Here's an easy example of an authorized login with MySQL and APE.
Because we're using asynchronous mysql communication, the user has to
wait for the sql result and authorization.
The client shouldn't join a channel on startup, but after receiving the
AUTHORIZED command from the server. (remove the channel-property from
the html and add a handler for AUTHORIZED).
feel free to use it.
sql injection with this module is easy, you should check the variables
var userlist = new $H;
var authChatServer = new Class({
sess_user: new Hash(),
initialize: function(){
Ape.log('[authChat Module] starting initialization..');
this.registerAuthorization();
this.registerJoinHandler();
this.registerAddDeleteUser();
Ape.log('[authChat Module] ..done');
},
registerAddDeleteUser: function() {
Ape.addEvent('adduser', function(user) {
userlist.set(user.getProperty('name').toLowerCase(), true);
}.bind(this));
Ape.addEvent('deluser', function(user) {
userlist.erase(user.getProperty('name').toLowerCase());
if (this.sess_user.has(user.getProperty('sessid'))) {
this.sess_user.erase(user.getProperty('sessid'));
}
}.bind(this));
},
registerJoinHandler: function() {
Ape.registerHookCmd("join", this.authorizedJoin.bind(this));
},
registerAuthorization: function(){
Ape.registerHookCmd("connect", this.authorization.bind(this));
},
authorizedJoin: function(params, cmd) {
auth_ok = (
this.sess_user.has(cmd.user.getProperty('sessid')) &&
this.sess_user.get(cmd.user.getProperty('sessid')).has('authorized') &&
this.sess_user.get(cmd.user.getProperty('sessid')).get('authorized') == true
);
if (auth_ok)
return 1;
else
return ["100", "NO_AUTH"];
},
sendAuthorizationConfirmation: function(pipe) {
pipe.sendRaw('AUTHORIZED', {});
},
sendChatMsg: function(from_pipe, to_pipe, msg) {
to_pipe.sendRaw('DATA', {'msg':msg, 'pipe': from_pipe.toObject()});
},
authDbResult: function(cmd, res, errorNo){
if (!res) {
Ape.log('authResult db error', cmd);
return;
}
else if (res.length<1) {
Ape.log('user not found', cmd);
return;
}
// auth done here
if (
res[0].name.toLowerCase() ==
cmd.user.getProperty('name').toLowerCase() && // nick matches db?
res[0].password == cmd.user.password // check password
){
this.sess_user[cmd.user.getProperty('sessid')] = new Hash({
authorized: true,
user_id: res[0].id,
nick: res[0].name
});
// todo: choose another from-pipe
this.sendAuthorizationConfirmation(cmd.user.pipe);
}
else {
this.sess_user[cmd.user.getProperty('sessid')] = new
Hash({authorized: false});
this.sendChatMsg(cmd.user.pipe, cmd.user.pipe, 'Sicherheitsfehler');
}
},
authorization: function(params, cmd){
if (!$defined(params.name)) return 0;
if (!$defined(params.user_id)) return 0;
if (userlist.has(params.name.toLowerCase())) return ["007",
"NICK_USED"];
if (params.name.length > 16 || params.name.test('[^a-zA-Z0-9]',
'i')) return ["006", "BAD_NICK"];
cmd.user.setProperty('name', params.name);
cmd.user.setProperty('user_id', params.user_id);
cmd.user.password = params.password;
// begin auth
sql.query("SELECT * FROM users WHERE id = " +
Number(params.user_id), function(res, errorNo) {
this.authDbResult(cmd, res, errorNo);
}.bind(this));
return 1;
}
});
var sql = new Ape.MySQL("127.0.0.1:3306", "dbuser", "dbpassword",
"database");
// wait for sql connection, then start
sql.onConnect = function() {
Ape.log('MySQL connection established');
new authChatServer();
}
sql.onError = function(errorNo) {
Ape.log('Connection Error : ' + errorNo + ' : '+ this.errorString());
}
Am 03.01.2010 22:05, schrieb davidynamic:
> Hey did you end up getting this working. Even with the Docs I'm having
> trouble
>
--
You received this message because you are subscribed to the Google
Groups "APE Project" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/ape-project?hl=en
---
APE Project (Ajax Push Engine)
Official website : http://www.ape-project.org/
Git Hub : http://github.com/APE-Project/
