diff options
-rw-r--r-- | src/NOTES.txt (renamed from src/sledjchisl/NOTES.txt) | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/src/sledjchisl/NOTES.txt b/src/NOTES.txt index e80b8d9..93ed815 100644 --- a/src/sledjchisl/NOTES.txt +++ b/src/NOTES.txt | |||
@@ -477,3 +477,175 @@ Update / upgrade / downgrade | |||
477 | Yeah I hate things that have their own packaging system, for needing to | 477 | Yeah I hate things that have their own packaging system, for needing to |
478 | step outside the operating systems packaging system, and adding to the too | 478 | step outside the operating systems packaging system, and adding to the too |
479 | long list of stuff I have to deal with manually, and now I are one. lol | 479 | long list of stuff I have to deal with manually, and now I are one. lol |
480 | |||
481 | |||
482 | ------------------------------------------------------------------- | ||
483 | |||
484 | Time for a restructure of the web page / field / database stuff. | ||
485 | |||
486 | Will need to include a "what page is this" cookie, or maybe query ?mode=add | ||
487 | |||
488 | |||
489 | |||
490 | old validate UUID | ||
491 | define the UUID based UserAccounts db static dbRequest, fill it if needed. | ||
492 | if create | ||
493 | try to find an unused UUID | ||
494 | fill Rd->stuff with UUID | ||
495 | if confirm | ||
496 | check it's length | ||
497 | otherwise | ||
498 | check it's length | ||
499 | look it up, bitch if not found | ||
500 | If we found it, put level into Rd->database | ||
501 | fill Rd->stuff with UUID | ||
502 | |||
503 | old validateName | ||
504 | define the name based UserAccounts db static dbRequest, fill it if needed. | ||
505 | Do the Lua file lookup, fill a tnm hash. | ||
506 | Do the database lookup, fill rows. | ||
507 | if login | ||
508 | convert tnm to Rd->database, or dbPull(rows) | ||
509 | fill Rd->stuff with name, UUID, and level | ||
510 | if create | ||
511 | complain if we found a record | ||
512 | try to find an unused UUID | ||
513 | fill Rd->database with new data | ||
514 | fill Rd->stuff with name, UUID, and level | ||
515 | |||
516 | old validatePassword | ||
517 | define the UUID based auth db static dbRequest, fill it if needed. | ||
518 | if login | ||
519 | do the database lookup, fill rows | ||
520 | check if the name validation found us a UUID, fail login if it didn't | ||
521 | do the pasword+salt hash and compare | ||
522 | fill Rd->stuff with passwordHash and passwordSalt | ||
523 | if create | ||
524 | fill Rd->stuff with paswordHash and passwordSalt | ||
525 | if confirm | ||
526 | check if password hashess are the same | ||
527 | |||
528 | |||
529 | |||
530 | |||
531 | |||
532 | freeSesh(Rd, linky, wipe) | ||
533 | linky - Rd->shs or Rd->lnk | ||
534 | %s/sessions/%s.lua or %s/sessions/%s.linky | ||
535 | wipe - wipe or delete session | ||
536 | wiping means remove session stuff from Rd->stuff | ||
537 | Which happens on - session failing to write, redirecting login form, showing login form if not confirm, vegOut (session timeout, bitchSession) | ||
538 | |||
539 | newSesh(Rd, linky) | ||
540 | linky - old Rd->shs or a new Rd->lnk | ||
541 | setToken_n_munchie(Rd, linky); Only caller of setToken_n_munchie(Rd, linky); | ||
542 | |||
543 | |||
544 | setToken_n_munchie(Rd, linky) | ||
545 | linky - Rd->shs or Rd->lnk | ||
546 | %s/sessions/%s.lua or %s/sessions/%s.linky | ||
547 | !linky - actually set the cookies. | ||
548 | if error writing session file - freeSesh(Rd, linky, TRUE); | ||
549 | |||
550 | |||
551 | //validateSesh() | ||
552 | sessionValidate() | ||
553 | bitchSession() for bad session things. | ||
554 | sets chillOut for validated session linky. | ||
555 | Rd->chillOut = TRUE; | ||
