From 3ff1fb4e10fdaef86527c10bd416e988d2a62a49 Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Fri, 5 Apr 2013 01:03:44 -0700
Subject: login/login pages and cookie/session-based auth

---
 httemplate/loginout/login.html  | 68 +++++++++++++++++++++++++++++++++++++++++
 httemplate/loginout/logout.html | 28 ++++++-----------
 2 files changed, 78 insertions(+), 18 deletions(-)
 create mode 100644 httemplate/loginout/login.html

(limited to 'httemplate/loginout')

diff --git a/httemplate/loginout/login.html b/httemplate/loginout/login.html
new file mode 100644
index 000000000..e5b45893b
--- /dev/null
+++ b/httemplate/loginout/login.html
@@ -0,0 +1,68 @@
+<& /elements/header-minimal.html, 'Login' &>
+<link href="<%$url_string%>elements/freeside.css" type="text/css" rel="stylesheet">
+
+<CENTER>
+
+  <BR>
+  <FONT SIZE=5>Login</FONT>
+  <BR><BR>
+
+% if ( $error ) { 
+  <FONT SIZE="+1" COLOR="#ff0000"><% $error |h %></FONT>
+  <BR><BR>
+% } 
+             
+%#  <FORM METHOD="POST" ACTION="<%$url_string%>loginout/login">
+  <FORM METHOD="POST" ACTION="/login">
+    <INPUT TYPE="hidden" NAME="destination" VALUE="<% $r->prev->uri %>">
+
+    <TABLE CELLSPACING=0 CELLPADDING=4 BGCOLOR="#cccccc">
+      <TR>
+        <TD ALIGN="right">Username: </TD>
+        <TD><INPUT TYPE="text" NAME="credential_0" SIZE="13"></TD>
+      </TR>
+      <TR>
+        <TD ALIGN="right">Password: </TD>
+        <TD><INPUT TYPE="password" NAME="credential_1" SIZE="13"></TD>
+      </TR>
+    </TABLE>
+    <BR>
+ 
+    <INPUT TYPE="submit" VALUE="Login">
+
+  </FORM>
+
+</CENTER>
+
+</BODY></HTML>
+<%init>
+
+my %error = (
+  'no_cookie'       => '', #First login, don't display an error
+  'bad_cookie'      => 'Bad Cookie', #timed out?  server reboot?
+  'bad_credentials' => 'Incorrect username / password',
+  'logout'          => 'You have been logged out.',
+);
+
+my $url_string = CGI->new->url;
+
+my $error = $cgi->param('logout') || $r->prev->subprocess_env("AuthCookieReason");
+$error = exists($error{$error}) ? $error{$error} : $error;
+
+#fake a freeside path for /login so we get our .css.  shrug
+$url_string =~ s/login$/freeside\/login/ unless $url_string =~ /freeside\//;
+
+#even though this is kludgy and false laziness w/CGI.pm
+  $url_string =~ s{ / index\.html /? $ }
+                  {/}x;
+  $url_string =~
+    s{
+       /(login|loginout)
+       ([\w\-\.\/]*)
+       $
+     }
+     {}ix;
+
+  $url_string .= '/' unless $url_string =~ /\/$/;
+
+</%init>
diff --git a/httemplate/loginout/logout.html b/httemplate/loginout/logout.html
index d8e1c634a..33b87feb0 100644
--- a/httemplate/loginout/logout.html
+++ b/httemplate/loginout/logout.html
@@ -1,18 +1,10 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML>
-  <HEAD>
-    <TITLE>
-      Logout page 
-    </TITLE>
-  </HEAD>
-  <BODY>
-    <BR><BR>
-    <CENTER>
-      You have logged out.
-    </CENTER>
-    <BR><BR>
-    <CENTER>
-      You can <a href="..">log in</a> again.
-    </CENTER>
-  </BODY>
-</HTML>
+<% $cgi->redirect($fsurl.'?logout=logout') %>
+<%init>
+
+my $auth_type = $r->auth_type;
+
+# Delete the cookie, etc.
+$auth_type->logout($r);
+#XXX etc: should delete the server-side session
+
+</%init>
-- 
cgit v1.2.1