Entered GetUserSessionCookie Sessionname: 'CGISESSID' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 765.
[Thu Apr 20 17:20:07 2017] manage_users.cgi: Entered GetUserSessionCookie Sessionname: 'CGISESSID' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 765.
SID From Get SeesionCookie: '09f0bc99abd030d73dd4686d3633f624' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 773.
[Thu Apr 20 17:20:07 2017] manage_users.cgi: SID From Get SeesionCookie: '09f0bc99abd030d73dd4686d3633f624' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 773.
ProcessLoginRequest Query: 'CGI=HASH(0x873390)' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 238.
[Thu Apr 20 17:20:07 2017] manage_users.cgi: ProcessLoginRequest Query: 'CGI=HASH(0x873390)' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 238.
ProcessLoginRequest SID from cookie: '09f0bc99abd030d73dd4686d3633f624' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 239.
[Thu Apr 20 17:20:07 2017] manage_users.cgi: ProcessLoginRequest SID from cookie: '09f0bc99abd030d73dd4686d3633f624' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 239.
SID befor new session : '09f0bc99abd030d73dd4686d3633f624' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 266.
[Thu Apr 20 17:20:07 2017] manage_users.cgi: SID befor new session : '09f0bc99abd030d73dd4686d3633f624' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 266.
username1 : '428' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 283.
[Thu Apr 20 17:20:07 2017] manage_users.cgi: username1 : '428' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 283.
Already logged on LoggedOn_user_id : '428' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 296.
[Thu Apr 20 17:20:07 2017] manage_users.cgi: Already logged on LoggedOn_user_id : '428' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 296.
username1: '428' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 299.
[Thu Apr 20 17:20:07 2017] manage_users.cgi: username1: '428' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 299.
result = '1' message0 = 'Your previous session is still valid. You are now logged in.' message1 = '09f0bc99abd030d73dd4686d3633f624' message2 = '0' at manage_users.cgi line 87.
[Thu Apr 20 17:20:07 2017] manage_users.cgi: result = '1' message0 = 'Your previous session is still valid. You are now logged in.' message1 = '09f0bc99abd030d73dd4686d3633f624' message2 = '0' at manage_users.cgi line 87.
Already logged in so send client already logged in form This is in the initial action GetLoginForm at manage_users.cgi line 96.
[Thu Apr 20 17:20:07 2017] manage_users.cgi: Already logged in so send client already logged in form This is in the initial action GetLoginForm at manage_users.cgi line 96.
####
#!/usr/bin/perl -w
#-------------------------------------------------------------------------------
# Perl Script manage_users.cgi
# 02/12/2011 by R. Tulloch
#Revised 2/25/2017 R Tulloch
# Based on lots of other folks work that went before me
# licensed under the GNU General Public License ver. 2.0
# see the accompaning LICENSE file
#-------------------------------------------------------------------------------
use strict;
use diagnostics -verbose;
use warnings;
use CGI;
use CGI::Carp qw(fatalsToBrowser warningsToBrowser);
use CGI qw(:standard escapeHTML);
use CGI qw/:standard/;
use lib qw(/usr/local/apache/lib/perl);
use CGI::Session;
#use CGI::Switch;
#use feature ':5.12';
#use feature 'switch';
use Time::HiRes qw(usleep);
#local ($CGI::DISABLE_UPLOADS, $CGI::POST_MAX);
$CGI::DISABLE_UPLOADS = 1; # Disable uploads
$CGI::POST_MAX = 32 * 1024; # limit posts to 32K max
use lib qw(/home/jalamior/www/httpsdocs/cgi-bin/lib/perl);
#use Switch;
#use lib qw(/home/httpd/vhosts/jala-mi.org/cgi-bin/lib/perl);
#use lib qw(/srv/www/cgi-bin/lib/perl);
use manageusers qw(GetUserSessionCookie CheckForAuthorizedUser ProcessLostDataRequest ProcessLoginRequest LoginUser LogoutUser UpdateUserData GetUserLostData print_md5_javascript CheckValidLoginChar CheckValidEmailChar);
#use Trace;
#-------------------------------------------------------------------------------
# Admin Configuration Section
#-------------------------------------------------------------------------------
#Association name and acronym
my $fbformtitle = "Jackson Area Landlords ";
my $fbacronym = "JALA";
#Only change page titles.
