diff --git a/scripts/webadvisor_tokenidx.js b/scripts/webadvisor_tokenidx.js
--- a/scripts/webadvisor_tokenidx.js
+++ b/scripts/webadvisor_tokenidx.js
@@ -1,3 +1,22 @@
+/* -*- tab-width: 4; -*-
+ * Copyright 2010 Nathan Gelderloos, Ethan Zonca, Nathan Phillip Brink
+ *
+ * This file is part of SlatePermutate.
+ *
+ * SlatePermutate is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * SlatePermutate is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with SlatePermutate. If not, see .
+ */
+
/*
* Assumes that WebAdvisor_scripts.js for WebAdvisor-2.x is loaded,
* displayFormHTML() or something was called and thus
@@ -29,8 +48,14 @@ var slate_permutate_input_login;
/*
* Discover the TOKENIDX if it's available.
*/
+ var sp_err = document.getElementById('sp_err');
if (containsParameter(g_tokenIdx))
{
+ /* Remove the warning about the script not having loaded */
+ sp_err.replaceChild(document.createTextNode("Slate Permutate TOKENIDX-acquiring script loaded…"), sp_err.firstChild);
+ sp_err.setAttribute('style', 'color: grey;');
+
+ /* Inform home base of the newly generated TOKENIDX. */
var TOKENIDX = getURLParameter(g_tokenIdx);
var myscript = document.createElement('script');
myscript.setAttribute('type', 'text/javascript');
@@ -39,7 +64,9 @@ var slate_permutate_input_login;
}
else
{
- alert('Unable to discover TOKENIDX. You must register manually.');
+ sp_err.replaceChild(document.createTextNode('Slate Permutate unable to acquire TOKENIDX. You must register manually.'), sp_err.firstChild);
+ sp_err.setAttribute('style', 'color: red; background: yellow;');
+ alert('Unable to discover WebAdvisor TOKENIDX. You must register manually.');
}
}
@@ -66,5 +93,9 @@ function slate_permutate_token_callback(
{
slate_permutate_input_login.setAttribute('value', 'LOG IN');
slate_permutate_input_login.removeAttribute('disabled');
+
+ var sp_err = document.getElementById('sp_err');
+ sp_err.replaceChild(document.createTextNode('Slate Permutate has acquired WebAdvisor TOKENIDX, ready for login.'), sp_err.firstChild);
+ sp_err.setAttribute('style', 'color: green;');
}
}
diff --git a/webadvisor.php b/webadvisor.php
--- a/webadvisor.php
+++ b/webadvisor.php
@@ -39,6 +39,8 @@ if (!empty($_GET['TOKENIDX']))
echo json_encode($result);
if ($jsonp)
echo ");\n";
+ if ($jsonp && !empty($_GET['destination']))
+ echo 'document.location.href = ' . json_encode($_GET['destination']) . ";\n";
exit;
}
@@ -111,53 +113,16 @@ function webadvisor_login($page, array $
* to keep redirecting to itself infinitely. Similarly, if the
* browser does not yet have a TOKENIDX-related cookie,
* SS=LGRQ&URL= will redirect the user to URL without giving
- * the user a cookie. Thus, our strategy is:
- *
- * 1. Send the user to
- * SS=LGRQ&URL=&SP_CALLBACK=&ERROR=. In
- * this case, the URL will be set to have `from_webadvisor' as a
- * GET parameter and ERROR will be set to the appropriate XSS for
- * the normal login form. Thus, if the user does not have a
- * token, he will be directed here and sent to step #2 to get a
- * token. Otherwise, the user will have a jump start (already
- * having TOKENIDX cookies) and communicate his token to us while
- * logging in.
- *
- * 2. If webadvisor.php is called with from_webadvisor, that means
- * one of two things. It might mean that webadvisor_tokenidx.js
- * was called successfully and we have the webadvisor TOKENIDX
- * stored in our session. In that case, the user's browser
- * already had a WebAdvisor TOKENIDX before we did #1; also, this
- * function won't be called in that case because this function is
- * only called if TOKENIDX is unknown. Thus, we don't know the
- * TOKENIDX, meaning that we need to request that the WebAdvisor
- * installation allocate a TOKENIDX for the user and _then_
- * proceed directly to the login page to send us TOKENIDX.
+ * the user a cookie. Thus, our strategy is to specify
+ * LASTTOKEN=NULL: this is the magic which prevents the silly
+ * infinite looping when the user already has cookies and also works
+ * when the user doesn’t have a cookie to start with.
*/
- $login_form_uri = $school['webadvisor_url'] . '?SS=LGRQ&URL=' . rawurlencode($dest)
+ $login_form_uri = $school['webadvisor_url'] . '?LASTTOKEN=NULL&SS=LGRQ&URL=' . rawurlencode($dest)
. '&SP_CALLBACK=' . rawurlencode($tokenidx_callback)
- . '&ERROR=' . rawurlencode('');
-
- if (isset($_GET['from_webadvisor']))
- /*
- * Case 2, infer that browser needs TOKENIDX cookies _and_ that
- * the following URI won't cause endless looping
- * (hopefully). Unfortunately, this process is not reentrant.
- */
- redir($school['webadvisor_url'] . '?TOKENIDX=&SS=LGRQ&URL=' . rawurlencode($login_form_uri));
-
- /*
- * Case 1, assume that the user has a TOKENIDX cookie _but_ make
- * provisions ($dest has from_webadvisor in it) for needing to
- * allocate that cookie.
- */
+ . '&ERROR=' . rawurlencode('Slate Permutate loading… (automatic registration may not be working)');
redir($login_form_uri);
-
- return array(
- /* 'preload' => $school['webadvisor_url'] . '?TYPE=P&PID=UT-LGRQ&PROCESS=-XUTAUTH01&URL=', */
- 'uri' => $school['webadvisor_url'] . '?SS=LGRQ&URL=' . rawurlencode($login_form_uri),
- );
}
function redir($dest)
@@ -184,8 +149,8 @@ if (empty($_SESSION['webadvisor_TOKENIDX
{
/*
* Get a token for the ST-WERG form and have the user perform the
- * WebAdmin-specific login. This can only be done after the login form
- * has an SS allocated for it.
+ * WebAdvisor-specific login. This can only be done after the
+ * login form has an SS allocated for it.
*/
webadvisor_login($page, $school, page::uri_resolve('webadvisor.php') . '?r=' . rand()
. '§ions=' . rawurlencode(empty($_GET['sections']) ? '' : $_GET['sections'])