1
# IVLE - Informatics Virtual Learning Environment
2
# Copyright (C) 2007-2008 The University of Melbourne
4
# This program is free software; you can redistribute it and/or modify
5
# it under the terms of the GNU General Public License as published by
6
# the Free Software Foundation; either version 2 of the License, or
7
# (at your option) any later version.
9
# This program is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU General Public License for more details.
14
# You should have received a copy of the GNU General Public License
15
# along with this program; if not, write to the Free Software
16
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18
# Module: dispatch.login
22
# Provides services for checking logins and presenting the login page.
24
from mod_python import (util, Session)
26
from auth import authenticate
29
"""Determines whether the user is logged in or not (looking at sessions),
30
and if not, presents the login page. Returns a String username, or None
33
If the user was already logged in, nothing is written to req. Returns
34
a string of the username.
36
If the user was not logged in, but manages to authenticate due to
37
included postdata with a valid username/password, throws a redirect
38
back to the same page (to avoid leaving POSTDATA in the browser).
40
If the user is not logged in, or fails to authenticate, a full page is
41
written to req. Returns None. The caller should immediately terminate.
43
session = req.get_session()
45
# Check the session to see if someone is logged in. If so, go with it.
46
# No security is required here. You must have already been authenticated
47
# in order to get a 'login_name' variable in the session.
49
return session['login_name']
54
# Check if there is any postdata containing login information
55
if req.method == 'POST':
56
fields = req.get_fieldstorage()
57
username = fields.getfirst('user')
58
password = fields.getfirst('pass')
59
if username is not None:
60
# From this point onwards, we will be showing an error message
63
if (password is not None and
64
authenticate.authenticate(username.value, password.value)):
65
# Success - Set the session and redirect to avoid POSTDATA
66
session['login_name'] = username.value
68
req.throw_redirect(req.uri)
72
# User is not logged in. Present the login box.
73
# Give a 403 Forbidden status, but present a full HTML login page
74
# instead of the usual 403 error.
75
req.status = req.HTTP_FORBIDDEN
76
req.content_type = "text/html"
78
req.write_html_head_foot = True
80
# Write the HTML for the login page
81
# If badlogin, display an error message indicating a failed login
82
req.write("""<p>Welcome to the Informatics Virtual Learning Environment.
83
Please log in to access your files and assessment.</p>""")
85
req.write("""<p class="error">Invalid username or password.</p>""")
86
req.write("""<form action="" method="post">
88
<tr><td>Username:</td><td><input name="user" type="text" /></td></tr>
89
<tr><td>Password:</td><td><input name="pass" type="password" /></td></tr>
90
<tr><td colspan="2"><input type="submit" value="Login" /></td></tr>
97
def get_username(req):
98
"""Gets the name of the logged in user, without presenting a login box
99
or attempting to authenticate.
100
Returns None if there is no user logged in.
102
session = req.get_session()
104
# Check the session to see if someone is logged in. If so, go with it.
105
# No security is required here. You must have already been authenticated
106
# in order to get a 'login_name' variable in the session.
108
return session['login_name']