my $htmlFeedbackheader='User Feedback Form';
my $htmlInvalidLoginheader='Invalid Login Data Feedback Form';
my $htmlInvalidUpdateheader='Invalid Update Input Data Feedback Form';
my $htmlLoginheader='Login Form';
my $htmlUpdateUserheader='Update User Information';
my $htmlRequestMissingheader='Lost Information Request';
my $htmlheader2 = '';
my $htmlheader3 = '';
#our $loggedon_id =0;
my $accessAdmin = 0;
$accessAdmin = $manageusers::adminaccess;
#warn("accessAdmin = '$accessAdmin'");
#-------------------------------------------------------------------------------
# Non-Configuarable
#-------------------------------------------------------------------------------
my $query = new CGI;
my $cgiURL = CGI::url();
my %params = CGI::Vars();
#Error Handling
BEGIN {
my $blank = " ";
require 5.004;
use CGI::Carp qw(fatalsToBrowser carpout);
my $logfile = '/home/jalamior/public_html/httpsdocs/cgi-bin/logs/errorLog/errorFile.log';
open LOG, ">>$logfile" or die "Couldn't append to $logfile: $!\n";
carpout(\*LOG);
};
#-------------------------------------------------------------------------------
# CGI Switch Tree
#-------------------------------------------------------------------------------
Main();
sub Main {
my $action = $query->param('action');
{
#warn("Request for LoginForm manage_users.cgi: '$action'");
($action eq "GetLoginForm") && do {
manageusers::OpenConnection();
#warn("Just before ProcessLoginRequest - create session = '$query'");
my ($result,$message0,$message1,$message2) = ProcessLoginRequest($query);
warn("result = '$result' message0 = '$message0' message1 = '$message1' message2 = '$message2'");
if(!$result){
#warn("Tell client that login failed");
manageusers::CloseConnection();
LoginUserFailedForm("The Login Request failed due to some internal errot. Please try again or contact the office.");
exit(0);
#return; #exit;
}
elsif ($result == 1) {
warn("Already logged in so send client already logged in form This is in the initial action GetLoginForm");
manageusers::CloseConnection();
CreateAlreadyLoggedinForm($message0);
exit (0);
#return;
}
elsif ($result == 2){
#warn("Not logged in so send client login form");
manageusers::CloseConnection();
CreateLoginForm($message0, $message1, $message2);
exit(0);
#return; #exit;
}
};
