Overview
Comment:Added obfuscated set/get
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 544afe46f926edc8f9a12aff17d51fbf6fcc8804
User & Date: matt on 2017-03-13 06:30:11
Other Links: manifest | tags
Context
2017-03-31
02:47
Replaced use of regex with substring-index for form parsing. Former use was quite broken treating incoming data as the regex. check-in: 0d4c0dc2fe user: matt tags: trunk, 2017-ww40
2017-03-13
06:30
Added obfuscated set/get check-in: 544afe46f9 user: matt tags: trunk
2017-03-11
12:03
Added s:get-inp which does s:get-input falling back to s:get-param if no input var exists check-in: 962faddbed user: matt tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Modified misc-stml.scm from [9856caabb9] to [512a2ac1ef]. 

101
102
103
104
105
106
107



108
109
110
111
112
113
114
115

                    (loop
                     (car tail)
                     (cdr tail)
                     newresult
                     (car argtail)
                     (cdr argtail)))))))))




;; random string stuff
(define (s:string-downcase str)
  (if (string? str)
      (string-translate str "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz")
      str)) 

;; (define session:valid-chars "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
(define session:valid-chars "abcdefghijklmnopqrstuvwxyz0123456789") ;; cookies are case insensitive.








>
>
>
|








101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

                    (loop
                     (car tail)
                     (cdr tail)
                     newresult
                     (car argtail)
                     (cdr argtail)))))))))

;;======================================================================
;; M I S C   S T R I N G   S T U F F
;;======================================================================

(define (s:string-downcase str)
  (if (string? str)
      (string-translate str "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz")
      str)) 

;; (define session:valid-chars "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
(define session:valid-chars "abcdefghijklmnopqrstuvwxyz0123456789") ;; cookies are case insensitive.

133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

;;
(define (s:crypt-passwd pw s)
  (c:crypt pw (or s (c:crypt-gensalt))))

(define (s:password-match? password crypted)
  (let* ((salt (substring crypted 0 2))
         (pcrypted (s:crypt-passwd password salt)))
    (s:log "INFO: pcrypted=" pcrypted " crypted=" crypted)
    (and (string? password)
         (string? pcrypted)
         (string=? pcrypted crypted))))

;; (read-line (open-input-pipe "echo foo | mkpasswd -S ab -s"))

(define (s:error-page . err)








|








136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

;;
(define (s:crypt-passwd pw s)
  (c:crypt pw (or s (c:crypt-gensalt))))

(define (s:password-match? password crypted)
  (let* ((salt (substring crypted 0 2))
         (pcrypted (s:crypt-passwd password salt)))
    ;; (s:log "INFO: pcrypted=" pcrypted " crypted=" crypted)
    (and (string? password)
         (string? pcrypted)
         (string=? pcrypted crypted))))

;; (read-line (open-input-pipe "echo foo | mkpasswd -S ab -s"))

(define (s:error-page . err)

Modified setup.scm from [4c7036352c] to [1b8611c4ba]. 

90
91
92
93
94
95
96




























































97
98
99
100
101
102
103

  (session:del! s:session "*sessionvars*" key))

(define s:session-var-delete! s:session-var-del!)

;; utility to get all vars as hash table
(define (s:session-get-sessionvars)
  (sdat-get-sessionvars s:session))





























































;; inputs
;;
;; param: (dtype [tag1 tag2 ...])
;; dtype:
;;    'raw     : do no conversion
;;    'number  : convert to number, return #f if fails








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>








90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

  (session:del! s:session "*sessionvars*" key))

(define s:session-var-delete! s:session-var-del!)

;; utility to get all vars as hash table
(define (s:session-get-sessionvars)
  (sdat-get-sessionvars s:session))

;; to obscure and indirect database ids use one time keys
;;
;;  (s:get-key 'n 1)     => "n99e1882" n=number 99e is the week number since 1970, remainder is random
;;  (s:key->val "n1882") => 1
;;
;;  first letter is a type: n=number, s=string, b=boolean
(define (s:get-key key-type val)
  (let ((mkrandstr (lambda (innum)(number->string (random innum) 16)))
	(week      (number->string (quotient (current-seconds) (* 7 24 60 60)) 16)))
    (let loop ((siz 1000)
	       (key (conc key-type week (mkrandstr 100)))
	       (num 0))
      (if (s:session-var-get key) ;; have a collision
	  (loop (cond                 ;; in the unlikey event we have trouble getting a new var, keep increasing the size of the number
		 ((< num 50)  100)
		 ((< num 100) 1000)
		 ((< num 200) 10000)
		 ((< num 300) 100000)
		 ((< num 400) 1000000) ;; can't imagine needing to get here. remember that this is for a single user
		 (else 100000000))
		(conc key-type (mkrandstr siz))
		(+ num 1))
	  (begin
	    (s:session-var-set! key val)
	    key)))))

;; given a key Xnnnn, look up the stored value and convert it appropriately, then
;; destroy the stored session var
;;
(define (s:key->val key)
  (let ((val (s:session-var-get key))
	(typ (string->symbol (substring key 0 1))))
    (if val
	(begin
	  (s:session-var-del! key)
	  ;; we take this opportunity to clean up old keyed session vars
	  ;; if more than 100 vars, remove all that are over 1-2 weeks old
					;(s:cleanup-session-vars)
	  (case typ
	    ((n)(string->number val))
	    ((s) val)
	    (else val)))
	val)))
  
;; clean up session vars
;;
(define (s:cleanup-session-vars)
  (let* ((session-vars (hash-table-keys (s:session-get-sessionvars)))
	 (week-num     (quotient (current-seconds) (* 7 24 60 60)))
	 (week         (number->string week-num  16)))
    (if (> (length session-vars) 100)
	(for-each
	 (lambda (var)
	   (if (> (string-length var) 5) ;; can't have keyed values with keys less than 5 characters long
	       (let ((var-week (string->number (substring var 1 4) 16)))
		 (if (and var-week
			  (>= (- week-num var-week) 2))
		     (s:session-var-del! var)))))
	 session-vars))))

;; inputs
;;
;; param: (dtype [tag1 tag2 ...])
;; dtype:
;;    'raw     : do no conversion
;;    'number  : convert to number, return #f if fails