Responsive web Framework

FUNCTIONALITY

Login

User validation and establishment of identity cookies

NOT AVAILABLE FOR TINY SCREENS

(minimum width: 480px)

CGI execution

Once the data is entered, they are sent for verification to a cgi or script.

Scripts generally have a predefined structure. In the case of the login is the following (has been simplified for easy reading):

  1. Execution header in verification mode
  2. Flag for debug mode
  3. Loading user libraries (not always required)
  4. Importing CGI Routines
  5. Strict mode usage (recommended)
  6. System libraries loaded
  7. Parameters capture
  8. Origin validation
  9. Data validation
  10. Validation of user existence
  11. Creating identity and session cookies
  12. Return page set
  • #!/usr/bin/perl -wT
  • our $bool_DEBUG = 0;
  • use cPanelUserConfig;
  • use CGI qw(:cgi);
  • use strict;
  • require ("./captcha.cgi"); use subs qw(kptVerify);
  • my $str_fromuri = referer();
  • die() unless ($bool_DEBUG || validOrigin($str_fromuri,$str_FULLDOMAIN));
  • push (@arr_errors,"login") unless ($str_log);
  • if (!@arr_errors) { $str_pwd = encodePwd($str_pwd,envSecCode); dbQuery($str_query); }
  • if (!@arr_errors) { $cook_identity = cookie(); $cook_session = cookie(); }
  • $str_fromuri .= "&service=$str_adminserviceID&admin=$str_admID&action=c" if ($cook_identity && $cook_session);
  • if (!@arr_errors) { print redirect(-uri=>$str_fromuri,-cookie => [$cook_identity,$cook_session]); }

If the user is valid (passkey, password, captcha) two cookies are set up and redirected to the admin page (or user) where he can verify his data and last access. Otherwise, it returns to the main page, indicating the wrong fields.

Generated cookies

In case it is a valid user, two cookies are generated, one of identity and another containing information of the session.

The first one is named admin or user whichever is the case, containing the following structure:

  1. Admin ID
  2. Name
  3. Privilege level
  4. Session ID
This cookie is valid for 1 day and is valid only within the domain of the administrative control panel.

La segunda cookie se llama session y contiene la siguiente información;

  1. Clave de acceso utilizada
  2. Random data (Available for additional information)
  3. Preffered language
  4. Session ID
This will only be active for the duration of the open browser and is only valid within the domain of the administrative control panel.

In the case of users, there are small changes, as the level of privileges contained in the identity cookie carries the value of the type of user profile (in the case of administrators so far there are only two: privileged and not); as well as the scope of cookies, which in this case are the main domain and the control panel of the user.