⌈⌋ branch:  freshcode


Check-in [d7ae58c7dd]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
SHA1:d7ae58c7dd8d81eaabe935f5ff079c13cd68a8fa
Date: 2015-04-14 12:07:33
User: mario
Comment:For resiliency support `set_password` update in session handler. Prepare login page for complaints about visible text field. (Alternatively just placeholder=notice for login feedback).
Tags And Properties
  • branch=trunk inherited from [82405bb421]
  • sym-trunk inherited from [82405bb421]
Context
2015-04-14
12:09
[fe27ad1b87] Implement v0.5 API, untested/debugging verison, locked to test.db. Only URLs field needs special handling now. Unpacking/repacking separated out. JSON request payload "project", "release" and "urls" rejoining prepared. (user: mario, tags: trunk)
12:07
[d7ae58c7dd] For resiliency support `set_password` update in session handler. Prepare login page for complaints about visible text field. (Alternatively just placeholder=notice for login feedback). (user: mario, tags: trunk)
12:05
[3e849fb034] Add `summary` table field (oneliner, to be used in rss/search/twitter, and somewhen later frontpage listings). (user: mario, tags: trunk)
Changes

Changes to lib/deferred_openid_session.php.

21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
..
55
56
57
58
59
60
61



62
63
64
65
66
67
68
}





// Check for pre-existant cookie before defaulting to initiate session store
if ($_COOKIE->has("USER")) {
    session_fresh();
}
// If there's none, make sure there's an array at least
if (!isset($_SESSION)) {
   $_SESSION = ["fromempty1"=>1];
}
// Populate stub array with empty defaults.
................................................................................
        }
    }
    catch (ErrorException $e) {
        die("OpenID verify exception (possibly endpoint / SSL error)");
    }

}






#session_write_close();


// Prevent some session tampering







|







 







>
>
>







21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
..
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
}





// Check for pre-existant cookie before defaulting to initiate session store
if ($_COOKIE->has("USER") or $_REQUEST->has("set_password")) {
    session_fresh();
}
// If there's none, make sure there's an array at least
if (!isset($_SESSION)) {
   $_SESSION = ["fromempty1"=>1];
}
// Populate stub array with empty defaults.
................................................................................
        }
    }
    catch (ErrorException $e) {
        die("OpenID verify exception (possibly endpoint / SSL error)");
    }

}
elseif ($_REQUEST->has("set_password")) {
    $_SESSION["password"] = $_REQUEST->ascii->nocontrol->trim["set_password"];
}



#session_write_close();


// Prevent some session tampering

Changes to page_login.php.

1
2
3
4
5
6
7
8
9
10
11




12
13
14
15
16
17
18
..
27
28
29
30
31
32
33

34
35
36
37
38
39
40
..
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<?php
/**
 * api: freshcode
 * type: intercept
 * title: OpenID login
 * description: Login page shows up for authorization-required sections (e.g. /submit)
 * version: 0.5
 *
 * Presents a login box, starts the OpenID auth process.
 * Has some JS default links for a few identity providers.
 * Also provides a /logout button now.




 *
 */


// initiate verification
if ($_POST->has("login_url")) {

................................................................................
        $error = $e->getMessage();
        exit(include("page_error.php"));
    }
}
elseif ($_REQUEST->has("set_password")) {
    $_SESSION["password"] = $_REQUEST->ascii->nocontrol->trim["set_password"];
}



// else
include("template/header.php");
?> <section id=main class=container-width><div style="width: 70%"><?php


................................................................................
    </p>
    <p>There are intentionally no user accounts on freshcode.club,
    but this prerequisite also helps eschew spam submissions.</p>
    </td>
    <td>
    <p>Or alternatively a per-project password.</p>
     <form action="" method=POST class="login box" style="background: #dde; border-color: #99b;">
       <input type=text id=login_pw name=set_password size=20 value="" placeholder="pw">
       <input type=submit value=Set>
       <br>
       <small>Write it down somewhere! And use "<u class=action>lock</u>" within the submit form to apply it.</small>
     </form>
    </p>
    </td>
    </tr>
    </table>




|

|




>
>
>
>







 







>







 







|
|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
..
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
..
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
/**
 * api: freshcode
 * type: intercept
 * title: OpenID + PW login
 * description: Login page shows up for authorization-required sections (e.g. /submit)
 * version: 0.6
 *
 * Presents a login box, starts the OpenID auth process.
 * Has some JS default links for a few identity providers.
 * Also provides a /logout button now.
 *
 * Alternatively allows a password. Note that this is
 * kept plain in the session, but hashed in per-project
 * `lock` entries later.
 *
 */


// initiate verification
if ($_POST->has("login_url")) {

................................................................................
        $error = $e->getMessage();
        exit(include("page_error.php"));
    }
}
elseif ($_REQUEST->has("set_password")) {
    $_SESSION["password"] = $_REQUEST->ascii->nocontrol->trim["set_password"];
}
$pw_placeholder = !empty($_SESSION["password"]) ? "remembered" : "...";


// else
include("template/header.php");
?> <section id=main class=container-width><div style="width: 70%"><?php


................................................................................
    </p>
    <p>There are intentionally no user accounts on freshcode.club,
    but this prerequisite also helps eschew spam submissions.</p>
    </td>
    <td>
    <p>Or alternatively a per-project password.</p>
     <form action="" method=POST class="login box" style="background: #dde; border-color: #99b;">
       <input type=text id=login_pw name=set_password size=20 value="{$_SESSION["password"]}" placeholder="{$pw_placeholder}">
       <input type=submit value=Save>
       <br>
       <small>Write it down somewhere! And use "<u class=action>lock</u>" within the submit form to apply it.</small>
     </form>
    </p>
    </td>
    </tr>
    </table>