blob: d4c8b7ef540da0b6070e85a32993b0712339e9ff [file] [log] [blame]
diff -r -u libcgi-back-1.0/libcgi-1.0/src/cgi.c libcgi-1.0/src/cgi.c
--- libcgi-back-1.0/libcgi-1.0/src/cgi.c 2014-10-28 15:16:27.000000000 +0800
+++ libcgi-1.0/src/cgi.c 2015-05-11 16:19:55.980570364 +0800
@@ -143,16 +143,18 @@
char *method;
method = getenv("REQUEST_METHOD");
-
+ system("echo \"cgi_process_form!\" > /tmp/my_debug");
// When METHOD has no contents, the default action is to process it as GET method
- if (method == NULL || !strcasecmp("GET", method)) {
+ if (method == NULL || !strcasecmp("GET", method) || !strcasecmp("POST", method)) {
char *dados;
dados = getenv("QUERY_STRING");
-
+
// Sometimes, GET comes with not any data
- if (dados == NULL || strlen(dados) < 1)
- return NULL;
-
+ if (dados == NULL || strlen(dados) < 1) {
+ system("echo \"query string is null!\" > /tmp/my_debug");
+ return NULL;
+ }
+ system("echo \"query string is not null!\" > /tmp/my_debug");
return process_data(dados, &formvars_start, &formvars_last, '=', '&');
}
else if (!strcasecmp("POST", method)) {
diff -r -u libcgi-back-1.0/libcgi-1.0/src/cgi.h libcgi-1.0/src/cgi.h
--- libcgi-back-1.0/libcgi-1.0/src/cgi.h 2014-10-28 15:16:27.000000000 +0800
+++ libcgi-1.0/src/cgi.h 2015-05-08 16:56:51.865844100 +0800
@@ -25,6 +25,14 @@
extern "C" {
#endif
+#define LAST_ACCESS_TIME "last_time"
+#define LOG_STATUS "log_status"
+#define USER_ID "user_name"
+#define USER_PSWD "user_pswd"
+//second
+#define MAX_SESSION_TIMEOUT 600
+//tmp buffer size
+#define TMP_BUF_MAX 256
// general purpose linked list. Actualy isn't very portable
// because uses only 'name' and 'value' variables to store data.
@@ -36,6 +44,15 @@
struct formvarsA *next;
} formvars;
+enum {
+ SESS_VALID,
+ SESS_NO_COOKIE,
+ SESS_NO_ACCESS_TIME,
+ SESS_NOT_FOUND,
+ SESS_INVALID,
+ SESS_TIMEOUT
+};
+
extern formvars *formvars_start;
extern formvars *formvars_last;
extern formvars *cookies_start;
diff -r -u libcgi-back-1.0/libcgi-1.0/src/cookie.c libcgi-1.0/src/cookie.c
--- libcgi-back-1.0/libcgi-1.0/src/cookie.c 2014-10-28 15:16:27.000000000 +0800
+++ libcgi-1.0/src/cookie.c 2015-05-12 10:27:11.335231627 +0800
@@ -92,14 +92,30 @@
aux = cookies;
while (cookies) {
- position = 0;
+start: position = 0;
+
data = (formvars *)malloc(sizeof(formvars));
if (!data)
libcgi_error(E_MEMORY, "%s, line %s", __FILE__, __LINE__);
- while (*aux++ != '=')
- position++;
+ if ((strchr(cookies, '=')) == NULL) {
+ aux = NULL;
+ free(data);
+ cookies = aux;
+ goto end;
+ }
+
+ while (*aux++ != '=') {
+ if (*(aux-1) != ';') {
+ position++;
+ } else {
+ position = 0;
+ free(data);
+ cookies = aux;
+ goto start;
+ }
+ }
data->name = (char *)malloc(position+1);
if (!data->name) {
libcgi_error(E_MEMORY, "%s, line %s", __FILE__, __LINE__);
@@ -120,7 +136,8 @@
while (*aux++ != ';')
position++;
// Eliminate the blank space after ';'
- aux++;
+ while(*aux == ' ')
+ aux++;
}
data->value = (char *)malloc(position + 1);
@@ -134,7 +151,7 @@
slist_add(data, &cookies_start, &cookies_last);
cookies = aux;
}
-
+end:
return cookies_start;
}
diff -r -u libcgi-back-1.0/libcgi-1.0/src/session.c libcgi-1.0/src/session.c
--- libcgi-back-1.0/libcgi-1.0/src/session.c 2014-10-28 15:16:27.000000000 +0800
+++ libcgi-1.0/src/session.c 2015-05-12 14:23:44.854940353 +0800
@@ -124,6 +124,7 @@
SESS_OPEN_FILE
} sess_error;
+
// This variables are used to control the linked list of all
// session objects. Most of time you don't need to use them
// directly
@@ -214,8 +215,6 @@
{
formvars *data;
- cgi_init_headers();
-
// Rewrites all data to session file
sess_file = fopen(sess_fname, "w");
@@ -547,10 +546,90 @@
fclose(fp);
sess_initialized = 1;
free(buf);
-
return 1;
}
+/**
+* check the request validation.
