From: Jean-Marc Pigeon <jmp@safe.c>
Date: Thu, 4 Sep 2025 10:48:53 +0000 (-0400)
Subject: Starting to extract cookies from database
X-Git-Tag: end-0.15~33
X-Git-Url: https://jmp-git.ovh.safe.ca/?a=commitdiff_plain;h=a63b8faf960625fc17a24a7e540bca2ece6f27f0;p=jmp%2Fmailleur

Starting to extract cookies from database
---

diff --git a/www/gessql.php b/www/gessql.php
index 74de8bb..9dbd47b 100644
--- a/www/gessql.php
+++ b/www/gessql.php
@@ -13,16 +13,16 @@ include_once "devsql.php";
 //      Function to check if password is the right one
 //
 //==============================================================
-function checkpassword($dbsql,$logname,$password)
+function sql_checkpassword($dbsql,$logname,$password)
 
 {
-$OPEP="gessql.php:checkpassword";
+$OPEP="gessql.php:sql_checkpassword";
   
 $isgood=false;
 $phase=0;
 $proceed=true;
 while ($proceed==true) {
-  rou_alert(0,"$OPEP, JMPDBG phase=$phase");
+  //rou_alert(0,"$OPEP, JMPDBG phase=$phase");
   switch ($phase) {
     case 0      :       //do we have both logname and password
       if ($logname=="" || $password=="") {
@@ -33,7 +33,7 @@ while ($proceed==true) {
     case 1      :       //extracting crypted password
       $stmt=$dbsql->Select("Select * from emails where email='$logname'");
       $dbpass=$stmt->fetch(PDO::FETCH_ASSOC)['password'];
-      if ($dbpass==null) { //is user known?
+      if ($dbpass==NULL) { //is user known?
         rou_alert(0,"$OPEP, logname=<$logname> missing from database");
         $phase=999;     //user unknown, trouble trouble
         }
@@ -63,4 +63,49 @@ while ($proceed==true) {
 return $isgood;
 }
 
+//==============================================================
+//
+//      Function to get a log name if a cookie is available
+//
+//==============================================================
+function sql_getlogname($dbsql)
+
+{
+$OPEP="gessql.php:sql_getlogname";
+
+$logname=NULL;
+$cookie=$_COOKIE['mailleur']; 
+$phase=0;
+$proceed=true;
+while ($proceed==true) {
+  rou_alert(0,"$OPEP, JMPDBG phase=$phase");
+  switch ($phase) {
+    case 0      :       //do we have a cookie
+      if ($cookie==NULL)
+        $phase=999;
+      break;
+    case 1      :       //is the cookie within database
+      $cookie=htmlspecialchars($cookie);
+      $stmt=$dbsql->Select("Select * from cookies where cookuuid='$cookie'");
+      $expire=$stmt->fetch(PDO::FETCH_ASSOC)['expire'];
+      rou_alert(0,"$OPEP, cookie expire=<$expire>");
+      break;
+    case 2      :       //extracting logname
+      $stmt=$dbsql->Select("Select * from cookies where cookuuid='$cookie'");
+      $logname=$stmt->fetch(PDO::FETCH_ASSOC)['email'];
+      rou_alert(0,"$OPEP, cookie logname=<$logname>");
+      if ($logname==NULL) { //is user known?
+        rou_alert(0,"$OPEP, cookie <$cookie> not found in DB");
+        $phase=999;
+        }
+      break;
+    default     :       //SAFE Guard
+      $proceed=false;
+      break;
+    }
+  $phase++;
+  }
+rou_alert(0,"$OPEP, now logname=<$logname>");
+return $logname;
+}
 ?>
diff --git a/www/home.php b/www/home.php
index 9196aaa..8a65e60 100644
--- a/www/home.php
+++ b/www/home.php
@@ -45,7 +45,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
   $pass=$_POST["passwd"];
   $logname=$_POST["email"];
   $dbsql=sql_connect();
-  $isok=checkpassword($dbsql,$logname,$pass);
+  $isok=sql_checkpassword($dbsql,$logname,$pass);
   sql_close($dbsql);
   switch ($isok) {
     case false  :       //trouble report
diff --git a/www/mailleur.php b/www/mailleur.php
index 6085466..23ed234 100644
--- a/www/mailleur.php
+++ b/www/mailleur.php
@@ -5,21 +5,17 @@
 //	Main screen management
 //
 //==============================================================
-
-define('JMPDBG','1');
+include_once "subrou.php";
+include_once "unienv.php";
+include_once "scrfun.php";
+include_once "gessql.php";
 
 //section to generate the main screen body
-function body($action,$logname,$pass)
+function body($logname)
 
 {
-include_once "subrou.php";
-include_once "unienv.php";
-include_once "scrfun.php";
-include_once "devsql.php";
-$footer=footer("mailleur");
+$footer=footer(getenv("APPNAME"));
 $cook=$_COOKIE[getenv("APPNAME")];
-rou_closelog();
-
 
 $STR  = <<<EOT
 <!DOCTYPE html>
@@ -32,11 +28,7 @@ $STR  = <<<EOT
 <CENTER><STRONG><FONT SIZE=+2 color=red>
 Within mailleur
 <BR>
-action=$action
-<BR>
-Login=$logname
-<BR>
-Password=$pass
+LOGNAME=$logname
 <BR>
 The cookies=$cook
 <BR>
@@ -51,13 +43,18 @@ EOT;
 return $STR;
 }
 
-$epost="_POST";
-$action=${$epost}["action"];
-$logname=${$epost}["email"];
-$pass=${$epost}["passwd"];
 
-//display main screen
-echo body($action,$logname,$pass);
+$dbsql=sql_connect();
+$logname=sql_getlogname($dbsql);
+sql_close($dbsql);
+rou_closelog();
+
+if ($logname!=NULL) {
+  echo body($logname);
+  }
+else {
+  header('Location: home.php');
+  }
 ?>