Library LOGINOUT contains two service programs:
- Service program SRVPGM2.
This service program is a duplicate of service program CGIDEV2/CGISRVPGM2,
the celebrated free enabler for CGI programming.
This service program support the CGI programs available in library LOGINOUT.
- Service program LOGINOUT.
This service program contains procedures supporting the LogInOut approach plus some minor ones.
Procedure prototypes are available in QRPGLESRC, member XPROTO.
These procedures are listed and ranked as follow:
*** | - | Procedures to be used in CGI application programs using the "loginout" method |
** | - | Procedures that may be used in any CGI application program |
* | - | Procedures normally used only by service progtram LOGINOUT |
chkUsrID |
*** |
validate user name / password |
chkCookie |
*** |
return user credentials from cookie LOGINOUT |
setCookie |
*** |
create/refresh cookie LOGINOUT |
rmvCookie |
*** |
force cookie LOGINOUT to expire |
rtvjobCCSID |
** |
retrieve the CCSID of the current job |
rtvOSlvl |
** |
retrieve the release of the current Operating Sysytem |
rtvSysName |
** |
retrieve system name |
sndPgmMsg |
** |
send program message |
wrkVldlE |
* |
work with validation list entries | isSecAdm> |
* |
check if a user profile is class(*secadm) |
rtvSVRSEC |
* |
retrieve system value QRETSRVSEC |
cryptCookie |
* |
crypt the cookie value string |
decryptCookie |
* |
decrypt the cookie value string |
ChkUsrID -
validate user name / password
Validates a user name / password versus LOGINOUT validation list.
Used in login CGI program (see QRPGLESRC member SAMPLEPGM1).
* User identification
D ds
D xUSERID 1 200
D xname 1 100
D xpwd 101 200
* Validation list
D xVldl ds
D xVldlNam 10 inz('LOGINOUT')
D xVldlLib 10
/free
...
rc=chkUsrID(xVldl:xname:xpwd); // check identification
if rc<>0; // invalid identification
...
else;
...
endif; |
ChkCookie -
return user credentials from cookie LOGINOUT
- Checks is a cookie is still available (not expired). If expired, provides return code -1.
- Checks if the user credentials filed in the cookie are found in validation list LOGINOUT (this is done through procedure ChkUsrId). If not found, provides return code -2.
- If user credentials are found in validation list, provides return code 0 (success).
This procedure should be used at CGI program initiation to check if the cookie has expired and to check the user credentials stored in the cookie.
If return code not 0, the CGI program should send the login screen.
See QRPGLESRC member SAMPLEPGM2.
*======== Data strucure returned from procedure ChkCookie()===========
D xCookieData ds 204
D xCookieRC 10i 0 overlay(xCookieData:1) return code
D xCookieUP 200 overlay(xCookieData:5)
D xCookieUsr 100 overlay(xCookieData:5) username
D xCookiePwd 100 overlay(xCookieData:105) password
/free
...
// Retrieve user name and password from cookie, validate vs validation list
xCookieData=chkCookie();
//If cookie not found or user not validated, force login
if xCookieRC<>0;
wrtsection('expired *fini');
return;
endif; |
SetCookie -
create/refresh cookie LOGINOUT
Given user credentials (username and password), it returns a HTTP header to create/refresh the "loginout" cookie.
It must be remarked that the name of the cookie is the name of the library of the service program defining procedure "setcookie", in uppercase characters.
In other words, if you are working with library MYLIB - created or updated from command LOGINOUT/SETLIB LIB(MYLIB) -
the cookie name is MYLIB.
This procedure should be used at CGI program initiation (if procedure chkCookie returns code 0: cookie still there) to refresh the LOGINOUT cookie with a new expiration time).
See QRPGLESRC members SAMPLEPGM1 and SAMPLEPGM2.
*======== COOKIE HTTP HEADER =========================================
D setMyCookie s 1000 varying
*======== Data strucure returned from procedure ChkCookie()===========
D xCookieData ds 204
D xCookieRC 10i 0 overlay(xCookieData:1) return code
D xCookieUP 200 overlay(xCookieData:5)
D xCookieUsr 100 overlay(xCookieData:5) username
D xCookiePwd 100 overlay(xCookieData:105) password
/free
...
setMyCookie=SetCookie(xCookieUsr:xCookiePwd); |
RmvCookie -
force cookie LOGINOUT to expire
This procedure should be used when the user asks to log out.
After forcing the cookie to expire, the CGI program should issue the login screen.
See QRPGLESRC members SAMPLEPGM1 and SAMPLEPGM2.
*======== COOKIE HTTP HEADER =========================================
D setMyCookie s 1000 varying
/free
...
setMyCookie=RmvCookie(); //retrieve a HTTP header to make the cookie expired
updHtmlVar('setmycookie':setMyCookie);
wrtsection('loggedOut'); //send the logout screen followed by the login screen |
|