556 | freeSesh(Rd, linky, FALSE); | ||
557 | Rd->func = (pageBuildFunction) loginPage; | ||
558 | Rd->doit = "logout"; | ||
559 | sets vegOut if the session timed out. | ||
560 | |||
561 | //validatePassword() | ||
562 | sets chillOut for validated password on create. | ||
563 | |||
564 | bitchSession() called if there's anything wrong with the session trackers, if we can't load / run the users Lua file, | ||
565 | sets vegOut | ||
566 | |||
567 | account_HTML() | ||
568 | sets chillOut for POST confirm | ||
569 | createUser(Rd); | ||
570 | newSesh(Rd, TRUE); | ||
571 | Rd->chillOut = TRUE; | ||
572 | sets chillOut for POST login | ||
573 | Rd->chillOut = TRUE; | ||
574 | |||
575 | |||
576 | POST with no errors will | ||
577 | form == accountLogin freeSesh(Rd, FALSE, TRUE) | ||
578 | doit == login chillOut = TRUE | ||
579 | vegOut freeSesh(Rd, FALSE, TRUE); | ||
580 | else chillOut freeSesh(Rd, FALSE, FALSE); newSesh(Rd, FALSE); | ||
581 | else no Rd->shs.leaf newSesh(Rd, FALSE); | ||
582 | redirect to GET | ||
583 | otherwise | ||
584 | form == accountLogin | ||
585 | doit == confirm freeSesh(Rd, FALSE, TRUE) | ||
586 | newSesh(Rd, FALSE) | ||
587 | else if errors reeSesh(Rd, FALSE, FALSE) newSesh(Rd, FALSE) | ||
588 | show page | ||
589 | |||
590 | |||
591 | |||
592 | LOGGED IN means that the session stored on disk has a valid UUID. | ||
593 | When creating a new user, we create a new UUID firstish. | ||
594 | |||
595 | |||
596 | accountLoginWeb() / accountOut() | ||
597 | freeSesh(Rd, FALSE, TRUE) | ||
598 | newSesh(Rd, FALSE) | ||
599 | |||
600 | accountView() | ||
601 | freeSesh(Rd, FALSE, FALSE) | ||
602 | newSesh(Rd, FALSE) | ||
603 | |||
604 | accountAdd() | ||
605 | Note that this is in two parts, first they click "create" on login page, then "confirm" on the account creation page. | ||
606 | |||
607 | |||
608 | |||
609 | Account creation | ||
610 | accountLoginWeb() | ||
611 | "create" -> | ||
612 | Show accountCreateWeb and await confirmation. | ||
613 | accountCreateWeb() | ||
614 | "confirm" -> accountAdd() | ||
615 | create UUID | ||
616 | create user | ||
617 | store user | ||
618 | wipe old session | ||
619 | store new session with UUID, user is logged in now | ||
620 | create linky | ||
621 | email linky | ||
622 | Show usual logged in page. | ||
623 | "cancel" -> | ||
624 | |||
625 | |||
626 | ------------------------------------------------------------------- | ||
627 | |||
628 | |||
629 | Maybe - /opt/opensim_SC/var/cache/sessions/uuid-uuid-uuid-uuid.logged symlink to session. | ||
630 | |||
631 | https://localhost/sledjchisl.fcgi/account.html?user=account_name | ||
632 | https://localhost/sledjchisl.fcgi/account.html/users/account_name | ||
633 | logged in user is in the sesion, but they can view / vouch / edit / delete any other user depending on their access level | ||
634 | |||
635 | |||
636 | For logged in user, at the top show their name as linky to their accountView http://localhost/sledjchisl.fcgi/account.html/users/account_name | ||
637 | That accountView offers edit / logout button, etc. | ||
638 | Display account stuff, but not edit it until they hit the edit button. | ||
639 | |||
640 | When showing other users | ||
641 | accountView, with edit / delete buttons if logged in user is high enough level. | ||
642 | |||
643 | ------------------------------------------------------------------- | ||
644 | ------------------------------------------------------------------- | ||
645 | ------------------------------------------------------------------- | ||
646 | |||
647 | |||
648 | BUGS! | ||
649 | ----- | ||
650 | Redo the santize(), though that needs extensive changes each time we read Rd->cookies, Rd->queries, and Rd->body | ||
651 | |||