set echo on; /* */ /* gjk.pack is copyright 1997 by Gerald J. Klaas gklaas@sacto.com */ /* gjk.pack is freely distributable for non-commercial purposes */ /* as long as credit is given to the author and original comments*/ /* are left in the code. */ /* */ set echo off; /* History: */ /* 12/15/96 */ /* gjk.pack was designed to do user identification for Web applications */ /* using Oracle Webserver, thus allowing an imitation of the */ /* client/server environment through an httpd service. */ /* gjk.pack follows the concept of Netscape cookies, but doesn't require */ /* the browser to support cookies. Instead, gjk.pack uses the */ /* hidden field in forms to pass the cookie. The cookie is valid */ /* for a specified time, from a specified IP, and is used to access */ /* the users' identity and rights within the database. */ /* I hope the code is self-explanatory. If not, you could always hire a */ /* consultant ;-) http://www.calweb.com/~argek/index.html */ /* version 1.5 12/96 Prototype */ set echo off; /* set scan off will avoid substitution of &parm as a variable */ set scan off; create or replace package gjk is procedure localvar (parm1 in varchar2 DEFAULT NULL, parm2 in varchar2 DEFAULT NULL, parm3 in varchar2 default null); procedure login_form (follow in varchar2 DEFAULT NULL); procedure logout (cookie in varchar2 DEFAULT NULL); procedure mk_cookie (assignee in varchar2 DEFAULT NULL, follow in varchar2 DEFAULT NULL, password in varchar2 default null); function cookie_chk (cookie in varchar2 DEFAULT NULL) return varchar2; function dt_chk (in_date in varchar2 DEFAULT NULL) return date; function dt_fmt (in_date in date DEFAULT NULL) return varchar2; function whoami (cookie in varchar2 DEFAULT NULL) return varchar2; end; / show errors /*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/ create or replace package body gjk is /*---------------------------------------------------------------------------*/ procedure localvar (parm1 in varchar2 DEFAULT NULL, parm2 in varchar2 DEFAULT NULL, parm3 in varchar2 default null) is begin if parm1 = 'WindowTitle' then htp.p('GJK cookie jar'); elsif parm1 = 'WindowTitle2' then htp.p('Cookie Jar #'||parm2||''); elsif parm1 = 'Logo' then htp.p(' GJK

'); elsif parm1 = 'OurFont' then htp.p(''); elsif parm1 = 'SetFocus' then htp.print(''); elsif parm1 = 'DateErr' then htp.p('You have entered an invalid date. Please check for '); htp.p('out of range days, misspelled months, and bad years.'); htp.p('Also, the date format must be in the following form: '); htp.p('mm/dd/yy (such as 5/27/96).'); else null; end if; end localvar; /*---------------------------------------------------------------------------*/ procedure login_form (follow in varchar2 DEFAULT NULL) is begin htp.htmlOpen; htp.headOpen; localvar('WindowTitle'); localvar('Logo'); htp.headClose; htp.bodyOpen; localvar('OurFont'); htp.print('

Login

'); htp.formOpen('gjk.mk_cookie'); htp.formHidden('follow',follow); htp.print('Username'); htp.formText('assignee','8','8'); htp.nl; htp.print('Password'); htp.formPassword('password','10','10'); htp.nl; htp.formSubmit; htp.formClose; htp.print(''); localvar('SetFocus','0','1'); htp.bodyClose; htp.htmlClose; end login_form; /*---------------------------------------------------------------------------*/ procedure logout (cookie in varchar2 DEFAULT NULL) is rolebuf varchar(10); me varchar(10); no_cookie exception; begin rolebuf := cookie_chk(cookie); if ( rolebuf < 1 ) then raise no_cookie; end if; update cookie_jar A set A.cookie=null where A.cookie=logout.cookie; htp.print('You are logged out'); htp.nl; htp.anchor('http://www.calweb.com/~argek/index.html','Continue'); EXCEPTION when no_cookie then htp.print('You are logged out'); htp.nl; htp.anchor('http://www.calweb.com/~argek/index.html','Continue'); when others then htp.print('You hit an unhandled exception gjk.logout'); htp.p('

