version 0.3.13

[fms.git] / src / http / ipagehandler.cpp

diff --git a/src/http/ipagehandler.cpp b/src/http/ipagehandler.cpp
index 9048d98..c9e4a1a 100644 (file)
--- a/src/http/ipagehandler.cpp
+++ b/src/http/ipagehandler.cpp
@@ -1,8 +1,14 @@
 #include "../../include/http/ipagehandler.h"\r
 #include "../../include/stringfunctions.h"\r
 #include "../../include/http/multipartparser.h"\r
+#include "../../include/db/sqlite3db.h"\r
 \r
 #include <Poco/Net/HTMLForm.h>\r
+#include <Poco/UUIDGenerator.h>\r
+#include <Poco/UUID.h>\r
+#include <Poco/DateTime.h>\r
+#include <Poco/DateTimeFormatter.h>\r
+#include <Poco/Timespan.h>\r
 \r
 #include <cstring>\r
 \r
@@ -35,6 +41,28 @@ void IPageHandler::CreateArgArray(const std::map<std::string,std::string> &vars,
        }\r
 }\r
 \r
+const std::string IPageHandler::CreateFormPassword()\r
+{\r
+       Poco::DateTime date;\r
+       Poco::UUIDGenerator uuidgen;\r
+       Poco::UUID uuid;\r
+       try\r
+       {\r
+               uuid=uuidgen.createRandom();\r
+       }\r
+       catch(...)\r
+       {\r
+       }\r
+\r
+       SQLite3DB::Statement st=SQLite3DB::DB::Instance()->Prepare("INSERT INTO tmpFormPassword(Date,Password) VALUES(?,?);");\r
+       st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));\r
+       st.Bind(1,uuid.toString());\r
+       st.Step();\r
+\r
+       return "<input type=\"hidden\" name=\"formpassword\" value=\""+uuid.toString()+"\">";\r
+\r
+}\r
+\r
 const std::string IPageHandler::CreateTrueFalseDropDown(const std::string &name, const std::string &selected)\r
 {\r
        std::string rval="";\r
@@ -123,3 +151,49 @@ const std::string IPageHandler::SanitizeOutput(const std::string &input)
        output=StringFunctions::Replace(output," ","&nbsp;");\r
        return output;\r
 }\r
+\r
+const bool IPageHandler::ValidateFormPassword(const std::map<std::string,std::string> &vars)\r
+{\r
+       Poco::DateTime date;\r
+       date-=Poco::Timespan(0,1,0,0,0);\r
+\r
+       SQLite3DB::Statement st=SQLite3DB::DB::Instance()->Prepare("DELETE FROM tmpFormPassword WHERE Date<?;");\r
+       st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));\r
+       st.Step();\r
+\r
+       std::map<std::string,std::string>::const_iterator i=vars.find("formpassword");\r
+       if(i!=vars.end())\r
+       {\r
+               st=SQLite3DB::DB::Instance()->Prepare("SELECT COUNT(*) FROM tmpFormPassword WHERE Password=?;");\r
+               st.Bind(0,(*i).second);\r
+               st.Step();\r
+               if(st.RowReturned())\r
+               {\r
+                       if(st.ResultNull(0)==false)\r
+                       {\r
+                               int rval=0;\r
+                               st.ResultInt(0,rval);\r
+                               if(rval>0)\r
+                               {\r
+                                       return true;\r
+                               }\r
+                               else\r
+                               {\r
+                                       return false;\r
+                               }\r
+                       }\r
+                       else\r
+                       {\r
+                               return false;\r
+                       }\r
+               }\r
+               else\r
+               {\r
+                       return false;\r
+               }\r
+       }\r
+       else\r
+       {\r
+               return false;\r
+       }\r
+}\r