Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- package require sqlite3
- package require ip
- sqlite3 auth_db /home/www-data/data/tc_auth_db
- if { [var exists user] && [var exists pass] } {
- set user [var get user]
- set pass [var get pass]
- if {$user == "test" && $pass == "test"} {
- puts -nonewline "Hey, you win!"
- return
- }
- set auth [auth_db eval {SELECT * FROM users WHERE lower(user)=lower($user) AND pass=$pass}]
- if {[llength $auth] == 0} {
- puts -nonewline "invalid"
- return
- }
- #lindex starts at 0!
- set user [lindex $auth 0]
- set tokens [lindex $auth 2]
- set userdata [lindex $auth 3]
- #okay, now generate our authorization ticket for the user
- set ssl_bin "/usr/bin/openssl"
- #have openssl sign our fledgling cookie
- set timeout [expr "[clock seconds] + 1209600"]
- set tkt "uid=${user};validuntil=$timeout;cip=[env REMOTE_ADDR];tokens=${tokens};udata=${userdata}"
- set sig [exec echo "$tkt" | $ssl_bin dgst -sha1 -binary -sign /home/www-data/.ssh/privtkt.pem | $ssl_bin enc -base64]
- set cookie "$tkt;sig=$sig"
- #Send the auth ticket back
- puts -nonewline $cookie
- return
- }
- puts -nonewline "invalid"
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement