- my $rv = login(
- 'username' => $username,
- 'domain' => $domain,
- 'password' => $password,
- );
- if ( $rv->{error} ) {
- my $login_info = login_info( 'agentnum' => $cgi->param('agentnum') );
- do_template('login', {
- 'error' => $rv->{error},
- 'username' => $username,
- 'domain' => $domain,
- %$login_info,
- } );
+ $session_id = $cookies{'session'}->value;
+
+ if ( $session_id eq 'login' ) {
+ # then we've just come back from the login page
+
+ $cgi->param('password') =~ /^(.{0,$form_max})$/;
+ my $password = $1;
+
+ if ( $cgi->param('email') =~ /^\s*([a-z0-9_\-\.\@]{1,$form_max})\s*$/i ) {
+
+ my $email = $1;
+ $login_rv = login(
+ 'email' => $email,
+ 'password' => $password
+ );
+
+ if ( $login_rv->{'error'} ) {
+ my $ip = $cgi->remote_addr();
+ warn("login failure [email $email] [ip $ip] [error $login_rv->{error}]");
+ } else {
+ #successful login
+ }
+
+ $session_id = $login_rv->{'session_id'};
+
+ } else {
+
+ $cgi->param('username') =~ /^\s*([a-z0-9_\-\.\&]{0,$form_max})\s*$/i;
+ my $username = $1;
+
+ $cgi->param('domain') =~ /^\s*([\w\-\.]{0,$form_max})\s*$/;
+ my $domain = $1;
+
+ if ( $username and $domain and $password ) {
+
+ # authenticate
+ $login_rv = login(
+ 'username' => $username,
+ 'domain' => $domain,
+ 'password' => $password,
+ );
+ $session_id = $login_rv->{'session_id'};
+
+ } elsif ( $username or $domain or $password ) {
+
+ my $error = 'Illegal '; #XXX localization...
+ my $count = 0;
+ if ( !$username ) {
+ $error .= 'username';
+ $count++;
+ }
+ if ( !$domain ) {
+ $error .= ', ' if $count;
+ $error .= 'domain';
+ $count++;
+ }
+ if ( !$password ) {
+ $error .= ', ' if $count;
+ $error .= 'and ' if $count > 1;
+ $error .= 'password';
+ $count++;
+ }
+ $error .= '.';
+ $login_rv = {
+ 'username' => $username,
+ 'domain' => $domain,
+ 'password' => $password,
+ 'error' => $error,
+ };
+ $session_id = undef; # attempt login again
+
+ }
+
+ } # else there was no input, so show no error message
+
+ } # else session_id ne 'login'
+
+ } # else there is no session cookie
+
+ if ( !$session_id ) {
+ # show the login page
+ $session_id = 'login'; # set state
+ my $login_info = login_info( 'agentnum' => scalar($cgi->param('agentnum')) );
+
+ do_template('login', { %$login_rv, %$login_info });