Well I used sendfile cause till now I didnt know how to redirect to another file, now I have seen it in the example and I would change. :).
I have many things to learn in web based aplications. El 13/10/2014 20:00, "Sergey Lyubka" <[email protected]> escribió: > You can take the username from Cookie. > I suggest storing secret key in sqlite, as well as active user sessions. > > Not sure about your fix #1, a redirect should do the job, I don't see the > reason to send file. > Could you elaborate on why did you add that please? > > On Mon, Oct 13, 2014 at 6:39 PM, jordi jordi90 <[email protected]> > wrote: > >> Hi Sergey for the example, today I have been trying to adapt my projet >> adding the Cookie autentification, I found some problems and some solutions. >> >> *1* >> - The sample provided works, but need about 3 or 4 minutes to make a new >> cookie. I changed 2 lines and corrected this: >> >> In the fuction: >> static int check_login_form_submission(struct mg_connection *conn) { >> char name[100], password[100], ssid[100], expire[100], >> expire_epoch[100]; >> >> mg_get_var(conn, "name", name, sizeof(name)); >> mg_get_var(conn, "password", password, sizeof(password)); >> >> // A real authentication mechanism should be employed here. >> // Also, the whole site should be served through HTTPS. >> if (strcmp(name, "Joe") == 0 && strcmp(password, "Doe") == 0) { >> // Generate expiry date >> >> time_t t = time(NULL) + 3600; // Valid for 1 hour >> snprintf(expire_epoch, sizeof(expire_epoch), "%lu", (unsigned long) >> t); >> strftime(expire, sizeof(expire), "%a, %d %b %Y %H:%M:%S GMT", >> gmtime(&t)); >> generate_ssid(name, expire_epoch, ssid, sizeof(ssid)); >> // Set "session id" cookie, there could be some data encoded in it. >> mg_printf(conn, >> "HTTP/1.1 302 Moved\r\n" >> "Set-Cookie: ssid=%s; expire=\"%s\"; http-only; >> HttpOnly;\r\n" >> "Location: /\r\n\r\n", >> ssid, expire); >> //added lines, repacing return MG_TRUE; >> >> *mg_send_file(conn, "index.html", NULL); return MG_MORE;* >> } >> return MG_FALSE; >> } >> >> mg_send_file(conn, "index.html", NULL); >> return MG_MORE; >> >> This solves the problem, now I have a doubt. >> >> *2* >> I'm using the code as you provided, (I added a SQL sentence that valids >> the user/pass, I'm usiing sqlite3). >> >> In my project I need to use the username of the loged user in some >> places, I'm planing to take it form the Cookie, can I use somehow the >> username stored in the cookie, I need it to be secure. >> >> one Cookie generated content. >> admin|1413224604|6415001814204d9aaf0a9ec42d535a18. >> >> Which would be the correct and safe way? >> >> Thank you really much, with this I will be one step closer to finish the >> project. >> >> 2014-10-09 12:39 GMT+02:00 jordi jordi90 <[email protected]>: >> >>> Thanks I really apreciate it!! >>> >>> 2014-10-09 12:30 GMT+02:00 Sergey Lyubka <[email protected]>: >>> >>>> >>>> https://github.com/cesanta/mongoose/tree/master/examples/cookie_authentication >>>> >>>> On Wed, Oct 8, 2014 at 10:27 PM, jordi jordi90 <[email protected] >>>> > wrote: >>>> >>>>> Could you put and example pls!! It would be really usefull!! >>>>> >>>>> 2014-10-08 23:07 GMT+02:00 Sergey Lyubka <[email protected]>: >>>>> >>>>>> Is restful API going to be used by humans that can actually login, or >>>>>> by machines? >>>>>> >>>>>> Implementing functionality you're talking about is easy: >>>>>> for RESTful mutations, check Cookie header for auth info. >>>>>> If not present, send redirect to login. >>>>>> Login page would send credentials, and server replies with Set-Cookie. >>>>>> >>>>>> >>>>>> On Wed, Oct 8, 2014 at 4:04 PM, Carlos Tangerino < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Thank you Sergey. >>>>>>> The use case is: >>>>>>> mongoose server a REST. >>>>>>> User can view all the site if he is in a guest mode (no >>>>>>> authentication). >>>>>>> Once he try to save (post/put/delete) anything, the rest will decide >>>>>>> if he can do or not, so maybe showing an error message and redirecting >>>>>>> him >>>>>>> to the login page. >>>>>>> Thanks >>>>>>> >>>>>>> On Sunday, October 5, 2014 6:28:41 PM UTC+2, Sergey Lyubka wrote: >>>>>>>> >>>>>>>> chat.c has been removed. You can take a look at the older releases >>>>>>>> for the reference: >>>>>>>> https://github.com/cesanta/mongoose/blob/5.0/examples/chat.c >>>>>>>> >>>>>>>> We'll add a separate example for cookie-based auth soon. >>>>>>>> >>>>>>>> >>>>>>>> On Sun, Oct 5, 2014 at 12:08 PM, Carlos Tangerino < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> The doc states >>>>>>>>> several ways of implementing authentication on the server side. >>>>>>>>> For another, 226 >>>>>>>>> <https://github.com/cesanta/mongoose/blob/3a8ae7ac1735652ab1fa66d4ddd46c85b1b7faac/docs/API.md#L226>cookie-based >>>>>>>>> way please refer to the examples/chat.c in the source tree. 227 >>>>>>>>> <https://github.com/cesanta/mongoose/blob/3a8ae7ac1735652ab1fa66d4ddd46c85b1b7faac/docs/API.md#L227>If >>>>>>>>> password is not NULL, entry is added (or modified if already exists). >>>>>>>>> I could not find the chat.c file >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> >>>>>>>>> Carlos >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "mongoose-users" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> To post to this group, send email to [email protected]. >>>>>>>>> Visit this group at http://groups.google.com/group/mongoose-users. >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "mongoose-users" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To post to this group, send email to [email protected] >>>>>>> . >>>>>>> Visit this group at http://groups.google.com/group/mongoose-users. >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "mongoose-users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> Visit this group at http://groups.google.com/group/mongoose-users. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "mongoose-users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> Visit this group at http://groups.google.com/group/mongoose-users. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "mongoose-users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> Visit this group at http://groups.google.com/group/mongoose-users. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "mongoose-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at http://groups.google.com/group/mongoose-users. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "mongoose-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/mongoose-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "mongoose-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/mongoose-users. For more options, visit https://groups.google.com/d/optout.
