1 files changed, 172 insertions, 0 deletions
diff --git a/src/sledjchisl/NOTES.txt b/src/NOTES.txt
index e80b8d9..93ed815 100644
--- a/src/sledjchisl/NOTES.txt
+++ b/src/NOTES.txt
@@ -477,3 +477,175 @@ Update / upgrade / downgrade
 Yeah I hate things that have their own packaging system, for needing to
 step outside the operating systems packaging system, and adding to the too
 long list of stuff I have to deal with manually, and now I are one.  lol
+-------------------------------------------------------------------
+Time for a restructure of the web page / field / database stuff.
+Will need to include a "what page is this" cookie, or maybe query ?mode=add
+old validate UUID
+    define the UUID based UserAccounts db static dbRequest, fill it if needed.
+    if create
+        try to find an unused UUID
+        fill Rd->stuff with UUID
+    if confirm
+        check it's length
+    otherwise
+        check it's length
+        look it up, bitch if not found
+    If we found it, put level into Rd->database
+    fill Rd->stuff with UUID
+old validateName
+    define the name based UserAccounts db static dbRequest, fill it if needed.
+    Do the Lua file lookup, fill a tnm hash.
+    Do the database lookup, fill rows.
+    if login
+        convert tnm to Rd->database, or dbPull(rows)
+        fill Rd->stuff with name, UUID, and level
+    if create
+        complain if we found a record
+        try to find an unused UUID
+        fill Rd->database with new data
+        fill Rd->stuff with name, UUID, and level
+old validatePassword
+    define the UUID based auth db static dbRequest, fill it if needed.
+    if login
+        do the database lookup, fill rows
+        check if the name validation found us a UUID, fail login if it didn't
+        do the pasword+salt hash and compare
+        fill Rd->stuff with passwordHash and passwordSalt
+    if create
+        fill Rd->stuff with paswordHash and passwordSalt
+    if confirm
+        check if password hashess are the same
+freeSesh(Rd, linky, wipe)
+            linky - Rd->shs or Rd->lnk
+                    %s/sessions/%s.lua or %s/sessions/%s.linky
+            wipe  - wipe or delete session
+                    wiping means remove session stuff from Rd->stuff
+                        Which happens on - session failing to write, redirecting login form, showing login form if not confirm, vegOut (session timeout, bitchSession)
+newSesh(Rd, linky)
+            linky - old Rd->shs or a new Rd->lnk
+    setToken_n_munchie(Rd, linky);                      Only caller of setToken_n_munchie(Rd, linky);
+setToken_n_munchie(Rd, linky)
+            linky - Rd->shs or Rd->lnk
+                    %s/sessions/%s.lua or %s/sessions/%s.linky
+                    !linky - actually set the cookies.
+    if error writing session file - freeSesh(Rd, linky, TRUE);
+//validateSesh()
+sessionValidate()
+    bitchSession() for bad session things.
+    sets chillOut for validated session linky.
+        Rd->chillOut = TRUE;
+        freeSesh(Rd, linky, FALSE);
+        Rd->func = (pageBuildFunction) loginPage;
+        Rd->doit = "logout";
+    sets vegOut if the session timed out.
+//validatePassword()
+    sets chillOut for validated password on create.
+bitchSession()  called if there's anything wrong with the session trackers, if we can't load / run the users Lua file, 
+    sets vegOut
+account_HTML()
+    sets chillOut for POST confirm
+        createUser(Rd);
+        newSesh(Rd, TRUE);
+        Rd->chillOut = TRUE;
+    sets chillOut for POST login
+        Rd->chillOut = TRUE;
+    POST with no errors will
+        form == accountLogin    freeSesh(Rd, FALSE, TRUE)
+        doit == login           chillOut = TRUE
+        vegOut                  freeSesh(Rd, FALSE, TRUE);
+        else chillOut           freeSesh(Rd, FALSE, FALSE);  newSesh(Rd, FALSE);
+        else no Rd->shs.leaf    newSesh(Rd, FALSE);
+        redirect to GET
+    otherwise
+        form == accountLogin
+            doit == confirm     freeSesh(Rd, FALSE, TRUE)
+                                newSesh(Rd, FALSE)
+        else if errors          reeSesh(Rd, FALSE, FALSE)  newSesh(Rd, FALSE)
+        show page
+LOGGED IN means that the session stored on disk has a valid UUID.
