def __auth__(req, user, passwd): return (user == cfg.WWW_USER and crypto.check_passwd_md5(passwd, cfg.WWW_PASSWD))
def login(req, vserver_name, message=''): if req.method == 'POST': # someone is trying to login fs = util.FieldStorage(req) userid = fs.getfirst('userid') passwd = fs.getfirst('passwd') uri = fs.getfirst('uri') vservers = vsutil.list_vservers() if ((vserver_name == userid and vservers.has_key(vserver_name) and vds.checkpw(vserver_name, userid, passwd)) or # root (userid == SUPER and vds.checkpw('/', userid, passwd)) or # superuser (userid == cfg.PANEL_SUPERUSER and crypto.check_passwd_md5(passwd, cfg.PANEL_SUPERUSER_PW))): # plant the cookie key = _read_priv_key() cookie = RSASignedCookie.RSASignedCookie('openvps-user', "%d:%s" % (time.time(), userid), key) cookie.path = '/' Cookie.add_cookie(req, cookie) if uri and not uri.endswith('login'): util.redirect(req, str(uri)) else: util.redirect(req, '/admin/%s/status' % vserver_name) else: message = 'invalid login or password' # if we got here, either it's not a POST or login failed # it's possible that some qargs were passed in qargs = {} if req.args: qargs = util.parse_qs(req.args) if qargs.has_key('m'): if not message: if qargs['m'][0] == '1': message = 'please log in' elif qargs['m'][0] == '2': message = 'session time-out, please log in again' if qargs.has_key('url'): url = qargs['url'][0] else: url = req.uri body_tmpl = _tmpl_path('login_body.html') body_vars = {'message':message, 'url':url} vars = {'global_menu': '', 'body':psp.PSP(req, body_tmpl, vars=body_vars), 'name':''} p = psp.PSP(req, _tmpl_path('main_frame.html'), vars=vars) p.run() return apache.OK
def login(req, vserver_name, message=''): if req.method == 'POST': # someone is trying to login fs = util.FieldStorage(req) userid = fs.getfirst('userid') passwd = fs.getfirst('passwd') uri = fs.getfirst('uri') vservers = vsutil.list_vservers() if ((vserver_name == userid and vservers.has_key(vserver_name) and vds.checkpw(vserver_name, userid, passwd)) or # root (userid == SUPER and vds.checkpw('/', userid, passwd)) or # superuser (userid == cfg.PANEL_SUPERUSER and crypto.check_passwd_md5(passwd, cfg.PANEL_SUPERUSER_PW))): # plant the cookie key = _read_priv_key() cookie = RSASignedCookie.RSASignedCookie( 'openvps-user', "%d:%s" % (time.time(), userid), key) cookie.path = '/' Cookie.add_cookie(req, cookie) if uri and not uri.endswith('login'): util.redirect(req, str(uri)) else: util.redirect(req, '/admin/%s/status' % vserver_name) else: message = 'invalid login or password' # if we got here, either it's not a POST or login failed # it's possible that some qargs were passed in qargs = {} if req.args: qargs = util.parse_qs(req.args) if qargs.has_key('m'): if not message: if qargs['m'][0] == '1': message = 'please log in' elif qargs['m'][0] == '2': message = 'session time-out, please log in again' if qargs.has_key('url'): url = qargs['url'][0] else: url = req.uri body_tmpl = _tmpl_path('login_body.html') body_vars = {'message': message, 'url': url} vars = { 'global_menu': '', 'body': psp.PSP(req, body_tmpl, vars=body_vars), 'name': '' } p = psp.PSP(req, _tmpl_path('main_frame.html'), vars=vars) p.run() return apache.OK