X-Git-Url: http://git.plutz.net/?p=busy;a=blobdiff_plain;f=actions%2Flogin.sh;fp=actions%2Flogin.sh;h=6705eca2370e12aa6273bbd62d91f8cc368f0439;hp=0000000000000000000000000000000000000000;hb=f485895094cd72318b46f39689c3ba954eb37411;hpb=904730d1782749bfac15b0344fe5782433f3099b

diff --git a/actions/login.sh b/actions/login.sh
new file mode 100755
index 0000000..6705eca
--- /dev/null
+++ b/actions/login.sh
@@ -0,0 +1,38 @@
+#!/bin/zsh
+# Copyright 2011 Paul Haensch
+# This file is part of Busy
+#
+# Busy is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Busy is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with Busy.  If not, see <http://www.gnu.org/licenses/>.
+
+cgi_post
+
+user="$(echo -E "$_POST[\"user\"]" |sed -rn '1{/^[a-zA-Z0-9_+@.-]+$/p}')"
+pass="$_POST[\"pass\"]"
+userfile="$_DATA/auth/user$(echo -E "$user" |sha1sum |cut -c1-40)"
+
+if [ -r "$userfile" ]; then
+  salt=$(sed -nr 's:^salt=(.+)$:\1:p' "$userfile")
+  ssum=$(sed -nr 's:^auth=(.+)$:\1:p' "$userfile")
+  rsum=$(echo -E "$salt$pass" |sha1sum |cut -c1-40)
+fi
+if [ "$ssum" = "$rsum" ]; then
+  sid="$(apg -n1 -a1 -m32 -x32 -M CLN)"
+  sessionfile="$_DATA/auth/session$sid"
+  echo -E "$user $(($(date +%s) + 1800))" >"$sessionfile" 
+  echo -E "Location: $HTTP_REFERER"
+  echo -E "Set-Cookie: session=$sid; HttpOnly"
+else
+  echo -E "Location: $HTTP_REFERER"
+fi
+echo ''