/* Callback from httpLogin to verify credentials using the password defined in the database. */ static bool verifyUser(HttpStream *stream, cchar *username, cchar *password) { HttpAuth *auth; HttpUser *user; HttpRx *rx; EdiRec *urec; rx = stream->rx; auth = rx->route->auth; if ((urec = readRecWhere("user", "username", "==", username)) == 0) { httpLog(stream->trace, "auth.login.error", "error", "msg: 'Cannot verify user', username: '******'", username); return 0; } if (!mprCheckPassword(password, getField(urec, "password"))) { httpLog(stream->trace, "auth.login.error", "error", "msg: 'Password failed to authenticate', username: '******'", username); mprSleep(500); return 0; } /* Cache the user and define the user roles. Thereafter, the app can use "httpCanUser" to test if the user has the required abilities (defined by their roles) to perform a given request or operation. */ if ((user = httpLookupUser(auth, username)) == 0) { user = httpAddUser(auth, username, 0, ediGetFieldValue(urec, "roles")); } /* Define this as the authenticated and authorized user for this session */ httpSetStreamUser(stream, user); httpLog(stream->trace, "auth.login.authenticated", "context", "msg: 'User authenticated', username: '******'", username); return 1; }
static void setPassword(HttpConn *conn) { char str[16] = {0}; cchar *role = getSessionVar("role"); if(role == NULL){ rendersts(str, 9); render(str); return; } if((strcmp(role, "root") !=0) && (strcmp(role, "admin") !=0)){ rendersts(str, 5);//无权限 render(str); return; } MprJson *jsonparam = mprParseJson(espGetQueryString(conn)); cchar *oldpassword = mprGetJson(jsonparam, "oldpassword"); cchar *newpassword = mprGetJson(jsonparam, "newpassword"); cchar *username = getSessionVar("userName"); //Edi *db = ediOpen("db/muxnms.mdb", "mdb", EDI_AUTO_SAVE ); EdiRec *user = readRecWhere("user", "username", "==", username); MprJson *userjson = mprParseJson(ediRecAsJson(user, 0)); //printf("=======password====%s========%s\n", oldpassword, mprGetJson(userjson, "password")); if(strcmp(oldpassword, mprGetJson(userjson, "password")) == 0){ ediSetField(user, "password", newpassword); updateRec(user); rendersts(str, 1); }else{ rendersts(str, 0); } //ediClose(db); render(str); //add optlog Edi *db = ediOpen("db/muxnms.mdb", "mdb", EDI_AUTO_SAVE); EdiRec *optlog = ediCreateRec(db, "optlog"); if(optlog == NULL){ printf("================>>>optlog is NULL!!\n"); return; } time_t curTime; time(&curTime); memset(optstr, 0, 256); sprintf(optstr, "{'user': '******', 'desc': '用户修改了密码.', 'level': '2', 'logtime':'%d'}", getSessionVar("userName"), curTime); MprJson *row = mprParseJson(optstr); if(ediSetFields(optlog, row) == 0){ printf("================>>>ediSetFields Failed!!\n"); } ediUpdateRec(db, optlog); //ediClose(db); }
static void retractPackage() { EdiRec *rec; cchar *password, *name; name = param("name"); password = param("password"); if (!name || !*name || !password || !*password) { sendResult(feedback("error", "Missing name or password parameters")); return; } if ((rec = readRecWhere("pak", "name", "==", name)) == 0) { sendResult(feedback("error", "Cannot find package")); return; } else if (!mprCheckPassword(password, getField(rec, "password"))) { sendResult(feedback("error", "Invalid password")); return; } sendResult(removeRec("pak", rec->id)); }
/* Can call this without being authenticated */ static void publishPackage() { HttpConn *conn; EdiRec *rec; cchar *email, *password, *name, *endpoint; bool checkPassword; name = param("name"); endpoint = param("endpoint"); password = param("password"); email = param("email"); conn = getConn(); if (!name || !*name || !endpoint || !*endpoint) { sendResult(feedback("error", "Missing name or endpoint parameters")); return; } if (!email || !*email) { sendResult(feedback("error", "Missing email parameter")); return; } if (canUser("edit", 0) && smatch(conn->username, name)) { checkPassword = 0; httpTrace(conn, "auth.login.authenticated", "context", "msg=\"Authenticated for package\", pak=%s", name); } else { if (!password || !*password) { sendResult(feedback("error", "Missing password parameter")); return; } checkPassword = 1; } if ((rec = readRecWhere("pak", "name", "==", name)) != 0) { if (checkPassword && !mprCheckPassword(password, getField(rec, "password"))) { sendResult(feedback("error", "Package already exists but invalid password")); return; } setFields(rec, params()); } else { #if FUTURE cchar *uri, *response, *err; uri = strim(endpoint, ".git", MPR_TRIM_END); uri = sjoin(uri, "/raw/master/package.json", NULL); status = httpRequest("GET", uri, NULL, &response, &err); if (status != 200) { feedback("warn", "Could not verify endpoint"); } else { if (!response || mprParseJson(response) == 0) { feedback("warn", "Could not verify endpoint package.json"); } } #endif if ((rec = createRec("pak", params())) == 0) { sendResult(feedback("error", "Cannot create package record")); return; } } setField(rec, "password", mprMakePassword(password, PASSWORD_SALT, PASSWORD_ROUNDS)); if (!(updateRec(rec))) { sendResult(feedback("error", "Cannot save package details")); return; } sendRec(rec); }