From 708c592244acc163580a3ef415aba90d5f57dc17 Mon Sep 17 00:00:00 2001
From: Jean-Marc Pigeon <jmp@safe.c>
Date: Wed, 3 Sep 2025 15:17:35 -0400
Subject: [PATCH] Starting to have cookies operationnal

---
 sql/mailleur.sql | 12 ++++++++++
 www/cookies.php  | 25 +++++++++++++++++++++
 www/devsql.php   |  8 +++----
 www/gessql.php   | 58 ++++++++++++++++++++++++++++++++++++++++++++++++
 www/home.php     | 55 +++++++++++++--------------------------------
 5 files changed, 113 insertions(+), 45 deletions(-)
 create mode 100644 www/cookies.php
 create mode 100644 www/gessql.php

diff --git a/sql/mailleur.sql b/sql/mailleur.sql
index 32aebca..1010ee0 100644
--- a/sql/mailleur.sql
+++ b/sql/mailleur.sql
@@ -141,6 +141,18 @@ CREATE TABLE aliases	(
 	);
 CREATE INDEX aliases_id_ndx ON aliases(email);
 
+//List all currently opened cookies
+CREATE TABLE cookies	(
+	cookuuid	TEXTUNIQUE,	//cookies unique id
+	email		TEXT,		//user email address
+	expire		DBTIMESTAMP	//cookies date limit
+	);
+
+//List emails address with admin capablities
+CREATE TABLE admins	(
+	email		TEXT		//user email address
+	);
+
 //--------------------------------------------------------------
 //Defining TRIGGER fonctions according database type
 //--------------------------------------------------------------
diff --git a/www/cookies.php b/www/cookies.php
new file mode 100644
index 0000000..99f16f1
--- /dev/null
+++ b/www/cookies.php
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<?php
+    setcookie("Auction_Item", "cheap Car",time()+2*24*60*60,"/");
+?>
+<html>
+<body>
+    <?php
+    if (isset($_COOKIE["Auction_Item"]))
+    {
+        echo "Auction Item is a  " . $_COOKIE["Auction_Item"];
+    }
+    else
+    {
+        echo "No items for auction.";
+    }
+    ?>
+    <p>
+        <strong>Note:</strong> 
+        You might have to reload the 
+        page to see the value of the cookie.
+    </p>
+
+</body>
+</html>
+
diff --git a/www/devsql.php b/www/devsql.php
index 0ec524e..be9e5f6 100644
--- a/www/devsql.php
+++ b/www/devsql.php
@@ -2,10 +2,11 @@
 // vim: smarttab tabstop=8 shiftwidth=2 expandtab
 //==============================================================
 //
-//	To dispatch all data base access according database type
+//	To do data access basic function
 //
 //==============================================================
 include_once "subrou.php";
+include_once "unienv.php";
 
 class devsql     {
   public $connection = null;
@@ -30,8 +31,7 @@ class devsql     {
   // Select a row/s in a Database Table
   public function Select($statement = "",$parameters = []) {
     try {
-      $stmt=$this->executeStatement($statement,$parameters);
-      return $stmt->fetch(PDO::FETCH_ASSOC)['password'];
+      return $this->executeStatement($statement,$parameters);
     } catch(Exception $e) {
       throw new Exception($e->getMessage());
       }
@@ -119,6 +119,4 @@ $dbtype=getenv("DB_TYPE");
 }
 
 
-include_once "subrou.php";
-
 ?>
diff --git a/www/gessql.php b/www/gessql.php
new file mode 100644
index 0000000..c982ce2
--- /dev/null
+++ b/www/gessql.php
@@ -0,0 +1,58 @@
+<?php
+// vim: smarttab tabstop=8 shiftwidth=2 expandtab
+//==============================================================
+//
+//	To access data within the database
+//
+//==============================================================
+include_once "subrou.php";
+include_once "devsql.php";
+
+//==============================================================
+//
+//      Function to check if password is the right one
+//
+//==============================================================
+function checkpassword($dbsql,$logname,$password)
+
+{
+$OPEP="gessql.php:checkpassword";
+  
+$isgood=false;
+$phase=0;
+$proceed=true;
+while ($proceed==true) {
+  rou_alert(0,"$OPEP, JMPDBG phase=$phase");
+  switch ($phase) {
+    case 0      :       //do we have both logname and password
+      if ($logname=="" || $password=="") {
+        rou_alert(0,"$OPEP, logname=<$logname> or password=<$password> missing!");
+        $phase=999;     //trouble trouble
+        }
+      break;
+    case 1      :       //extracting crypted password
+      $stmt=$dbsql->Select("Select * from emails where email='$logname'");
+      $dbpass=$stmt->fetch(PDO::FETCH_ASSOC)['password'];
+      if ($dbpass==null) { //is user known?
+        rou_alert(0,"$OPEP, logname=<$logname> missing from database");
+        $phase=999;     //user unknown, trouble trouble
+        }
+      break;
+    case 2      :       //extracting user crypted password
+      rou_alert(0,"$OPEP, JMPDBG dbpass=$dbpass");
+      break;
+    case 3      :       //compare crypted password adn given password
+      break;
+    case 4      :       //everything fine
+      $isgood=true;
+      break;
+    default     :       //SAFE Guard
+      $proceed=false;
+      break;
+    }
+  $phase++;
+  }
+return $isgood;
+}
+
+?>
diff --git a/www/home.php b/www/home.php
index 2892a6d..9ac1def 100644
--- a/www/home.php
+++ b/www/home.php
@@ -3,42 +3,7 @@
 include_once "subrou.php";
 include_once "unienv.php";
 include_once "scrfun.php";
-include_once "devsql.php";
-
-//==============================================================
-//
-//      Function to check if password is OK
-//
-//==============================================================
-function checkpass($logname,$passwd)
-
-{
-$phase=0;
-$proceed=true;
-while ($proceed==true) {
-  switch ($phase) {
-    case 0      :       //do we have 
-      if ($logname=="" || $passwd=="") {
-        echo "<script>";
-        echo "alert('username or password missing. Please try again.');";
-        echo "</script>";
-        $phase=999;
-        }
-      break;
-    case 1      :       //extracting user passwd
-      $dbsql=sql_connect();
-      $data=$dbsql->Select("Select * from emails where email='$logname'");
-      sql_close($dbsql);
-      setcookie("ABC","myuuid",time()+(86400*1),"/");
-      header('Location: mailleur.php');
-      break;
-    default     :
-      $proceed=false;
-      break;
-    }
-  $phase++;
-  }
-}
+include_once "gessql.php";
 
 //section to generate the main screen body
 //
@@ -77,12 +42,22 @@ return $STR;
 $logname="U1";
 $pass="P1";
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
-  $dbsql=sql_connect();
-  $data=$dbsql->Select("Select * from emails where email='$logname'");
-  sql_close($dbsql);
   $pass=$_POST["passwd"];
   $logname=$_POST["email"];
-  checkpass($logname,$pass);
+  $dbsql=sql_connect();
+  $isok=checkpassword($dbsql,$logname,$pass);
+  sql_close($dbsql);
+  switch ($isok) {
+    case false  :       //trouble report
+      echo "<script>";
+      echo "alert('wrong username or password. Please try again.');";
+      echo "</script>";
+      break;
+    default     :
+      setcookie("ABC","myuuid",time()+(86400*1),"/");
+      header('Location: mailleur.php');
+      break;
+    }
   }
 
 //display main screen
-- 
2.47.3