Error Message: '||SQLERRM); end logout; /*---------------------------------------------------------------------------*/ procedure mk_cookie (assignee in varchar2 DEFAULT NULL, follow in varchar2 DEFAULT NULL, password in varchar2 default null) is aebuf varchar(10); pwdbuf varchar(10); ckebuf varchar(20); bkdbuf date; rndno varchar(10); ipbuf varchar(20); bad_password exception; begin /*-- Start kludge to allow simultaneous users of account 'GERMO' ---*/ if upper(assignee)='GERMO' then select upper(A.assignee), A.password, A.baked, A.cookie into aebuf, pwdbuf, bkdbuf, ckebuf from cookie_jar A where upper(mk_cookie.assignee)=upper(A.assignee); ipbuf := owa_util.get_cgi_env('REMOTE_ADDR'); if mk_cookie.password!=pwdbuf then raise bad_password; end if; if (bkdbuf + .25 < sysdate ) then rndno := to_number(to_char(sysdate,'SSSSS')); update cookie_jar set cookie=aebuf||','||rndno, baked=sysdate, last_ip=ipbuf where upper(cookie_jar.assignee)=upper(aebuf); htp.print('Location: '||owa_util.get_owa_service_path||follow ||'cookie='||aebuf||','||rndno); htp.print(''); htp.print(''); else htp.print('Location: '||owa_util.get_owa_service_path||follow ||'cookie='||ckebuf); htp.print(''); htp.print(''); end if; /*-- End kludge to allow simultaneous users of account 'GERMO' ---*/ else select upper(A.assignee), A.password into aebuf, pwdbuf from cookie_jar A where upper(mk_cookie.assignee)=upper(A.assignee); rndno := to_number(to_char(sysdate,'SSSSS')); ipbuf := owa_util.get_cgi_env('REMOTE_ADDR'); if mk_cookie.password!=pwdbuf then raise bad_password; end if; update cookie_jar set cookie=aebuf||','||rndno, baked=sysdate, last_ip=ipbuf where upper(cookie_jar.assignee)=upper(aebuf); /*--Following three lines IMITATE a server (302) redirect --*/ htp.print('Location: '||owa_util.get_owa_service_path||follow ||'cookie='||aebuf||','||rndno); htp.print(''); htp.print(''); end if; exception when bad_password then htp.print('invalid password'); when no_data_found then htp.print(assignee||' is not a user.'); when others then htp.print('You hit an unhandled exception in mk_cookie'); htp.p('

Error Message: '||SQLERRM); end mk_cookie; /*---------------------------------------------------------------------------*/ function cookie_chk (cookie in varchar2 DEFAULT NULL) return varchar2 is rolebuf varchar(20); retbuf varchar(20); bkdbuf date; ipbuf varchar(20); lastipbuf varchar(20); no_cookie exception; begin if cookie is null then raise no_cookie; end if; select role, baked, last_ip into rolebuf, bkdbuf, lastipbuf from cookie_jar A where A.cookie=cookie_chk.cookie; /*--retbuf is a number (displayed as char) left-padded to 8 characters --*/ /*--each col is bitwise additive 1=insert,2=update,4=delete ) --*/ /*--10**0 column is unassigned (future use ) --*/ /*--10**1 column is basic access rights (some number greater than 0) --*/ /*--10**2 column defines insert and update rights for assignments --*/ /*--10**3 column is unassigned (future use ) --*/ /*--10**4 through 10**8 are unassigned (future use ) --*/ retbuf := to_char(to_number(rolebuf), '00000000'); if (bkdbuf + .25 < sysdate ) then raise no_cookie; end if; ipbuf := owa_util.get_cgi_env('REMOTE_ADDR'); if ipbuf!=lastipbuf then raise no_cookie; end if; /*--If cookie is null, bad, or expired, then return '0' --*/ /*--If cookie is valid, then return the role value stored in database--*/ return (retbuf); EXCEPTION when no_data_found then return ('0'); when no_cookie then return ('0'); when others then return ('0'); end cookie_chk; /*---------------------------------------------------------------------------*/ function dt_chk (in_date in varchar2 DEFAULT NULL) return date is dt_buf date; -- Allow dates to be entered in alternate formats and make Y2K compliant begin dt_buf := to_date(in_date,'mm/dd/yy'); if dt_buf < '1-JAN-50' then dt_buf := add_months(dt_buf,1200); end if; return(dt_buf); exception when others then begin dt_buf := to_date(in_date,'dd-MON-yy'); if dt_buf < '1-JAN-50' then dt_buf := add_months(dt_buf,1200); end if; return(dt_buf); exception -- will force an ORA-1847 error when others then return('0-Jan-80'); end; end dt_chk; /*---------------------------------------------------------------------------*/ function dt_fmt (in_date in date DEFAULT NULL) return varchar2 is dt_buf varchar2(15); begin if in_date is null then return(null); end if; dt_buf := to_char(in_date,'MM/DD/YY'); -- format to print dates -- dt_buf := to_char(in_date,'dd-MON-yy'); return (dt_buf); end dt_fmt; /*---------------------------------------------------------------------------*/ function whoami (cookie in varchar2 DEFAULT NULL) return varchar2 is delimit number; whoamibuf varchar(10); begin if cookie is null then return('xxxx'); end if; delimit := instr(cookie,',',1,1); whoamibuf := upper(substr(cookie,1,delimit-1)); return (whoamibuf); end whoami; /*---------------------------------------------------------------------------*/ end gjk; / show errors /*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/