]> code.citadel.org Git - citadel.git/blob - webcit/auth.c
projects / citadel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Lotsa stuff. See ChangeLog for details.
[citadel.git] / webcit / auth.c
1 /*
2  * auth.c
3  *
4  * This file contains code which relates to authentication of users to Citadel.
5  *
6  * $Id$
7  */
8
9 #include <stdlib.h>
10 #ifdef HAVE_UNISTD_H
11 #include <unistd.h>
12 #endif
13 #include <stdio.h>
14 #include <ctype.h>
15 #include <string.h>
16 #include <errno.h>
17 #include "webcit.h"
18 #include "child.h"
19
20 char *axdefs[] = {
21         "Deleted",
22         "New User",
23         "Problem User",
24         "Local User",
25         "Network User",
26         "Preferred User",
27         "Aide"
28         };
29
30 /*
31  * Display the login screen
32  */
33 void display_login(char *mesg) {
34         char buf[256];
35
36         printf("HTTP/1.0 200 OK\n");
37         output_headers(1);
38
39         /* Da banner */
40         wprintf("<CENTER><TABLE border=0 width=100%><TR><TD>\n");
41         wprintf("<IMG SRC=\"/image&name=hello\">");
42         wprintf("</TD><TD><CENTER>\n");
43
44         if (mesg != NULL) {
45                 wprintf("<font size=+1><b>%s</b></font>", mesg);
46                 }
47         else {
48                 serv_puts("MESG hello");
49                 serv_gets(buf);
50                 if (buf[0]=='1') fmout(NULL);
51                 }
52
53         wprintf("</CENTER></TD></TR></TABLE></CENTER>\n");
54         wprintf("<HR>\n");
55
56         /* Da login box */
57         wprintf("<CENTER><FORM ACTION=\"/login\" METHOD=\"POST\">\n");
58         wprintf("<TABLE border><TR>\n");
59         wprintf("<TD>User Name:</TD>\n");
60         wprintf("<TD><INPUT TYPE=\"text\" NAME=\"name\" MAXLENGTH=\"25\">\n");
61         wprintf("</TD></TR><TR>\n");
62         wprintf("<TD>Password:</TD>\n");
63         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"pass\" MAXLENGTH=\"20\"></TD>\n");
64         wprintf("</TR></TABLE>\n");
65         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Login\">\n");
66         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"New User\">\n");
67         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Exit\">\n");
68         wprintf("</FORM></CENTER>\n");
69
70         /* Da instructions */
71         wprintf("<LI><EM>If you already have an account on %s,",
72                 serv_info.serv_humannode);
73         wprintf("</EM> enter your user name\n");
74         wprintf("and password and click \"<TT>Login</TT>.\"<BR>\n");
75         wprintf("<LI><EM>If you are a new user,</EM>\n");
76         wprintf("enter the name and password you wish to use, and click\n");
77         wprintf("\"New User.\"<BR><LI>");
78         wprintf("<EM>Please log off properly when finished.</EM>");
79         wprintf("<LI>You must use a browser that supports <i>frames</i> ");
80         wprintf("and <i>cookies</i>.\n");
81         wprintf("</EM></UL>\n");
82
83         wprintf("</BODY></HTML>\n");
84         wDumpContent();
85         }
86
87
88
89
90 /*
91  * This function needs to get called whenever a PASS or NEWU succeeds.
92  */
93 void become_logged_in(char *user, char *pass, char *serv_response) {
94         logged_in = 1;
95         extract(wc_username, &serv_response[4], 0);
96         strcpy(wc_password, pass);
97         axlevel = extract_int(&serv_response[4], 1);
98         if (axlevel >=6) is_aide = 1;
99         }
100
101
102 void do_login(void) {
103         char buf[256];
104         int need_regi = 0;
105
106         if (!strcasecmp(bstr("action"), "Exit")) {
107                 do_logout();
108                 }
109
110         if (!strcasecmp(bstr("action"), "Login")) {
111                 serv_printf("USER %s", bstr("name"));
112                 serv_gets(buf);
113                 if (buf[0]=='3') {
114                         serv_printf("PASS %s", bstr("pass"));
115                         serv_gets(buf);
116                         if (buf[0]=='2') {
117                                 become_logged_in(bstr("name"),
118                                         bstr("pass"), buf);
119                                 }
120                         else {
121                                 display_login(&buf[4]);
122                                 return;
123                                 }
124                         }
125                 else {
126                         display_login(&buf[4]);
127                         return;
128                         }
129                 }
130
131         if (!strcasecmp(bstr("action"), "New User")) {
132                 serv_printf("NEWU %s", bstr("name"));
133                 serv_gets(buf);
134                 if (buf[0]=='2') {
135                         become_logged_in(bstr("name"), bstr("pass"), buf);
136                         serv_printf("SETP %s", bstr("pass"));
137                         serv_gets(buf);
138                         }
139                 else {
140                         display_login(&buf[4]);
141                         return;
142                         }
143                 }
144
145         if (logged_in) {
146                 serv_puts("CHEK");
147                 serv_gets(buf);
148                 if (buf[0]=='2') {
149                         need_regi = extract_int(&buf[4], 1);
150                         /* FIX also check for new mail etc. here */
151                         }
152                 if (need_regi) {
153                         display_reg(1);
154                         }
155                 else {
156                         output_static("frameset.html");
157                         }
158                 }
159         else {
160                 display_login("Your password was not accepted.");
161                 }
162
163         }
164
165 void do_welcome(void) {
166         printf("HTTP/1.0 200 OK\n");
167         output_headers(1);
168         wprintf("<CENTER><H1>");
169         escputs(wc_username);
170         wprintf("</H1>\n");
171         /* FIX add user stats here */
172
173         wprintf("<HR>");
174         /* FIX  ---  what should we put here?  the main menu,
175          * or new messages in the lobby?
