Okay I know already that the code I’m going to post here is quite a big mess: it will work under
some circumstances but it’s buggy and insecure. I will update this post as soon as I figure out
how to make this code better (expecially the UserSession part).
Users go to the af_users table, where the password is stored as clear text. Even if that’s bad
practice it’s easy to fix and it’s not the issue here… there are bigger problems!
Then I’m creating a Sentosa::Users package that contains functions to manage users.
At the moment it’s like this:
then I will add change password, groups managements, or other useful funcions.
Here’s where I should do some improvements otherwise it’s easy to hack cookies and get a working session without the need of getting authenticated.
Sessions goes in the af_sessions table:
and the Sentosa::UserSessions package is like this:
On base.mp I’m checking if username and passwords are provided. If they are I will call auth_user
to see if they are correct, and if they are I will create a new session.
Then I will check the provided session (if any) to see if it’s still valid (here’s some extra work
is required) and if it is not expired. Here’s the final code, but I know already that I should move
some parts outside in a proper package:
Okay I’m not too proud of this code, I know it’s not high quality, but at least I could move on and see my application working.
I’ll come back to this code at a later time.