head	1.2;
access;
symbols;
locks
	root:1.2; strict;
comment	@# @;


1.2
date	2006.06.23.07.27.08;	author root;	state Exp;
branches;
next	1.1;

1.1
date	2006.06.22.10.09.34;	author root;	state Exp;
branches;
next	;


desc
@do the serial number enforcement
@


1.2
log
@prior to debug code addition
@
text
@<if variable=debugg>DEBUGGING ON<BR></if>
<COMMENT>
(15:14:34) Marc Pelzer 436: 'R1EuropeAuth_serial' => 'FE23185378E650FCE033C0A87F2E50FC@@20060614131417|5808a6116352a72284b1d5c9632a1b9a'
(15:15:49) glomphaim: can you paste your code line where you make the MD5?
(15:15:56) Marc Pelzer 436: ok, mompls
(15:16:38) Marc Pelzer 436: $this->{response}->{cookies}->{R1EuropeAuth_serial} = $userGuid . '@@' . strftime("%Y%m%d%H%M%S", localtime(time)) . "|" . $this->{md5}->add($userGuid . '@@' . strftime("%Y%m%d%H%M%S", localtime(time)) . $this->{obj}->{int}->{config}->{COOKIE}->{SECRET_PHRASE_realmusic})->hexdigest;
(15:17:39) glomphaim: OK, so you are MD5-ing     userguid@@timestamp
(15:18:05) Marc Pelzer 436: yep - and i connect the secret string directly to that
</COMMENT>

<if  cookie="R1EuropeAuth_serial">
<cset variable=fullcookie preparse><insert cookie=R1EuropeAuth_serial></cset>
<arraycadd preparse name=ray delim="|"><insert variable=fullcookie></arraycadd>
<cset variable=field0 preparse><arrayfetch name=ray index=0 encode=none></cset>
<cset variable=md5input preparse><arrayfetch name=ray index=1 encode=none></cset>

<arraycadd preparse name=useranddate delim="@@"><insert variable=field0></arraycadd>
<cset variable=userguid preparse><arrayfetch name=useranddate index=0 encode=none></cset>
<cset variable=usertime preparse><arrayfetch name=useranddate index=1 encode=none></cset>

<md5 preparse quiet><insert variable=field0></md5><md5 preparse quiet><insert variable=secret></md5>
<cset preparse variable=md5calc><md5digest></cset>

<COMMENT> <BR> COOKIE data is <insert variable=field0>
<BR> COOKIE MD5 is <insert variable=md5input>
<BR> Calculated inbound MD5 is <insert variable=md5calc><BR></COMMENT>

<formoutput><if variable="md5input is #md5calc#"><set variable=md5isok value=ya></if></formoutput>

<if variable=md5isok> <if variable=debugg><BR>MD5 is OK<BR></if>

<formoutput quote=???><sqloutput  host=mysql://localhost/serial query="select serial from serial where userid='???userguid???'">#serial#</sqloutput></formoutput><BR>
<formoutput quote=???>
<cset preparse variable=dbserial><sqloutput  host=mysql://localhost/serial query="select serial from serial where userid='???userguid???'">#serial#</sqloutput>
<else>NOOL</else></cset>
</formoutput>

<if not variable="dbserial is NOOL"> <BR>Timestamp <insert variable=dbserial> found<BR>
<COMMENT>There is a timestamp for this user, now figure out if it is cool</COMMENT>

<insert variable=usertime>is usertime and <insert variable=dbserial> is dbserial<BR>
<formoutput><set variable=diff expr="#usertime#-#dbserial#"></formoutput> <BR> diff is <insert variable=diff>
<if not variable="diff is -*"> DIFF is POSITIVE.  GOOD!
<set variable=gooddiff value=ya>

</if><COMMENT><else>echo NEGATIVE NUMBER D00D! invalid timestamp</else></COMMENT>
</if><COMMENT><else>No entry in timestamp database for user <insert variable=userguid></else></COMMENT>
</if><COMMENT><else>MD5 on the cookie is bad!</else></COMMENT>
</if><COMMENT><else>No R1EuropeAuth_serial cookie!  Wuzzzupppp?</else></COMMENT>

<if variable="dbserial is NOOL"><set variable=serialnumberisgood value=ya></if>
<if variable="gooddiff"><set variable=serialnumberisgood value=ya></if>

<if variable=serialnumberisgood>
<COMMENT> SET/UPDATE serial-timestamp </COMMENT>  Setting new cookie value <BR>
<cset preparse variable=nowtime><date strfmt=%Y%m%d%H%M%S></cset>
<md5 preparse quiet><insert variable=userguid>@@<insert variable=nowtime></md5><md5 preparse quiet><insert variable=secret></md5>
<cset preparse variable=newmd5><md5digest></cset>
<cset preparse variable=newuseranddate><insert variable=userguid>@@<insert variable=nowtime>|<insert variable=newmd5></cset>
<formoutput><set_cookie days=14 domain=.real.com name=R1EuropeAuth_serial value=#newuseranddate#></formoutput>

<COMMENT> Enter new timestamp in database for the luser   Updating time-based serial number in DB <BR></COMMENT>
<formoutput quote=???><sqlquery host=mysql://localhost/serial query="replace into serial values ('???userguid???',???nowtime???)"></formoutput>
</if></if>
@


1.1
log
@Initial revision
@
text
@d1 1
a1 1
<trimlines>
a10 4
<COMMENT>default secret
<set variable=secret value=cowsonthemooneatcheesewhilewatchingthestarsgoby>
</COMMENT>

a15 1
<set variable=secret value=cowsonthemooneatcheesewhilewatchingthestarsgoby>
d30 1
a30 1
<if variable=md5isok> <COMMENT><BR>MD5 is OK<BR></COMMENT>
d51 1
a51 1
<if variable="dbserial is NOOL">DBSERIAL is NOOL<set variable=serialnumberisgood value=ya></if>
d64 1
a64 3
</if>

</trimlines>
@