+    When creating a new user, we create a new UUID firstish.
+accountLoginWeb() / accountOut()
+    freeSesh(Rd, FALSE, TRUE)
+    newSesh(Rd, FALSE)
+accountView()
+    freeSesh(Rd, FALSE, FALSE)
+    newSesh(Rd, FALSE)
+accountAdd()
+    Note that this is in two parts, first they click "create" on login page, then "confirm" on the account creation page.
+Account creation
+    accountLoginWeb()
+        "create"        -> 
+            Show accountCreateWeb and await confirmation.
+    accountCreateWeb()
+        "confirm"       -> accountAdd()
+            create UUID
+            create user
+            store user
+            wipe old session
+            store new session with UUID, user is logged in now
+            create linky
+            email linky
+            Show usual logged in page.
+        "cancel"        -> 
+-------------------------------------------------------------------
+Maybe - /opt/opensim_SC/var/cache/sessions/uuid-uuid-uuid-uuid.logged  symlink to session.
+https://localhost/sledjchisl.fcgi/account.html?user=account_name
+https://localhost/sledjchisl.fcgi/account.html/users/account_name
+    logged in user is in the sesion, but they can view / vouch / edit / delete any other user depending on their access level
+For logged in user, at the top show their name as linky to their accountView http://localhost/sledjchisl.fcgi/account.html/users/account_name
+    That accountView offers edit / logout button, etc.
+    Display account stuff, but not edit it until they hit the edit button.
+When showing other users
+    accountView, with edit / delete buttons if logged in user is high enough level.
+-------------------------------------------------------------------
+-------------------------------------------------------------------
+-------------------------------------------------------------------
+BUGS!
+-----
+Redo the santize(), though that needs extensive changes each time we read Rd->cookies, Rd->queries, and Rd->body

diff --git a/src/sledjchisl/NOTES.txt b/src/NOTES.txt index e80b8d9..93ed815 100644 --- a/src/sledjchisl/NOTES.txt +++ b/src/NOTES.txt
@@ -477,3 +477,175 @@ Update / upgrade / downgrade
477	Yeah I hate things that have their own packaging system, for needing to	477	Yeah I hate things that have their own packaging system, for needing to
478	step outside the operating systems packaging system, and adding to the too	478	step outside the operating systems packaging system, and adding to the too
479	long list of stuff I have to deal with manually, and now I are one. lol	479	long list of stuff I have to deal with manually, and now I are one. lol
		480
		481
		482	-------------------------------------------------------------------
		483
		484	Time for a restructure of the web page / field / database stuff.
		485
		486	Will need to include a "what page is this" cookie, or maybe query ?mode=add
		487
		488
		489
		490	old validate UUID
		491	define the UUID based UserAccounts db static dbRequest, fill it if needed.
		492	if create
		493	try to find an unused UUID
		494	fill Rd->stuff with UUID
		495	if confirm
		496	check it's length
		497	otherwise
		498	check it's length
		499	look it up, bitch if not found
		500	If we found it, put level into Rd->database
		501	fill Rd->stuff with UUID
		502
		503	old validateName
		504	define the name based UserAccounts db static dbRequest, fill it if needed.
		505	Do the Lua file lookup, fill a tnm hash.
		506	Do the database lookup, fill rows.
		507	if login
		508	convert tnm to Rd->database, or dbPull(rows)
		509	fill Rd->stuff with name, UUID, and level
		510	if create
		511	complain if we found a record
		512	try to find an unused UUID
		513	fill Rd->database with new data
		514	fill Rd->stuff with name, UUID, and level
		515
		516	old validatePassword
		517	define the UUID based auth db static dbRequest, fill it if needed.
		518	if login
		519	do the database lookup, fill rows
		520	check if the name validation found us a UUID, fail login if it didn't
		521	do the pasword+salt hash and compare
		522	fill Rd->stuff with passwordHash and passwordSalt
		523	if create
		524	fill Rd->stuff with paswordHash and passwordSalt
		525	if confirm
		526	check if password hashess are the same
		527
		528
		529
		530
		531
		532	freeSesh(Rd, linky, wipe)
		533	linky - Rd->shs or Rd->lnk
		534	%s/sessions/%s.lua or %s/sessions/%s.linky
		535	wipe - wipe or delete session
		536	wiping means remove session stuff from Rd->stuff
		537	Which happens on - session failing to write, redirecting login form, showing login form if not confirm, vegOut (session timeout, bitchSession)
		538
		539	newSesh(Rd, linky)
		540	linky - old Rd->shs or a new Rd->lnk
		541	setToken_n_munchie(Rd, linky); Only caller of setToken_n_munchie(Rd, linky);
		542
		543
		544	setToken_n_munchie(Rd, linky)
		545	linky - Rd->shs or Rd->lnk
		546	%s/sessions/%s.lua or %s/sessions/%s.linky
		547	!linky - actually set the cookies.
