Ignore:
Timestamp:
2013-05-08T20:27:02+12:00 (11 years ago)
Author:
ak19
Message:

Authentication at perl level for when setting user-added comments. 1. metadata-server.plnow encrypts the key, so that it can be checked against what's in the key db. 2. gdslCGI.pm now has an encrypt_key subroutine. 3. baseaction.pm's authentication_enabled is turned on and the authenticate_user() subroutine now follows recpt's userdb.cpp::check_key by first checking for a given key when no password is given, and if the key validates and isn't stale, then its timestamp in the key db is updated. The code for checking the group that the user belongs to (which had been commented out since user comments can be set by anyone with a GS account, they don't need to belong to a collection editing group) has been moved to a new function called check_group, with the line calling it commented out. 4. style.dm passes in un and ky cgi args to the gsapi object's constructor. 5. gsajaxapi.js's constructor takes the un and ky parameters and then uses these in the Get and Post methods when making calls to metadata-server.pl.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone2/web/script/gsajaxapi.js

    r27313 r27318  
    11
    2 function GSAjaxAPI(gwcgi,collect)
     2function GSAjaxAPI(gwcgi,collect,un,ky)
    33{
    44    var gwcgi_   = gwcgi;
    55    var collect_ = collect;
     6    var un_ = un;
     7    var ky_ = ky;
    68
    79
     
    101103    }
    102104
     105       if(un_ != null) {
     106       url += "&un=" + un_;
     107       }
     108       if(ky_ != null) {
     109       url += "&ky=" + ky_;
     110       }
     111       
    103112    xmlHttp.open("GET",url,true);
    104113    xmlHttp.send(null);
     
    130139         }
    131140       }
     141
     142       if(un_ != null) {
     143       url += "&un=" + un_;
     144       }
     145       if(ky_ != null) {
     146       url += "&ky=" + ky_;
     147       }
    132148   
    133149       xmlHttp.open("GET",url,false);
     
    178194//        }
    179195//    }
     196   
     197    if(un_ != null) {
     198    params += "&un=" + un_;
     199    }
     200    if(ky_ != null) {
     201    params += "&ky=" + ky_;
     202    }
    180203
    181204    xmlHttp.send(params); // needs to be escaped/encoded
    182205
     206    //alert(scriptURL + "?" + params);
    183207    //alert(xmlHttp.responseText); // if synchronous, process xmlHttp.responseText AFTER send() call
    184208    return xmlHttp.responseText;
Note: See TracChangeset for help on using the changeset viewer.