTrace(conn, "auth.login.authenticated", "context", "msg: 'Using cached authentication data', username: '******'", username); conn->username = username; rx->authenticated = 1; } return rx->authenticated; }
/* Action to login a user. Redirects to /public/login.esp if login fails */ static void loginUser() { if (httpLogin(getConn(), param("username"), param("password"))) { redirect("/index.esp"); } else { feedback("error", "Invalid Login"); redirect("/public/login.esp"); } }