API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 29th, 2017
67
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
SQL 4.46 KB | None | 0 0
raw download clone embed print report
  1. -- sql procedura neni urcite spustitelna, psal sem to ve vlaku v textaku .. je to zapis myslenky
  2.  
  3. CREATE PROCEDURE user_login_handler(IP VARCHAR(15), USERNAME VARCHAR(40), PASS VARCHAR(40))
  4. BEGIN
  5. DECLARE LOGIN_KEY VARCHAR(40);
  6. DECLARE SESSION_KEY VARCHAR(40);
  7. DECLARE userid INT(10);
  8. DECLARE userpass VARCHAR(40);
  9. SET userid = SELECT UID FROM users  WHERE nick = USERNAME;
  10. SET userpass = SELECT passhash FROM users WHERE nick = USERNAME;
  11. IF (userid) THEN
  12.     IF (userpass = sha1(PASS)) THEN
  13.    
  14.         SET LOGIN_KEY = SELECT KEYVALUE FROM security_keys WHERE SKID = 2;
  15.         SET SESSION_KEY = SELECT KEYVALUE FROM security_keys WHERE SKID = 1;
  16.        
  17.         IF (LOGIN_KEY AND SESSION_KEY) THEN
  18.        
  19.         DECLARE LOGIN_KEY_HASH VARCHAR(40);
  20.         DECLARE SESSION_KEY_HASH VARCHAR(40);
  21.         SET LOGIN_KEY_HASH = sha1(CONCAT(PASS,TIME,LOGIN_KEY));
  22.         SET SESSION_KEY_HASH = sha1(CONCAT(PASS,IP,TIME,SESSION_KEY));
  23.        
  24.             IF exist (SELECT UID FROM users_keys WHERE UID = userid) THEN
  25.                
  26.                 UPDATE users_keys SET LOGIN_KEY = LOGIN_KEY_HASH WHERE UID = userid;
  27.                 UPDATE users_keys SET SESSION_KEY = SESSION_KEY_HASH WHERE UID = userid;
  28.                
  29.             ELSE
  30.            
  31.             INSERT INTO users_keys (UID ,LOGIN_KEY ,COOKIES_KEY ,PROTECTED)
  32.             VALUES (userid,LOGIN_KEY_HASH,SESSION_KEY_HASH,0);
  33.            
  34.             END IF;
  35.                 RETURN CONCAT(1,LOGIN_KEY_HASH,SESSION_KEY_HASH);
  36.         ELSE
  37.        
  38.         RETURN CONCAT(2,sha1(2),sha1(2));
  39.         END IF;
  40.        
  41.     ELSE
  42.    
  43.     RETURN CONCAT(3,sha1(2),sha1(2));
  44.     END IF;
  45. ELSE
  46. RETURN CONCAT(4,sha1(2),sha1(2));
  47. END IF;
  48.  
  49. END
  50.  
  51. -- veskere dalsi spojeni s db bude pres session_key, ktery bude identifikator dane relace. cookies_key - neni to jeste domyslene , ale urcene
  52. -- to je k automatickemu prihlasovani
  53.  
  54. -- bezpecnostni klice se muzou regenerovat dle potreby,  lze menit cronem klidne kazdych 10 minut - je potreba jen k vytvoreni relace pro
  55. -- uzivatele, pak uz se nevyuziva do dalsiho prihlasovani (popripade lze udelat bezpecnostni refresh kazdych napr 60 minut - pregenerovat
  56. -- relaci)
  57.  
  58. -- vsechny ostatni procedury se pak museji volat s vygenerovanym klicem, podle ktereho db pozna o jakeho uzivatele jde
  59. -- zmena hesla napr: procedura change_user_pass(KEY,STARE,NOVE). Podle klice urci uzivatele, zkusi jestli sedi stare heslo, a pokud ano, zapise nove. Navratove hodnoty jen flagy (1:success,2:bad_old,3:key_expired,4:unkown_key ....)
  60.  
  61. -- je to pracnejsi na napsani, ale vysledek je, ze web nebude potrebovat zapis do db nikde, cteni pro jednoduchost u dat, ktera nejsou kriticka
  62. -- -vypisovat polozky eshopu pres proceduru je uz zbytecne ...
  63.  
  64.  
  65. --
  66. -- Struktura tabulky `security_keys`
  67. --
  68.  
  69. CREATE TABLE IF NOT EXISTS `security_keys` (
  70.   `SKID` INT(2) NOT NULL AUTO_INCREMENT COMMENT 'security key id',
  71.   `KEYVALUE` VARCHAR(40) COLLATE utf8_bin NOT NULL COMMENT 'security key value',
  72.   `DESCR` VARCHAR(40) COLLATE utf8_bin NOT NULL COMMENT 'decription',
  73.   PRIMARY KEY (`SKID`)
  74. ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=5 ;
  75.  
  76. --
  77. -- Vypisuji data pro tabulku `security_keys`
  78. --
  79.  
  80. INSERT INTO `security_keys` (`SKID`, `KEYVALUE`, `DESCR`) VALUES
  81. (1, '9ecef4d8c37e772896c20384c6e4d4bbbbf4d968', 'users login key'),
  82. (2, 'd65107910e31a728fe31f958316ba48809d8e7c1', 'users session key'),
  83. (3, 'a5bca2ccdfa0cc1ea3423cde347b13f4955b4f30', 'administration access key'),
  84. (4, 'ae272fc89ab540bee64d920092ef0a34edc24377', 'master key for root');
  85.  
  86. -- --------------------------------------------------------
  87.  
  88. --
  89. -- Struktura tabulky `users`
  90. --
  91.  
  92. CREATE TABLE IF NOT EXISTS `users` (
  93.   `UID` INT(10) NOT NULL AUTO_INCREMENT,
  94.   `passhash` VARCHAR(40) COLLATE utf8_bin NOT NULL,
  95.   `nick` VARCHAR(40) COLLATE utf8_bin NOT NULL,
  96.   PRIMARY KEY (`UID`)
  97. ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=2 ;
  98.  
  99. --
  100. -- Vypisuji data pro tabulku `users`
  101. --
  102.  
  103. INSERT INTO `users` (`UID`, `passhash`, `nick`) VALUES
  104. (1, '7c4a8d09ca3762af61e59520943dc26494f8941b', 'tany');
  105.  
  106. -- --------------------------------------------------------
  107.  
  108. --
  109. -- Struktura tabulky `users_keys`
  110. --
  111.  
  112. CREATE TABLE IF NOT EXISTS `users_keys` (
  113.   `UID` INT(12) NOT NULL AUTO_INCREMENT COMMENT 'user id',
  114.   `LOGIN_KEY` VARCHAR(40) COLLATE utf8_bin NOT NULL COMMENT 'key for login',
  115.   `COOKIES_KEY` VARCHAR(40) COLLATE utf8_bin NOT NULL COMMENT 'key for remerber login ',
  116.   `PROTECTED` tinyint(1) NOT NULL DEFAULT '0' COMMENT 'bool readonly user (GM ...)',
  117.   PRIMARY KEY (`UID`)
  118. ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=2 ;
  119.  
  120. --
  121. -- Vypisuji data pro tabulku `users_keys`
  122. --
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!