X-Git-Url: https://git.pterodactylus.net/?p=fms.git;a=blobdiff_plain;f=src%2Fhttp%2Fipagehandler.cpp;fp=src%2Fhttp%2Fipagehandler.cpp;h=c9e4a1a0077df3d8d3dba2cf68ed1746ad16daa4;hp=9048d9824f49c55f532c9323d9331c732fcbf3fa;hb=fcb124f8d6d3f5678e82049fb8e5e23c8cfaec6d;hpb=a558b16c8034966d14e1d63db44dcb952d849618

diff --git a/src/http/ipagehandler.cpp b/src/http/ipagehandler.cpp
index 9048d98..c9e4a1a 100644
--- a/src/http/ipagehandler.cpp
+++ b/src/http/ipagehandler.cpp
@@ -1,8 +1,14 @@
 #include "../../include/http/ipagehandler.h"
 #include "../../include/stringfunctions.h"
 #include "../../include/http/multipartparser.h"
+#include "../../include/db/sqlite3db.h"
 
 #include <Poco/Net/HTMLForm.h>
+#include <Poco/UUIDGenerator.h>
+#include <Poco/UUID.h>
+#include <Poco/DateTime.h>
+#include <Poco/DateTimeFormatter.h>
+#include <Poco/Timespan.h>
 
 #include <cstring>
 
@@ -35,6 +41,28 @@ void IPageHandler::CreateArgArray(const std::map<std::string,std::string> &vars,
 	}
 }
 
+const std::string IPageHandler::CreateFormPassword()
+{
+	Poco::DateTime date;
+	Poco::UUIDGenerator uuidgen;
+	Poco::UUID uuid;
+	try
+	{
+		uuid=uuidgen.createRandom();
+	}
+	catch(...)
+	{
+	}
+
+	SQLite3DB::Statement st=SQLite3DB::DB::Instance()->Prepare("INSERT INTO tmpFormPassword(Date,Password) VALUES(?,?);");
+	st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));
+	st.Bind(1,uuid.toString());
+	st.Step();
+
+	return "<input type=\"hidden\" name=\"formpassword\" value=\""+uuid.toString()+"\">";
+
+}
+
 const std::string IPageHandler::CreateTrueFalseDropDown(const std::string &name, const std::string &selected)
 {
 	std::string rval="";
@@ -123,3 +151,49 @@ const std::string IPageHandler::SanitizeOutput(const std::string &input)
 	output=StringFunctions::Replace(output," ","&nbsp;");
 	return output;
 }
+
+const bool IPageHandler::ValidateFormPassword(const std::map<std::string,std::string> &vars)
+{
+	Poco::DateTime date;
+	date-=Poco::Timespan(0,1,0,0,0);
+
+	SQLite3DB::Statement st=SQLite3DB::DB::Instance()->Prepare("DELETE FROM tmpFormPassword WHERE Date<?;");
+	st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));
+	st.Step();
+
+	std::map<std::string,std::string>::const_iterator i=vars.find("formpassword");
+	if(i!=vars.end())
+	{
+		st=SQLite3DB::DB::Instance()->Prepare("SELECT COUNT(*) FROM tmpFormPassword WHERE Password=?;");
+		st.Bind(0,(*i).second);
+		st.Step();
+		if(st.RowReturned())
+		{
+			if(st.ResultNull(0)==false)
+			{
+				int rval=0;
+				st.ResultInt(0,rval);
+				if(rval>0)
+				{
+					return true;
+				}
+				else
+				{
+					return false;
+				}
+			}
+			else
+			{
+				return false;
+			}
+		}
+		else
+		{
+			return false;
+		}
+	}
+	else
+	{
+		return false;
+	}
+}