176          */
177         embed_main_menu();
178
179         wprintf("</BODY></HTML>\n");
180         wDumpContent();
181         }
182
183
184 void do_logout(void) {
185         char buf[256];
186
187         strcpy(wc_username, "");
188         strcpy(wc_password, "");
189         strcpy(wc_roomname, "");
190
191         printf("HTTP/1.0 200 OK\n");
192         output_headers(2);      /* note the "2" which causes cookies to be unset */
193
194         wprintf("<CENTER>");    
195         serv_puts("MESG goodbye");
196         serv_gets(buf);
197
198         if (buf[0]=='1') fmout(NULL);
199         else wprintf("Goodbye\n");
200
201         wprintf("<HR><A HREF=\"/\">Log in again</A>\n");
202         wprintf("</CENTER></BODY></HTML>\n");
203         wDumpContent();
204         serv_puts("QUIT");
205         exit(0);
206         }
207
208
209
210
211
212 /* 
213  * validate new users
214  */
215 void validate(void) {
216         char cmd[256];
217         char user[256];
218         char buf[256];
219         int a;
220
221         printf("HTTP/1.0 200 OK\n");
222         output_headers(1);
223
224         strcpy(buf,bstr("user"));
225         if (strlen(buf)>0) if (strlen(bstr("axlevel"))>0) {
226                 serv_printf("VALI %s|%s",buf,bstr("axlevel"));
227                 serv_gets(buf);
228                 if (buf[0]!='2') {
229                         wprintf("<EM>%s</EM><BR>\n", &buf[4]);
230                         }
231                 }
232         
233         serv_puts("GNUR");
234         serv_gets(buf);
235
236         if (buf[0]!='3') {
237                 wprintf("<EM>%s</EM><BR></BODY></HTML>\n", &buf[4]);
238                 wDumpContent();
239                 return;
240                 }
241
242         strcpy(user,&buf[4]);
243         serv_printf("GREG %s",user);
244         serv_gets(cmd);
245         if (cmd[0]=='1') {
246                 a = 0;
247                 do {
248                         serv_gets(buf);
249                         ++a;
250                         if (a==1) wprintf("User #%s<BR><H1>%s</H1>",
251                                 buf,&cmd[4]);
252                         if (a==2) wprintf("PW: %s<BR>\n",buf);
253                         if (a==3) wprintf("%s<BR>\n",buf);
254                         if (a==4) wprintf("%s<BR>\n",buf);
255                         if (a==5) wprintf("%s, ",buf);
256                         if (a==6) wprintf("%s ",buf);
257                         if (a==7) wprintf("%s<BR>\n",buf);
258                         if (a==8) wprintf("%s<BR>\n",buf);
259                         if (a==9) wprintf("Current access level: %d (%s)\n",
260                                 atoi(buf),axdefs[atoi(buf)]);
261                         } while(strcmp(buf,"000"));
262                 }
263         else {
264                 wprintf("<H1>%s</H1>%s<BR>\n",user,&cmd[4]);
265                 }
266
267         wprintf("<CENTER><TABLE border><CAPTION>Select access level:");
268         wprintf("</CAPTION><TR>");
269         for (a=0; a<=6; ++a) {
270                 wprintf(
271                 "<TD><A HREF=\"/validate&user=%s&axlevel=%d\">%s</A></TD>\n",
272                         urlesc(user), a, axdefs[a]);
273                 }
274         wprintf("</TR></TABLE><CENTER><BR>\n");
275         wDumpContent();
276         }
277
278
279
280
281
282
283 /* 
284  * Display form for registration.
285  * (Set during_login to 1 if this registration is being performed during
286  * new user login and will require chaining to the proper screen.)
