picoblog login done on [2013-01-04 Wed 08:26]

picoblogorg now supports the ability to log in.

The org file needs to have a header called Users.

    * Users
    ** joebo
    [colon]PASSWORD: 28275a6d4cea51f96b9507893d5f0ad4
    [colon]GROUP: admin

The password is a md5 hash with salt of the password. Currently group isn't doing anything.

Upon login, the password is hashed and both that and the username are compared to the org file. If it succeeds, a user element is created and stored into an encrypted session cookie.

Encryption/decryption isn't built in to picolisp. I first tried to call out to mcrypt and pipe it to base64. I couldn't figure out the syntax so I ended up just piping to a shell script that does both. I considered using native but that requires pil64 or pil64emu which has some performance overhead. I assume the overhead of the shell call is less than running everything under pil64emu.

Here's the shell:

if [ $1 = "-e" ]
mcrypt -q -F -k foo | base64
if [ $1 = "-d" ]
base64 -d | mcrypt -q -F -k foo -d

And the corresponding picolisp code:

(de crypt-string (Str Decrypt)
  (pipe (out (list 'sh "crypt.sh" (if Decrypt "-d" "-e")) (prin Str)) (pack (make (until (eof) (link (line T)))))))

Prev: Unit testing in picolisp  Next: picoblog Site Templates