		548	if error writing session file - freeSesh(Rd, linky, TRUE);
		549
		550
		551	//validateSesh()
		552	sessionValidate()
		553	bitchSession() for bad session things.
		554	sets chillOut for validated session linky.
		555	Rd->chillOut = TRUE;
		556	freeSesh(Rd, linky, FALSE);
		557	Rd->func = (pageBuildFunction) loginPage;
		558	Rd->doit = "logout";
		559	sets vegOut if the session timed out.
		560
		561	//validatePassword()
		562	sets chillOut for validated password on create.
		563
		564	bitchSession() called if there's anything wrong with the session trackers, if we can't load / run the users Lua file,
		565	sets vegOut
		566
		567	account_HTML()
		568	sets chillOut for POST confirm
		569	createUser(Rd);
		570	newSesh(Rd, TRUE);
		571	Rd->chillOut = TRUE;
		572	sets chillOut for POST login
		573	Rd->chillOut = TRUE;
		574
		575
		576	POST with no errors will
		577	form == accountLogin freeSesh(Rd, FALSE, TRUE)
		578	doit == login chillOut = TRUE
		579	vegOut freeSesh(Rd, FALSE, TRUE);
		580	else chillOut freeSesh(Rd, FALSE, FALSE); newSesh(Rd, FALSE);
		581	else no Rd->shs.leaf newSesh(Rd, FALSE);
		582	redirect to GET
		583	otherwise
		584	form == accountLogin
		585	doit == confirm freeSesh(Rd, FALSE, TRUE)
		586	newSesh(Rd, FALSE)
		587	else if errors reeSesh(Rd, FALSE, FALSE) newSesh(Rd, FALSE)
		588	show page
		589
		590
		591
		592	LOGGED IN means that the session stored on disk has a valid UUID.
		593	When creating a new user, we create a new UUID firstish.
		594
		595
		596	accountLoginWeb() / accountOut()
		597	freeSesh(Rd, FALSE, TRUE)
		598	newSesh(Rd, FALSE)
		599
		600	accountView()
		601	freeSesh(Rd, FALSE, FALSE)
		602	newSesh(Rd, FALSE)
		603
		604	accountAdd()
		605	Note that this is in two parts, first they click "create" on login page, then "confirm" on the account creation page.
		606
		607
		608
		609	Account creation
		610	accountLoginWeb()
		611	"create" ->
		612	Show accountCreateWeb and await confirmation.
		613	accountCreateWeb()
		614	"confirm" -> accountAdd()
		615	create UUID
		616	create user
		617	store user
		618	wipe old session
		619	store new session with UUID, user is logged in now
		620	create linky
		621	email linky
		622	Show usual logged in page.
		623	"cancel" ->
		624
		625
		626	-------------------------------------------------------------------
		627
		628
		629	Maybe - /opt/opensim_SC/var/cache/sessions/uuid-uuid-uuid-uuid.logged symlink to session.
		630
		631	https://localhost/sledjchisl.fcgi/account.html?user=account_name
		632	https://localhost/sledjchisl.fcgi/account.html/users/account_name
		633	logged in user is in the sesion, but they can view / vouch / edit / delete any other user depending on their access level
		634
		635
		636	For logged in user, at the top show their name as linky to their accountView http://localhost/sledjchisl.fcgi/account.html/users/account_name
		637	That accountView offers edit / logout button, etc.
		638	Display account stuff, but not edit it until they hit the edit button.
		639
		640	When showing other users
		641	accountView, with edit / delete buttons if logged in user is high enough level.
		642
		643	-------------------------------------------------------------------
		644	-------------------------------------------------------------------
		645	-------------------------------------------------------------------
		646
		647
		648	BUGS!
		649	-----
		650	Redo the santize(), though that needs extensive changes each time we read Rd->cookies, Rd->queries, and Rd->body
		651