| diff -r -u libcgi-back-1.0/libcgi-1.0/src/cgi.c libcgi-1.0/src/cgi.c |
| --- libcgi-back-1.0/libcgi-1.0/src/cgi.c 2014-10-28 15:16:27.000000000 +0800 |
| +++ libcgi-1.0/src/cgi.c 2015-05-11 16:19:55.980570364 +0800 |
| @@ -143,16 +143,18 @@ |
| char *method; |
| |
| method = getenv("REQUEST_METHOD"); |
| - |
| + system("echo \"cgi_process_form!\" > /tmp/my_debug"); |
| // When METHOD has no contents, the default action is to process it as GET method |
| - if (method == NULL || !strcasecmp("GET", method)) { |
| + if (method == NULL || !strcasecmp("GET", method) || !strcasecmp("POST", method)) { |
| char *dados; |
| dados = getenv("QUERY_STRING"); |
| - |
| + |
| // Sometimes, GET comes with not any data |
| - if (dados == NULL || strlen(dados) < 1) |
| - return NULL; |
| - |
| + if (dados == NULL || strlen(dados) < 1) { |
| + system("echo \"query string is null!\" > /tmp/my_debug"); |
| + return NULL; |
| + } |
| + system("echo \"query string is not null!\" > /tmp/my_debug"); |
| return process_data(dados, &formvars_start, &formvars_last, '=', '&'); |
| } |
| else if (!strcasecmp("POST", method)) { |
| diff -r -u libcgi-back-1.0/libcgi-1.0/src/cgi.h libcgi-1.0/src/cgi.h |
| --- libcgi-back-1.0/libcgi-1.0/src/cgi.h 2014-10-28 15:16:27.000000000 +0800 |
| +++ libcgi-1.0/src/cgi.h 2015-05-08 16:56:51.865844100 +0800 |
| @@ -25,6 +25,14 @@ |
| extern "C" { |
| #endif |
| |
| +#define LAST_ACCESS_TIME "last_time" |
| +#define LOG_STATUS "log_status" |
| +#define USER_ID "user_name" |
| +#define USER_PSWD "user_pswd" |
| +//second |
| +#define MAX_SESSION_TIMEOUT 600 |
| +//tmp buffer size |
| +#define TMP_BUF_MAX 256 |
| |
| // general purpose linked list. Actualy isn't very portable |
| // because uses only 'name' and 'value' variables to store data. |
| @@ -36,6 +44,15 @@ |
| struct formvarsA *next; |
| } formvars; |
| |
| +enum { |
| + SESS_VALID, |
| + SESS_NO_COOKIE, |
| + SESS_NO_ACCESS_TIME, |
| + SESS_NOT_FOUND, |
| + SESS_INVALID, |
| + SESS_TIMEOUT |
| +}; |
| + |
| extern formvars *formvars_start; |
| extern formvars *formvars_last; |
| extern formvars *cookies_start; |
| diff -r -u libcgi-back-1.0/libcgi-1.0/src/cookie.c libcgi-1.0/src/cookie.c |
| --- libcgi-back-1.0/libcgi-1.0/src/cookie.c 2014-10-28 15:16:27.000000000 +0800 |
| +++ libcgi-1.0/src/cookie.c 2015-05-12 10:27:11.335231627 +0800 |
| @@ -92,14 +92,30 @@ |
| aux = cookies; |
| |
| while (cookies) { |
| - position = 0; |
| +start: position = 0; |
| + |
| data = (formvars *)malloc(sizeof(formvars)); |
| if (!data) |
| libcgi_error(E_MEMORY, "%s, line %s", __FILE__, __LINE__); |
| |
| - while (*aux++ != '=') |
| - position++; |
| |
| + if ((strchr(cookies, '=')) == NULL) { |
| + aux = NULL; |
| + free(data); |
| + cookies = aux; |
| + goto end; |
| + } |
| + |
| + while (*aux++ != '=') { |
| + if (*(aux-1) != ';') { |
| + position++; |
| + } else { |
| + position = 0; |
| + free(data); |
| + cookies = aux; |
| + goto start; |
| + } |
| + } |
| data->name = (char *)malloc(position+1); |
| if (!data->name) { |
| libcgi_error(E_MEMORY, "%s, line %s", __FILE__, __LINE__); |
| @@ -120,7 +136,8 @@ |
| while (*aux++ != ';') |
| position++; |
| // Eliminate the blank space after ';' |
| - aux++; |
| + while(*aux == ' ') |
| + aux++; |
| } |
| |
| data->value = (char *)malloc(position + 1); |
| @@ -134,7 +151,7 @@ |
| slist_add(data, &cookies_start, &cookies_last); |
