Commit 54ba36c1 authored by Sergey Lyubka's avatar Sergey Lyubka

check_login_form_submission() factored in separate function

parent 50773505
...@@ -40,36 +40,39 @@ static int check_auth(struct mg_connection *conn) { ...@@ -40,36 +40,39 @@ static int check_auth(struct mg_connection *conn) {
return MG_FALSE; return MG_FALSE;
} }
static int serve_request(struct mg_connection *conn) { static int check_login_form_submission(struct mg_connection *conn) {
char name[100], password[100], ssid[100], expire[100], expire_epoch[100]; char name[100], password[100], ssid[100], expire[100], expire_epoch[100];
// Always authorize requests to login page mg_get_var(conn, "name", name, sizeof(name));
if (strcmp(conn->uri, s_login_uri) == 0 && mg_get_var(conn, "password", password, sizeof(password));
strcmp(conn->request_method, "POST") == 0) {
mg_get_var(conn, "name", name, sizeof(name));
mg_get_var(conn, "password", password, sizeof(password));
// A real authentication mechanism should be employed here. // A real authentication mechanism should be employed here.
// Also, the whole site should be served through HTTPS. // Also, the whole site should be served through HTTPS.
if (strcmp(name, "Joe") == 0 && strcmp(password, "Doe") == 0) { if (strcmp(name, "Joe") == 0 && strcmp(password, "Doe") == 0) {
// Generate expiry date // Generate expiry date
time_t t = time(NULL) + 3600; // Valid for 1 hour time_t t = time(NULL) + 3600; // Valid for 1 hour
snprintf(expire_epoch, sizeof(expire_epoch), "%lu", (unsigned long) t); snprintf(expire_epoch, sizeof(expire_epoch), "%lu", (unsigned long) t);
strftime(expire, sizeof(expire), "%a, %d %b %Y %H:%M:%S GMT", gmtime(&t)); strftime(expire, sizeof(expire), "%a, %d %b %Y %H:%M:%S GMT", gmtime(&t));
generate_ssid(name, expire_epoch, ssid, sizeof(ssid)); generate_ssid(name, expire_epoch, ssid, sizeof(ssid));
// Set "session id" cookie, there could be some data encoded in it. // Set "session id" cookie, there could be some data encoded in it.
mg_printf(conn, mg_printf(conn,
"HTTP/1.1 302 Moved\r\n" "HTTP/1.1 302 Moved\r\n"
"Set-Cookie: ssid=%s; expire=\"%s\"; http-only; HttpOnly;\r\n" "Set-Cookie: ssid=%s; expire=\"%s\"; http-only; HttpOnly;\r\n"
"Location: /\r\n\r\n", "Location: /\r\n\r\n",
ssid, expire); ssid, expire);
return MG_TRUE; return MG_TRUE;
}
} }
return MG_FALSE; return MG_FALSE;
} }
static int serve_request(struct mg_connection *conn) {
if (strcmp(conn->uri, s_login_uri) == 0 &&
strcmp(conn->request_method, "POST") == 0) {
return check_login_form_submission(conn);
}
return MG_FALSE; // Serve files in the document_root
}
static int ev_handler(struct mg_connection *conn, enum mg_event ev) { static int ev_handler(struct mg_connection *conn, enum mg_event ev) {
switch (ev) { switch (ev) {
case MG_AUTH: return check_auth(conn); case MG_AUTH: return check_auth(conn);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment