Subversion Repositories VORC

Rev

Rev 134 | Rev 149 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 134 Rev 138
Line 9... Line 9...
9 
use DBI;
 9 
use DBI;
10 
use WebDB;
 10 
use WebDB;
Line 11... Line 11...
11 
 
 11 
 
12 
$SIG{__WARN__} = sub { warn sprintf("[%s] ", scalar localtime), @_ };
 12 
$SIG{__WARN__} = sub { warn sprintf("[%s] ", scalar localtime), @_ };
- 
 
 13 
$SIG{__DIE__}  = sub { die  sprintf("[%s] ", scalar localtime), @_ };
- 
 
 14 
my $SESSIONS = $ENV{SERVER_NAME} eq "volunteers.rollercon.com" ? "/home3/rollerco/vorc_sessions" : "/tmp/sessions";
- 
 
 15 
my $SESSIONS_ACTIVE = $SESSIONS . "/active";
- 
 
 16 
my $SESSIONS_QUEUE  = $SESSIONS . "/queue";
- 
 
 17 
`/bin/mkdir $SESSIONS` unless -e $SESSIONS;
- 
 
 18 
`/bin/mkdir $SESSIONS_ACTIVE` unless -e $SESSIONS_ACTIVE;
- 
 
 19 
`/bin/mkdir $SESSIONS_QUEUE`  unless -e $SESSIONS_QUEUE;
- 
 
 20 
`/usr/bin/find $SESSIONS_ACTIVE -mmin +30 -type f -delete`;
Line 13... Line 21...
13 
$SIG{__DIE__}  = sub { die  sprintf("[%s] ", scalar localtime), @_ };
 21 
`/usr/bin/find $SESSIONS_QUEUE -mmin +7 -type f -delete`;
Line -... Line 22...
- 
 
 22 
 
- 
 
 23 
our @EXPORT = qw( $ORCUSER $SYSTEM_EMAIL getRCDBH getAccessLevels authDB max authenticate canView getShiftDepartment getClassID getDepartments convertDepartments convertTime getSchedule getRCid getSetting getUser getUserEmail getUserDerbyName getYears printRCHeader changeShift modShiftTime signUpCount signUpEligible findConflict changeLeadShift sendNewUserEMail logit validate_emt);
14 
 
 24 
 
15 
our @EXPORT = qw( $ORCUSER $SYSTEM_EMAIL getRCDBH getAccessLevels authDB max authenticate canView getShiftDepartment getClassID getDepartments convertDepartments convertTime getSchedule getRCid getSetting getUser getUserEmail getUserDerbyName getYears printRCHeader changeShift modShiftTime signUpCount signUpEligible findConflict changeLeadShift sendNewUserEMail logit validate_emt);
 25 
checkQueue (); # without a number here, the queue functionality is disabled / bypassed
16 
 
 26 
 
17 
my $dbh = WebDB->connect ();
 27 
my $dbh = WebDB->connect ();
18 
sub getRCDBH {
 28 
sub getRCDBH {
Line 157... Line 167...
157 
    my ($max, $next, @vars) = @_;
 167 
    my ($max, $next, @vars) = @_;
158 
    return $max if not $next;
 168 
    return $max if not $next;
159 
    return max( $max > $next ? $max : $next, @vars );
 169 
    return max( $max > $next ? $max : $next, @vars );
160 
}
 170 
}
Line -... Line 171...
- 
 
 171 
 
- 
 
 172 
sub inQueue {
- 
 
 173 
	my $item = shift;
- 
 
 174 
	my $array = shift;
- 
 
 175 
	my $position = 1;
- 
 
 176 
	foreach (@{$array})	{
- 
 
 177 
	  if ($item eq $_) {
- 
 
 178 
		  return $position;
- 
 
 179 
		} else {
- 
 
 180 
		  $position++;
- 
 
 181 
		}
- 
 
 182 
	}
- 
 
 183 
	return 0;
- 
 
 184 
}
- 
 
 185 
 
161 
 
 186 
 
162 
sub authenticate {									# Verifies the user has logged in or puts up a log in screen
 187 
sub authenticate {									# Verifies the user has logged in or puts up a log in screen
163 
	my $MAINTMODE = getSetting ("MAINTENANCE");
 188 
	my $MAINTMODE = getSetting ("MAINTENANCE");
Line 164... Line 189...
164 
	my $MINLEVEL = $MAINTMODE ? $MAINTMODE : shift // 1;
 189 
	my $MINLEVEL = $MAINTMODE ? $MAINTMODE : shift // 1;
165
190
Line 166... Line 191...
166 
	my ($ERRMSG, $authenticated, %FORM);
 191 
	my ($ERRMSG, $authenticated, %FORM);
167 
	my $sth = $dbh->prepare("select * from official where email = '?'");
 192 
	my $sth = $dbh->prepare("select * from official where email = '?'");
168
193
- 
 
 194 
	my $query = new CGI;
169 
	my $query = new CGI;
 195 
# Check to see if the user has already logged in (there should be cookies with their authentication)?
170 
# Check to see if the user has already logged in (there should be cookies with their authentication)?
 196 
	my $RCAUTH = $query->cookie('RCAUTH');
171 
	my $RCAUTH = $query->cookie('RCAUTH');
 197 
 	my $RCqueueID = CGI::cookie('RCQUEUEID') // WebDB::trim CGI::param('RCqueueID') // "";
172 
	$FORM{'ID'} = WebDB::trim $query->param('userid') || '';
 198 
	$FORM{'ID'} = WebDB::trim $query->param('userid') || '';
Line 187... Line 213...
187 
		}
 213 
		}
188 
	} else {
 214 
	} else {
189 
		$authenticated->{authenticated} = 'false';
 215 
		$authenticated->{authenticated} = 'false';
190 
	}
 216 
	}
Line 191... Line -...
191
- 
 
192
217
- 
 
 218 
	if ($authenticated->{authenticated} eq 'true') {
- 
 
 219 
    use Digest::MD5 qw/md5_hex/;
- 
 
 220 
    my $sessionid = md5_hex ($ORCUSER->{email});
- 
 
 221
- 
 
 222 
    # Limit how long users are allowed to stay logged in at once.
- 
 
 223 
    my ($session_length) = $dbh->selectrow_array ("select timestampdiff(MINUTE, last_login, now()) from official where RCid = ?", undef, $ORCUSER->{RCid});
- 
 
 224 
    if ($session_length > getSetting ("MAX_SESSION_MINUTES")) {
- 
 
 225 
      $ENV{'QUERY_STRING'} = "LOGOUT";
- 
 
 226 
      $authenticated->{ERRMSG} = "Maximum session time exceeded.<br>";
- 
 
 227 
    }
- 
 
 228
- 
 
 229 
	  if ($ENV{'QUERY_STRING'} eq "LOGOUT") {
- 
 
 230 
      # warn "logging $ORCUSER->{derby_name} out...";
- 
 
 231 
      $authenticated->{ERRMSG} .= "Logged Out.<br>";
- 
 
 232 
      $authenticated->{cookie_string} = "";
- 
 
 233 
      $authenticated->{authenticated} = 'false';
- 
 
 234 
      $ENV{REQUEST_URI} =~ s/LOGOUT//;
- 
 
 235 
      logit ($ORCUSER->{RCid}, "Logged Out");
- 
 
 236 
      $dbh->do ("update official set last_active = ? where RCid = ?", undef, undef, $ORCUSER->{RCid});
- 
 
 237 
  		`/bin/rm $SESSIONS_ACTIVE/$sessionid`;
- 
 
 238 
      $ORCUSER = "";
- 
 
 239 
    } else {
- 
 
 240 
  		$dbh->do ("update official set last_active = now() where RCid = ?", undef, $ORCUSER->{RCid});
- 
 
 241 
  		`/bin/touch $SESSIONS_ACTIVE/$sessionid`;
193 
	if ($authenticated->{authenticated} eq 'true') {
 242 
      `/bin/rm $SESSIONS_QUEUE/$RCqueueID` if -e $SESSIONS_QUEUE."/".$RCqueueID;
- 
 
 243 
  		return $authenticated->{cookie_string};
194 
		return $authenticated->{cookie_string};
 244 
  	}
Line 195... Line -...
195 
	}
 - 
 
196
245 
	}
Line 197... Line 246...
197
246
198 
 
 247
199 
# If we get here, the user has failed authentication; throw up the log-in screen and die.
 248 
# If we get here, the user has failed authentication; throw up the log-in screen and die.
200 
 
 249 
 
201 
	my $RCAUTH_cookie = CGI::Cookie->new(-name=>'RCAUTH',-value=>$authenticated->{cookie_string},-expires=>"+30m");
 250 
	my $RCAUTH_cookie = CGI::Cookie->new(-name=>'RCAUTH',-value=>$authenticated->{cookie_string},-expires=>"+30m");
202 
 
 251
203 
  if ($authenticated->{ERRMSG}) {
 252 
  if ($authenticated->{ERRMSG}) {
204 
  	$authenticated->{ERRMSG} = "<TR><TD colspan=2 align=center><font color=red><b>".$authenticated->{ERRMSG}."</b></font>&nbsp</TD></TR>";
 253 
  	$authenticated->{ERRMSG} = "<TR><TD colspan=2 align=center><font color=red><b>".$authenticated->{ERRMSG}."</b></font>&nbsp</TD></TR>";
205 
  	# Log the failed access attempt
 254 
  	# Log the failed access attempt
206 
  } else {
 255 
  } else {
207 
  	$authenticated->{ERRMSG} = "";
 256 
  	$authenticated->{ERRMSG} = "";
- 
 
 257 
  	# Since there was no ERRMSG, no need to log anything.
- 
 
 258 
  }
- 
 
 259
- 
 
 260 
#	print header(-cookie=>$RCAUTH_cookie);
- 
 
 261
- 
 
 262
- 
 
 263 
  if ($RCqueueID) {
- 
 
 264 
   	my $RCQUEUE_cookie = CGI::Cookie->new(-name=>'RCQUEUEID',-value=>"",-expires=>"+0m");
208 
  	# Since there was no ERRMSG, no need to log anything.
 265 
 	  print header(-cookie=>[$RCAUTH_cookie,$RCQUEUE_cookie]);
209 
  }
 266 
  } else {
210 
 
 267 
 	  print header(-cookie=>$RCAUTH_cookie);
- 
 
 268 
 	}
211 
	print header(-cookie=>$RCAUTH_cookie);
 269 
	printRCHeader("Please Sign In");
212 
	printRCHeader("Please Sign In");
 270 
	print<<authpage;
213 
	print<<authpage;
 271 
	<form action="$ENV{REQUEST_URI}" method=POST name=Req id=Req>
214 
	<form action="$ENV{REQUEST_URI}" method=POST name=Req id=Req>
 272 
	<input type=hidden name=RCqueueID value=$RCqueueID>
215 
		<TR><TD colspan=2 align=center><b><font size=+2>Please Sign In</font>
 273 
		<TR><TD colspan=2 align=center><b><font size=+2>Please Sign In</font>
216 
		<TABLE>
 274 
		<TABLE>
217 
		</TD></TR>
 275 
		</TD></TR>
- 
 
 276 
		<TR><TD colspan=2>&nbsp</TD></TR>
- 
 
 277 
		$authenticated->{ERRMSG}
- 
 
 278 
authpage
- 
 
 279
- 
 
 280 
  if ($ENV{'QUERY_STRING'} eq "LOGOUT") {
- 
 
 281 
    print "<TR><TD colspan=2>&nbsp</TD></TR>";
- 
 
 282 
    print "<TR><TD colspan=2><button onClick=\"location.href='';\">Log In</button></TD></TR>";
218 
		<TR><TD colspan=2>&nbsp</TD></TR>
 283 
    print "</TABLE></BODY></HTML>";
Line 219... Line 284...
219 
		$authenticated->{ERRMSG}
 284 
    exit;
220 
authpage
 285 
  }
221 
 
 286
222 
  if ($authenticated->{authenticated} eq "inactive") {
 287 
  if ($authenticated->{authenticated} eq "inactive") {
223 
 
 288 
 
224 
    print<<activationpage;
 289 
    print<<activationpage;
225 
      <TR><TD colspan=2 align=center>&nbsp;</TD></TR>
 290 
      <TR><TD colspan=2 align=center>&nbsp;</TD></TR>
226 
      <TR><TD align=right><B>Activation Code:</TD><TD><INPUT type=text id=activate name=activate></TD></TR>
 291 
      <TR><TD align=right><B>Activation Code:</TD><TD><INPUT type=text id=activate name=activate></TD></TR>
227 
      <TR><TD></TD><TD><INPUT type=submit name=login value=Submit></TD></TR>
 292 
      <TR><TD></TD><TD><INPUT type=submit name=login value=Submit></TD></TR>
Line 228... Line 293...
228 
      <TR><TD colspan=2 align=center>&nbsp;</TD></TR>
 293 
      <TR><TD colspan=2 align=center>&nbsp;</TD></TR>
Line 255... Line 320...
255 
  		document.getElementById('Req').action = "$ENV{SCRIPT_NAME}";
 320 
  		document.getElementById('Req').action = "$ENV{SCRIPT_NAME}";
256 
  		document.getElementById('Req').submit.click();
 321 
  		document.getElementById('Req').submit.click();
257 
  		return true;
 322 
  		return true;
258 
  	}
 323 
  	}
Line 259... Line -...
259 
 
 - 
 
260 
 
 324 
 
261 
  	//-->
 325 
  	//-->
Line 262... Line 326...
262 
  	</SCRIPT>
 326 
  	</SCRIPT>
263 
 
 327 
 
Line 264... Line 328...
264 
authpage2
 328 
authpage2
265 
}
 329 
  }
266 
 
 330 
 
267 
#foreach (keys %ENV) {
 331 
#foreach (keys %ENV) {
268 
#	print "$_: $ENV{$_}<br>";
 332 
#	print "$_: $ENV{$_}<br>";
269 
#}
 333 
#}
Line -... Line 334...
- 
 
 334 
#	&JScript;
- 
 
 335 
	exit;
- 
 
 336 
}
- 
 
 337 
 
- 
 
 338 
sub checkQueue {
- 
 
 339 
  my $max_users = shift;
- 
 
 340 
  return unless $max_users =~ /^\d+$/;
- 
 
 341
- 
 
 342 
	return if $ENV{'QUERY_STRING'} eq "SKIPQUEUE";
- 
 
 343
- 
 
 344 
	my $RCAUTH = CGI::cookie('RCAUTH') // "";
- 
 
 345
- 
 
 346 
	if ($RCAUTH) {
- 
 
 347 
	  # If the user is already logged in, bypass the queue check.
- 
 
 348 
	  use Digest::MD5 qw/md5_hex/;
- 
 
 349 
   	my ($RCID, $RCPASS, $RCLVL) = split /&/, $RCAUTH;
- 
 
 350 
    my $sessionid = md5_hex ($RCID);
- 
 
 351
- 
 
 352 
    return if -e $SESSIONS_ACTIVE."/".$sessionid;
- 
 
 353 
	}
- 
 
 354
- 
 
 355 
  my $active_users = `/bin/ls -1 $SESSIONS_ACTIVE | /usr/bin/wc -l`; chomp $active_users;
- 
 
 356 
  my @queued_users = `/bin/ls -1 $SESSIONS_QUEUE`; foreach (@queued_users) { chomp; }
- 
 
 357 
 	my $RCqueueID = CGI::cookie('RCQUEUEID') // WebDB::trim CGI::param('RCqueueID') // "";
- 
 
 358
- 
 
 359 
  if ($active_users >= $max_users) {
- 
 
 360 
    # We are at max users. People have to wait.
- 
 
 361 
    if (!$RCqueueID) {
- 
 
 362 
   	  use Digest::MD5 qw/md5_hex/;
- 
 
 363 
   	  $RCqueueID = time () ."-". md5_hex (rand ());
- 
 
 364 
   	  push @queued_users, $RCqueueID;
- 
 
 365 
    }
- 
 
 366 
 	  `/bin/touch $SESSIONS_QUEUE/$RCqueueID`;
- 
 
 367
- 
 
 368 
    printQueuePage ($RCqueueID, "(".inQueue ($RCqueueID, \@queued_users)." of ".scalar @queued_users." users)");
- 
 
 369 
    exit;
- 
 
 370
- 
 
 371 
  } elsif (scalar @queued_users) {
- 
 
 372 
    # There are users in queue...
- 
 
 373 
    if (!$RCqueueID) {
- 
 
 374 
      # If you're not already in queue, get in line.
- 
 
 375 
   	  use Digest::MD5 qw/md5_hex/;
- 
 
 376 
   	  $RCqueueID = time () ."-". md5_hex (rand ());
- 
 
 377 
   	  push @queued_users, $RCqueueID;
- 
 
 378 
    }
- 
 
 379 
 	  `/bin/touch $SESSIONS_QUEUE/$RCqueueID`;
- 
 
 380
- 
 
 381 
   	my $queue_position = inQueue ($RCqueueID, \@queued_users);
- 
 
 382 
    if ($queue_position > ($max_users - $active_users)) {
- 
 
 383 
      # If you're not at the head of the line, continue to wait.
- 
 
 384 
      printQueuePage ($RCqueueID, "($queue_position of ".scalar @queued_users." users)");
- 
 
 385 
      exit;
- 
 
 386 
    }
- 
 
 387 
  }
- 
 
 388 
 
- 
 
 389 
  return;
- 
 
 390 
}
- 
 
 391 
 
- 
 
 392 
sub printQueuePage {
- 
 
 393 
  my $RCqueueID = shift;
- 
 
 394 
  my $queue_position = shift;
- 
 
 395
- 
 
 396 
  print header(-cookie=>CGI::Cookie->new(-name=>'RCQUEUEID',-value=>$RCqueueID,-expires=>"+5m"));
- 
 
 397 
  printRCHeader("is Busy");
- 
 
 398 
  print<<busy;
- 
 
 399 
    <P><b><font size=+2>Sorry, we are full right now.</font></P>
- 
 
 400 
    <P>You are in queue $queue_position.</P>
- 
 
 401 
    <div><ul>
- 
 
 402 
    <li>This page will refresh every 15 seconds.</li>
- 
 
 403 
    <li>When it's your turn to log in, you'll see the username/password boxes.</li>
- 
 
 404 
    <li>If you don't log in within five [5] minutes, or if you leave this page, you will likely lose your place in line.</li>
- 
 
 405 
    </ul></div>
- 
 
 406 
    </BODY>
- 
 
 407 
    <SCRIPT language="JavaScript">
- 
 
 408 
   	<!--
- 
 
 409 
    // Refresh the page after a delay of 5 seconds
- 
 
 410 
      setTimeout(function(){
- 
 
 411 
        location.replace(location.href);
- 
 
 412 
      }, 15000); // 15000 milliseconds = 15 seconds
- 
 
 413 
    //-->
- 
 
 414 
    </SCRIPT>
- 
 
 415 
    </HTML>
270 
#	&JScript;
 416 
busy
271 
	exit;
 417 
  return;
272 
}
 418 
}
273 
 
 419 
 
274 
sub canView {
 420 
sub canView {
Line 513... Line 659...
513 
  return $derbyname;
 659 
  return $derbyname;
514 
}
 660 
}
Line 515... Line 661...
515 
 
 661 
 
516 
sub getSetting {
 662 
sub getSetting {
- 
 
 663 
	my $k = shift;
517 
	my $k = shift;
 664
518 
	my ($value) = $dbh->selectrow_array ("select setting.value from setting where setting.key = ?", undef, $k);
 665 
	my ($value) = $dbh->selectrow_array ("select setting.value from setting where setting.key = ?", undef, $k);
519 
  return defined $value ? $value : undef;
 666 
  return defined $value ? $value : undef;
Line 520... Line 667...
520 
}
 667 
}
Line 568... Line 715...
568
715
569 
#  my $logout = $h->a ({ href=>"index.pl", onClick=>"document.cookie = 'RCAUTH=; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/';return true;" }, "[Log Out]");
 716 
#  my $logout = $h->a ({ href=>"index.pl", onClick=>"document.cookie = 'RCAUTH=; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/';return true;" }, "[Log Out]");
570 
  my $referrer = param ("referrer") ? param ("referrer") : $ENV{HTTP_REFERER};
 717 
  my $referrer = param ("referrer") ? param ("referrer") : $ENV{HTTP_REFERER};
571 
  my $logout = (!$referrer or $referrer eq url) ? "" : $h->button ({ onClick=>"window.location.href='$referrer';" }, "Back")."&nbsp;";
 718 
  my $logout = (!$referrer or $referrer eq url) ? "" : $h->button ({ onClick=>"window.location.href='$referrer';" }, "Back")."&nbsp;";
572 
  $logout .= url =~ /\/(index.pl)?$/ ? "" : $h->button ({ onClick=>"window.location.href='/schedule/';" }, "Home")."&nbsp;";
 719 
  $logout .= url =~ /\/(index.pl)?$/ ? "" : $h->button ({ onClick=>"window.location.href='/schedule/';" }, "Home")."&nbsp;";
- 
 
 720 
#  $logout .= $h->button ({ onClick=>"document.cookie = 'RCAUTH=; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/'; location.href='/';" }, "Log Out");
573 
  $logout .= $h->button ({ onClick=>"document.cookie = 'RCAUTH=; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/'; location.href='/';" }, "Log Out");
 721 
  $logout .= $h->button ({ onClick=>"location.href='?LOGOUT';" }, "Log Out");
Line 574... Line 722...
574 
	my $loggedinas = $ORCUSER ? "Currently logged in as: ".$h->a ({ href=>"/schedule/view_user.pl?submit=View&RCid=$ORCUSER->{RCid}" }, $ORCUSER->{derby_name}).$h->br.$logout : "";
 722 
	my $loggedinas = $ORCUSER ? "Currently logged in as: ".$h->a ({ href=>"/schedule/view_user.pl?submit=View&RCid=$ORCUSER->{RCid}" }, $ORCUSER->{derby_name}).$h->br.$logout : "";
Line 575... Line 723...
575
723