For years we've had these things called "formkeys" in Slash, which are small tokens that sit in a form and make sure you can't submit a form without getting one first. It's tied to your account or IP address, and you can't use a form without one.
Also, formkeys allowed us to easily make sure you have not used a form more than $n times, or more often than $x times in $y seconds, and so on. It helped us curb lots of different sorts of abuse.
Well, formkeys have lots of problems, including that they were hard to use (and so often were not used), could be abused by exploiting lack of atomicity, were hard to add new checks to, and so on.
So enter reskeys. A reimplementation of the same basic idea.
You have a resource (say, journal) and that resource has certain requirements: you must be a registered user, with seclev greater than 0; you cannot use more than 30 forms in four hours; you cannot submit more than one journal every 30 seconds; and so on. Each of these checks is implemented by a class, and a table in the database keeps track of which classes to check in order to create reskey (get a new form), touch a reskey (preview the journal), or use a reskey (save the journal entry). And a bunch of variables are defined in another table, which are used by the classes.
So to use reskeys in the code, you just add those rows to the database tables, then call my $rkey =$reskey->key("journal") in your code, then call $rkey->create (or touch, or use) as appropriate. Call [% PROCESS reskey_tag %] in your form. And if there's an error (because the call to create/touch/use returned false), call $rkey->errstr to get the error string to show to the user.
Simple and neat. So now Zoo and Journal are ported to Slash::ResKey. If this journal entry gets posted, it means SOAP is working with it, too. And if you get any problems about invalid resources etc., do let me know.
I posted a journal entry that was a couple paragraphs before leaving work at 3:30PM EST today. It is not in my journal history, nor did it show up?
Did it get eatin'? I am getting old, but I hope not that old.
Re:I may be getting old...
pudge on 2005-10-12T01:30:48
Maybe you posted it, but didn't check to make sure the submission was complete before closing the window? I restarted the httpds sometime after 3 p.m. ET; if the httpds were down when you hit submit, and you didn't make sure it saved, then it could've been lost.