####
#-------------------------------------------------------------------------------
# Perl Modu
le manageusers
# 12/28/2003 by R. Tulloch
# Revised 3/4/2017 9:37 am R Tulloch
# Based on lots of other folks work that went before me
# licensed under the GNU General Public License ver. 2.0
# see the accompaning LICENSE file
#-------------------------------------------------------------------------------
# This software is provided 'as-is' and without warranty. Use it at
# your own risk.
#
# JavaScript MD5 code by Paul Johnston
#
# * Version 1.1 Copyright (C) Paul Johnston 1999 - 2002.
# * Code also contributed by Greg Holt
# * See http://pajhome.org.uk/site/legal.html for details.
#
# The original Digest::MD5 Perl Module interface was written by
# Neil Winton and is maintained by
# Gisle Aas
#
#-------------------------------------------------------------------------------
# The MD5 algorithm is defined in RFC 1321. The basic C code implementing
# the algorithm is derived from that in the RFC and is covered by the
# following copyright:
#
# Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights
# reserved. License to copy and use this software is granted provided that
# it is identified as the "RSA Data Security, Inc. MD5 Message-Digest
# Algorithm" in all material mentioning or referencing this software or
# this function.
#
# License is also granted to make and use derivative works provided that
# such works are identified as "derived from the RSA Data Security, Inc.
# MD5 Message-Digest Algorithm" in all material mentioning or referencing
# the derived work.
#-------------------------------------------------------------------------------
package manageusers;
use strict;
use diagnostics -verbose;
use warnings;
use CGI;
#use Carp::Always;
use CGI::Carp qw(fatalsToBrowser warningsToBrowser);
use CGI qw(:standard escapeHTML);
use CGI qw/:standard/;
use Data::Dumper;
use Digest::MD5 qw(md5_hex);
#use DB_File; # persistent hash database
use CGI::Session;
use CGI::Cookie;
#use vars qw($session_cookie1 $session_cookie2 $login_timeout);
#use vars qw($session);
use Mail::Sendmail;
use Time::HiRes qw(usleep);
use Time::Local;
BEGIN {
require Exporter;
use vars qw($VERSION @ISA @EXPORT_OK);
use DBI;
# use vars qw(@ISA @EXPORT_OK);
# $ENV{DBI_TRACE}=1;
# $ENV{PERL_DBI_DEBUG}=1;
@ISA = qw(Exporter);
# exported functions
our @EXPORT_OK = qw(
&OpenConnection
&OpenSession
&ProcessLoginRequest
&ProcessLostDataRequest
&LoginUser
&decodeEncryptedPassName
&UpdateUserData
&GetUserLostData
&LogoutUser
&GetUserSessionCookie
&CheckForAuthorizedUser
&Expires
$LoggedOn_user_id
&GetLoggedOnUserId
$attempts
$adminaccess
&Now
&CheckValidLoginChar
&CheckValidEmailChar
&print_md5_javascript);
$VERSION = '0.0.1';
}
# $LoggedOn_user_id
# package globals
#use vars qw($dbh $session $sessionname);
#use vars qw($dbh $session);
my $dbh = "";
my $session = '';
my $sessionname = "CGISESSID";
#my $database = "assoc_mgr";
#my $sql_user_table = "users";
#my $sql_session_table = "sessions";
#my $host = "localhost";
#my $sql_username = "administrator";
#my $sql_password = "lmi2048";
my $database = "jalamior_assoc_mgr";
my $sql_user_table = "users";
my $sql_session_table = "sessions";
my $host = "localhost";
my $sql_username = "jalamior_user";
my $sql_password = "jac2175";
my $domain = $ENV{'HTTP_HOST'};
my $ipaddress = $ENV{'REMOTE_ADDR'};
my $query = new CGI;
my $dsn = "dbi:mysql:database=$database;host=$host";
my $admin_log_file = "/home/jalamior/public_html/httpsdocs/cgi-bin/logs/memberaccess.log";
#my $admin_log_file = "/srv/www/cgi-bin/logs/memberaccess.log";
#my $sessionname = "a";
#my ($dbh,$session);
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
$ENV{PATH} =~ /(.*)/ and $ENV{PATH} = $1;
#package variables
#my $mailprog = '/home/jalamior/public_html/httpsdocs/cgi-bin/lib/perl/mail/sendmail -oi';
#my $mailprog = '/usr/lib/sendmail -oi -t';
my $mailprog = '/usr/sbin/sendmail -oi -q -t';
my $session_cookie_timeout = '+7d';
my $login_timeout = 1000;
#my $seed_number = 0;
#my $seed_string = "";
our $adminaccess = 0;
our $LoggedOn_user_id = 555;
#Error Handling
BEGIN {
require 5.004;
use CGI::Carp qw(fatalsToBrowser carpout);
my $logfile = '/home/jalamior/public_html/httpsdocs/cgi-bin/logs/errorLog/errorFile.log';
open LOG, ">>$logfile" or die "Couldn't append to $logfile: $!\n";
carpout(\*LOG);
};
#-------------------------------------------------------------------------------
# Database Conection Functions
#-------------------------------------------------------------------------------
# FUNCTION: OpenConnection()
# DESCRIPTION: Connect to the MySQL database
#-------------------------------------------------------------------------------
sub OpenConnection
{
my $localtimenow = localtime(Now());
$dbh = DBI->connect($dsn,$sql_username,$sql_password)
or ErrorMessage("Could not connect to the database.");
#warn("Open Connection-JustBefore returning database handle: '$dbh' Current Time: '$localtimenow'");
return $dbh;
}
#-------------------------------------------------------------------------------
# FUNCTION: CloseConnection
# DESCRIPTION: Disconnect from the MySQL database
#-------------------------------------------------------------------------------
sub CloseConnection
{
my $localdbh = @_;
my $localtimenow = localtime(Now());
if ($localdbh){
$localdbh->disconnect();
}
elsif ($dbh) {
$dbh->disconnect();
}
#warn("Close Connection -just before exit Current Time: '$localtimenow'");
# exit(0);
}
#-------------------------------------------------------------------------------
# FUNCTION: ExecuteQuery($dbh,$SQL)
# DESCRIPTION: Executes a query against the database ($dbh) using the passed
# SQL statement $SQL and returns the result set.
#-------------------------------------------------------------------------------
sub ExecuteQuery
{
my ($SQL) = @_;
my $sth = $dbh->prepare($SQL) || ErrorMessage($SQL);
$sth->execute() || ErrorMessage($SQL);
return $sth;
