Show
Ignore:
Timestamp:
08.05.2013 20:27:02 (7 years ago)
Author:
ak19
Message:

Authentication at perl level for when setting user-added comments. 1. metadata-server.plnow encrypts the key, so that it can be checked against what's in the key db. 2. gdslCGI.pm now has an encrypt_key subroutine. 3. baseaction.pm's authentication_enabled is turned on and the authenticate_user() subroutine now follows recpt's userdb.cpp::check_key by first checking for a given key when no password is given, and if the key validates and isn't stale, then its timestamp in the key db is updated. The code for checking the group that the user belongs to (which had been commented out since user comments can be set by anyone with a GS account, they don't need to belong to a collection editing group) has been moved to a new function called check_group, with the line calling it commented out. 4. style.dm passes in un and ky cgi args to the gsapi object's constructor. 5. gsajaxapi.js's constructor takes the un and ky parameters and then uses these in the Get and Post methods when making calls to metadata-server.pl.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/web/script/gsajaxapi.js

    r27313 r27318  
    11 
    2 function GSAjaxAPI(gwcgi,collect)  
     2function GSAjaxAPI(gwcgi,collect,un,ky)  
    33{ 
    44    var gwcgi_   = gwcgi; 
    55    var collect_ = collect; 
     6    var un_ = un; 
     7    var ky_ = ky; 
    68 
    79 
     
    101103    } 
    102104 
     105       if(un_ != null) { 
     106       url += "&un=" + un_; 
     107       } 
     108       if(ky_ != null) { 
     109       url += "&ky=" + ky_; 
     110       } 
     111        
    103112    xmlHttp.open("GET",url,true); 
    104113    xmlHttp.send(null); 
     
    130139         } 
    131140       } 
     141 
     142       if(un_ != null) { 
     143       url += "&un=" + un_; 
     144       } 
     145       if(ky_ != null) { 
     146       url += "&ky=" + ky_; 
     147       } 
    132148     
    133149       xmlHttp.open("GET",url,false); 
     
    178194//        } 
    179195//    } 
     196     
     197    if(un_ != null) { 
     198    params += "&un=" + un_; 
     199    } 
     200    if(ky_ != null) { 
     201    params += "&ky=" + ky_; 
     202    } 
    180203 
    181204    xmlHttp.send(params); // needs to be escaped/encoded 
    182205 
     206    //alert(scriptURL + "?" + params); 
    183207    //alert(xmlHttp.responseText); // if synchronous, process xmlHttp.responseText AFTER send() call 
    184208    return xmlHttp.responseText;