+* This function is responsible for reading a exist session file and
+* validate the request. It no session file found will return session_invalid
+* if file found but session timeout will return session_timeout, meanwhile
+* destroy the session file anyway
+* if seesion is valid will return session_valid and refresh the session access time
+* @see session_destroy()
+*/
+int cgi_session_check()
+{
+ char *buf = NULL, *sid = NULL, *value = NULL;;
+ struct stat st;
+ FILE *fp;
+ struct timeval cur_tv;
+ time_t last_time;
+ char tmp[TMP_BUF_MAX] = { 0 };
+
+ // Get the session ID
+ sid = cgi_cookie_value(SESSION_COOKIE_NAME);
+
+ // If there isn't a session ID
+ if (sid == NULL) {
+ return SESS_NO_COOKIE;
+ }
+
+ save_path_len = strlen(SESSION_SAVE_PATH) + strlen(SESSION_FILE_PREFIX);
+
+ sess_fname = (char *)malloc(save_path_len + SESS_ID_LEN + 1);
+ if (!sess_fname)
+ libcgi_error(E_MEMORY, "File %s, line %s", __FILE__, __LINE__);
+
+ snprintf(sess_fname, (SESS_ID_LEN + save_path_len + 1), "%s%s%s", SESSION_SAVE_PATH, SESSION_FILE_PREFIX, sid);
+ sess_fname[SESS_ID_LEN + save_path_len] = '\0';
+
+ errno = 0;
+ fp = fopen(sess_fname, "r");
+ if (errno == ENOENT) {
+ // The file doesn't exists
+ return SESS_NOT_FOUND;
+ }
+
+ strncpy(sess_id, sid, SESS_ID_LEN);
+ sess_id[SESS_ID_LEN] = '\0';
+
+ stat(sess_fname, &st);
+ buf = (char *)malloc(st.st_size + 2);
+ if (!buf)
+ libcgi_error(E_MEMORY, "File %s, line %s", __FILE__, __LINE__);
+
+ fgets(buf, st.st_size+1, fp);
+ if (buf != NULL && strlen(buf) > 1)
+ process_data(buf, &sess_list_start, &sess_list_last, '=', ';');
+
+ fclose(fp);
+ sess_initialized = 1;
+ free(buf);
+
+ gettimeofday(&cur_tv, NULL);
+ value = cgi_session_var(LAST_ACCESS_TIME);
+ if (!value) {
+ return SESS_NO_ACCESS_TIME;
+ }
+
+ last_time = (time_t)atol(value);
+
+ if (cur_tv.tv_sec - last_time > MAX_SESSION_TIMEOUT) {
+ cgi_session_destroy();
+ return SESS_TIMEOUT;
+ }
+
+ //refresh last access time
+ memset(tmp, 0, TMP_BUF_MAX);
+ snprintf(tmp, TMP_BUF_MAX - 1, "%u", cur_tv.tv_sec );
+ if ( cgi_session_alter_var(LAST_ACCESS_TIME, tmp)) {
+ return SESS_VALID;
+ }
+ else {
+ return SESS_INVALID;
+ }
+}
/**
* @}
*/