}
#-------------------------------------------------------------------------------
# FUNCTION: ErrorMessage
# DESCRIPTION: Print the error message that is passed and we also output to a log.
#-------------------------------------------------------------------------------
sub ErrorMessage
{
my $message = shift;
print qq|$message\n $DBI::errstr|;
# CloseConnection();
}
#-------------------------------------------------------------------------------
# FUNCTION: OpenSession($dbh, $sid)
# Opens existing session or creates new depending on $sid
#-------------------------------------------------------------------------------
sub OpenSession{
my ($dbh, $sid)= @_;
$session = new CGI::Session("driver:MySQL", $sid, {Handle=>$dbh, LockHandle=>$dbh});
return $session;
}
#-------------------------------------------------------------------------------
# User Requests for Login,Update Data and Missing Data
#-------------------------------------------------------------------------------
# FUNCTION: ProcessLogonRequest($query)
# DESCRIPTION: Client requests log in: create session and send encryption data
#-------------------------------------------------------------------------------
sub ProcessLoginRequest
{
my ($query) = @_;
my $status = 0;
# $sessionname = 'CGISESSID';
# my %cookies = CGI::Cookie->fetch;
# my $sid = $cookies{$sessionname}->value;
my $sid = GetUserSessionCookie();
warn("ProcessLoginRequest Query: '$query'");
warn("ProcessLoginRequest SID from cookie: '$sid'");
#Check if it got valid return from fetch cookie
if ($sid ne 0){
$status = 1;
}
#Or, check if valid return from cgi query
elsif($query){
# if (exists $query{$sessionname}){
$sid = $query->param($sessionname);
if ($sid){
#warn("ProcessLogin Request SID from Query: '$sid'");
$status = 1;
}
else{
$sid = undef;
$status = 2;
}
}
else {
#Set up for creating a new session
$sid = undef;
$status = 2;
}
# $sid = '7032f2c7f5a2c721a483dc75fc29595e';
warn("SID befor new session : '$sid'");
$session = new CGI::Session("driver:MySQL", $sid, {Handle=>$dbh});
#warn("session = '$session'");
OpenSession($dbh,$sid);
$session->param("##",0);
$session->param("isloggedin",0);
$session->flush();
$sid = $session->id();
#warn("ProcessLogin Request SID from from session create: '$sid'");
my $sessiondata1 = $sid; #id created by CGI::Session;
if ($status == 1) {
#warn("Process Login returning after confirmed already logged in: status: '$status' sessionname: '$sessionname' SID: '$sid'");
my $username1 = $session->param("user_id");
warn("username1 : '$username1'");
#my ($digits) = $text =~ /(\d+)/;
#my ($user_id) = $username1 =~ /(\d+)/;
#my $text = $username1;
#$text =~ m/(\d+)/;
#my $num = $1;
#warn("num: '$num'");
#$username1 =~ m/(\d+)/;
$LoggedOn_user_id = $username1;
warn("Already logged on LoggedOn_user_id : '$LoggedOn_user_id'");
#$LoggedOn_user_id = 428;
$adminaccess = ($username1 eq "admin");
warn("username1: '$username1'");
#warn("adminaccess: '$adminaccess'");
$session->param("isloggedin",1);
$session->param('timein', time());
$session->flush();
return (1, "Your previous session is still valid. You are now logged in.", $sid, 0);
}
=for comment
# $sid = '7032f2c7f5a2c721a483dc75fc29595e';
$session = new CGI::Session("driver:MySQL", $sid, {Handle=>$dbh});
#warn("session = '$session'");
OpenSession($dbh,$sid);
$session->param("##",0);
$session->param("isloggedin",0);
$session->flush();
$sid = $session->id();
#warn("ProcessLogin Request SID from from session create: '$sid'");
#my $sessiondata1 = $sid; #id created by CGI::Session;
=cut
#warn("Process Login after verify not logged in and new session: status: '$status' sessionname: '$sessionname' SID: '$sid'");
#Random hash for encoding password
my $seed_number = CreateRandomSequence(10, 1);
my $seed_string = CreateRandomSequence(10, 0);
my $sessiondata2 = md5_hex($ipaddress . $seed_number . $seed_string);
$session->param('sessiondata2',$sessiondata2);
$session->expires('+7d');
# Expires($session, Now() + 600);
$session->flush();
my $localtimenow = localtime(Now());
#warn("Process Login Request localtime(rightnow) = '$localtimenow'");
return (2, $sessionname, $sessiondata1, $sessiondata2);
}