| cookies = aux; |
| } |
| - |
| +end: |
| return cookies_start; |
| } |
| |
| diff -r -u libcgi-back-1.0/libcgi-1.0/src/session.c libcgi-1.0/src/session.c |
| --- libcgi-back-1.0/libcgi-1.0/src/session.c 2014-10-28 15:16:27.000000000 +0800 |
| +++ libcgi-1.0/src/session.c 2015-05-12 14:23:44.854940353 +0800 |
| @@ -124,6 +124,7 @@ |
| SESS_OPEN_FILE |
| } sess_error; |
| |
| + |
| // This variables are used to control the linked list of all |
| // session objects. Most of time you don't need to use them |
| // directly |
| @@ -214,8 +215,6 @@ |
| { |
| formvars *data; |
| |
| - cgi_init_headers(); |
| - |
| // Rewrites all data to session file |
| sess_file = fopen(sess_fname, "w"); |
| |
| @@ -547,10 +546,90 @@ |
| fclose(fp); |
| sess_initialized = 1; |
| free(buf); |
| - |
| return 1; |
| } |
| |
| +/** |
| +* check the request validation. |
| +* This function is responsible for reading a exist session file and |
| +* validate the request. It no session file found will return session_invalid |
| +* if file found but session timeout will return session_timeout, meanwhile |
| +* destroy the session file anyway |
| +* if seesion is valid will return session_valid and refresh the session access time |
| +* @see session_destroy() |
| +*/ |
| +int cgi_session_check() |
| +{ |
| + char *buf = NULL, *sid = NULL, *value = NULL;; |
| + struct stat st; |
| + FILE *fp; |
| + struct timeval cur_tv; |
| + time_t last_time; |
| + char tmp[TMP_BUF_MAX] = { 0 }; |
| + |
| + // Get the session ID |
| + sid = cgi_cookie_value(SESSION_COOKIE_NAME); |
| + |
| + // If there isn't a session ID |
| + if (sid == NULL) { |
| + return SESS_NO_COOKIE; |
| + } |
| + |
| + save_path_len = strlen(SESSION_SAVE_PATH) + strlen(SESSION_FILE_PREFIX); |
| + |
| + sess_fname = (char *)malloc(save_path_len + SESS_ID_LEN + 1); |
| + if (!sess_fname) |
| + libcgi_error(E_MEMORY, "File %s, line %s", __FILE__, __LINE__); |
| + |
| + snprintf(sess_fname, (SESS_ID_LEN + save_path_len + 1), "%s%s%s", SESSION_SAVE_PATH, SESSION_FILE_PREFIX, sid); |
| + sess_fname[SESS_ID_LEN + save_path_len] = '\0'; |
| + |
| + errno = 0; |
| + fp = fopen(sess_fname, "r"); |
| + if (errno == ENOENT) { |
| + // The file doesn't exists |
| + return SESS_NOT_FOUND; |
| + } |
| + |
| + strncpy(sess_id, sid, SESS_ID_LEN); |
| + sess_id[SESS_ID_LEN] = '\0'; |
| + |
| + stat(sess_fname, &st); |
| + buf = (char *)malloc(st.st_size + 2); |
| + if (!buf) |
| + libcgi_error(E_MEMORY, "File %s, line %s", __FILE__, __LINE__); |
| + |
| + fgets(buf, st.st_size+1, fp); |
| + if (buf != NULL && strlen(buf) > 1) |
| + process_data(buf, &sess_list_start, &sess_list_last, '=', ';'); |
| + |
| + fclose(fp); |
| + sess_initialized = 1; |
| + free(buf); |
| + |
| + gettimeofday(&cur_tv, NULL); |
| + value = cgi_session_var(LAST_ACCESS_TIME); |
| + if (!value) { |
| + return SESS_NO_ACCESS_TIME; |
| + } |
| + |
| + last_time = (time_t)atol(value); |
| + |
| + if (cur_tv.tv_sec - last_time > MAX_SESSION_TIMEOUT) { |
| + cgi_session_destroy(); |
| + return SESS_TIMEOUT; |
| + } |
| + |
| + //refresh last access time |
| + memset(tmp, 0, TMP_BUF_MAX); |
| + snprintf(tmp, TMP_BUF_MAX - 1, "%u", cur_tv.tv_sec ); |
| + if ( cgi_session_alter_var(LAST_ACCESS_TIME, tmp)) { |
| + return SESS_VALID; |
| + } |
| + else { |
| + return SESS_INVALID; |
| + } |
| +} |
| /** |
| * @} |
| */ |