Overview
Comment: | Added obfuscated set/get |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
544afe46f926edc8f9a12aff17d51fbf |
User & Date: | matt on 2017-03-13 06:30:11 |
Other Links: | manifest | tags |
Context
2017-03-31
| ||
02:47 | Replaced use of regex with substring-index for form parsing. Former use was quite broken treating incoming data as the regex. check-in: 0d4c0dc2fe user: matt tags: trunk, 2017-ww40 | |
2017-03-13
| ||
06:30 | Added obfuscated set/get check-in: 544afe46f9 user: matt tags: trunk | |
2017-03-11
| ||
12:03 | Added s:get-inp which does s:get-input falling back to s:get-param if no input var exists check-in: 962faddbed user: matt tags: trunk | |
Changes
Modified misc-stml.scm from [9856caabb9] to [512a2ac1ef].
︙ | ︙ | |||
101 102 103 104 105 106 107 | (loop (car tail) (cdr tail) newresult (car argtail) (cdr argtail))))))))) | > > > | | 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 | (loop (car tail) (cdr tail) newresult (car argtail) (cdr argtail))))))))) ;;====================================================================== ;; M I S C S T R I N G S T U F F ;;====================================================================== (define (s:string-downcase str) (if (string? str) (string-translate str "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz") str)) ;; (define session:valid-chars "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") (define session:valid-chars "abcdefghijklmnopqrstuvwxyz0123456789") ;; cookies are case insensitive. |
︙ | ︙ | |||
133 134 135 136 137 138 139 | ;; (define (s:crypt-passwd pw s) (c:crypt pw (or s (c:crypt-gensalt)))) (define (s:password-match? password crypted) (let* ((salt (substring crypted 0 2)) (pcrypted (s:crypt-passwd password salt))) | | | 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 | ;; (define (s:crypt-passwd pw s) (c:crypt pw (or s (c:crypt-gensalt)))) (define (s:password-match? password crypted) (let* ((salt (substring crypted 0 2)) (pcrypted (s:crypt-passwd password salt))) ;; (s:log "INFO: pcrypted=" pcrypted " crypted=" crypted) (and (string? password) (string? pcrypted) (string=? pcrypted crypted)))) ;; (read-line (open-input-pipe "echo foo | mkpasswd -S ab -s")) (define (s:error-page . err) |
︙ | ︙ |
Modified setup.scm from [4c7036352c] to [1b8611c4ba].
︙ | ︙ | |||
90 91 92 93 94 95 96 97 98 99 100 101 102 103 | (session:del! s:session "*sessionvars*" key)) (define s:session-var-delete! s:session-var-del!) ;; utility to get all vars as hash table (define (s:session-get-sessionvars) (sdat-get-sessionvars s:session)) ;; inputs ;; ;; param: (dtype [tag1 tag2 ...]) ;; dtype: ;; 'raw : do no conversion ;; 'number : convert to number, return #f if fails | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 | (session:del! s:session "*sessionvars*" key)) (define s:session-var-delete! s:session-var-del!) ;; utility to get all vars as hash table (define (s:session-get-sessionvars) (sdat-get-sessionvars s:session)) ;; to obscure and indirect database ids use one time keys ;; ;; (s:get-key 'n 1) => "n99e1882" n=number 99e is the week number since 1970, remainder is random ;; (s:key->val "n1882") => 1 ;; ;; first letter is a type: n=number, s=string, b=boolean (define (s:get-key key-type val) (let ((mkrandstr (lambda (innum)(number->string (random innum) 16))) (week (number->string (quotient (current-seconds) (* 7 24 60 60)) 16))) (let loop ((siz 1000) (key (conc key-type week (mkrandstr 100))) (num 0)) (if (s:session-var-get key) ;; have a collision (loop (cond ;; in the unlikey event we have trouble getting a new var, keep increasing the size of the number ((< num 50) 100) ((< num 100) 1000) ((< num 200) 10000) ((< num 300) 100000) ((< num 400) 1000000) ;; can't imagine needing to get here. remember that this is for a single user (else 100000000)) (conc key-type (mkrandstr siz)) (+ num 1)) (begin (s:session-var-set! key val) key))))) ;; given a key Xnnnn, look up the stored value and convert it appropriately, then ;; destroy the stored session var ;; (define (s:key->val key) (let ((val (s:session-var-get key)) (typ (string->symbol (substring key 0 1)))) (if val (begin (s:session-var-del! key) ;; we take this opportunity to clean up old keyed session vars ;; if more than 100 vars, remove all that are over 1-2 weeks old ;(s:cleanup-session-vars) (case typ ((n)(string->number val)) ((s) val) (else val))) val))) ;; clean up session vars ;; (define (s:cleanup-session-vars) (let* ((session-vars (hash-table-keys (s:session-get-sessionvars))) (week-num (quotient (current-seconds) (* 7 24 60 60))) (week (number->string week-num 16))) (if (> (length session-vars) 100) (for-each (lambda (var) (if (> (string-length var) 5) ;; can't have keyed values with keys less than 5 characters long (let ((var-week (string->number (substring var 1 4) 16))) (if (and var-week (>= (- week-num var-week) 2)) (s:session-var-del! var))))) session-vars)))) ;; inputs ;; ;; param: (dtype [tag1 tag2 ...]) ;; dtype: ;; 'raw : do no conversion ;; 'number : convert to number, return #f if fails |
︙ | ︙ |