287  */
288 void display_reg(int during_login) {
289         char buf[256];
290         int a;
291
292         printf("HTTP/1.0 200 OK\n");
293         output_headers(1);
294
295         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=007700><TR><TD>");
296         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
297         wprintf("<B>Enter registration info</B>\n");
298         wprintf("</FONT></TD></TR></TABLE>\n");
299
300         wprintf("<CENTER>");
301         serv_puts("MESG register");
302         serv_gets(buf);
303         if (buf[0]=='1') fmout(NULL);
304
305         wprintf("<FORM ACTION=\"/register\" METHOD=\"POST\">\n");
306         wprintf("<INPUT TYPE=\"hidden\" NAME=\"during_login\" VALUE=\"%d\">\n", during_login);
307
308         serv_puts("GREG _SELF_");
309         serv_gets(buf);
310         if (buf[0]!='1') {
311                 wprintf("<EM>%s</EM><BR>\n",&buf[4]);
312                 }
313         else {
314         
315                 wprintf("<H1>%s</H1><TABLE border>\n",&buf[4]);
316                 a = 0;
317                 while (serv_gets(buf), strcmp(buf,"000")) {
318                         ++a;
319                         wprintf("<TR><TD>");
320                         switch(a) {
321                                 case 3: wprintf("Real Name:</TD><TD><INPUT TYPE=\"text\" NAME=\"realname\" VALUE=\"%s\" MAXLENGTH=\"29\"><BR>\n",buf);
322                                         break;
323                                 case 4: wprintf("Street Address:</TD><TD><INPUT TYPE=\"text\" NAME=\"address\" VALUE=\"%s\" MAXLENGTH=\"24\"><BR>\n",buf);
324                                         break;
325                                 case 5: wprintf("City/town:</TD><TD><INPUT TYPE=\"text\" NAME=\"city\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n",buf);
326                                         break;
327                                 case 6: wprintf("State/province:</TD><TD><INPUT TYPE=\"text\" NAME=\"state\" VALUE=\"%s\" MAXLENGTH=\"2\"><BR>\n",buf);
328                                         break;
329                                 case 7: wprintf("ZIP code:</TD><TD><INPUT TYPE=\"text\" NAME=\"zip\" VALUE=\"%s\" MAXLENGTH=\"10\"><BR>\n",buf);
330                                         break;
331                                 case 8: wprintf("Telephone:</TD><TD><INPUT TYPE=\"text\" NAME=\"phone\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n",buf);
332                                         break;
333                                 case 9: wprintf("E-Mail:</TD><TD><INPUT TYPE=\"text\" NAME=\"email\" VALUE=\"%s\" MAXLENGTH=\"31\"><BR>\n",buf);
334                                         break;
335                                 }
336                         wprintf("</TD></TR>\n");
337                         }
338                 wprintf("</TABLE><P>");
339                 }
340         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Register\">\n");
341         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
342         wprintf("</CENTER></BODY></HTML>\n");
343         wDumpContent();
344         }
345
346 /*
347  * register
348  */
349 void register_user(void) {
350         char buf[256];
351         
352         if (strcmp(bstr("action"),"Register")) {
353                 display_error("Cancelled.  Registration was not saved.");
354                 return;
355                 }
356
357         serv_puts("REGI");
358         serv_gets(buf);
359         if (buf[0]!='4') {
360                 display_error(&buf[4]);
361                 }
362
363         serv_puts(bstr("realname"));
364         serv_puts(bstr("address"));
365         serv_puts(bstr("city"));
366         serv_puts(bstr("state"));
367         serv_puts(bstr("zip"));
368         serv_puts(bstr("phone"));
369         serv_puts(bstr("email"));
370         serv_puts("000");
371         
372         if (atoi(bstr("during_login"))) {
373                 output_static("frameset.html");
374                 }
375         else {
376                 display_error("Registration information has been saved.");
377                 }
378         }
379
380
381
382
383
384 /* 
385  * display form for changing your password
386  */
387 void display_changepw(void) {
388         char buf[256];
389
390         printf("HTTP/1.0 200 OK\n");
391         output_headers(1);
392
393         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=770000><TR><TD>");
394         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
395         wprintf("<B>Change your password</B>\n");
396         wprintf("</FONT></TD></TR></TABLE>\n");
397
398         wprintf("<CENTER>");
399         serv_puts("MESG changepw");
400         serv_gets(buf);
401         if (buf[0]=='1') fmout(NULL);
402
403         wprintf("<FORM ACTION=\"changepw\" METHOD=\"POST\">\n");
404         wprintf("<CENTER><TABLE border><TR><TD>Enter new password:</TD>\n");
405         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass1\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
406         wprintf("<TR><TD>Enter it again to confirm:</TD>\n");
407         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass2\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
408         wprintf("</TABLE>\n");  
409         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Change\">\n");
410         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
411         wprintf("</CENTER></BODY></HTML>\n");
412         wDumpContent();
413         }
414
415 /*
416  * change password
417  */
418 void changepw(void) {
419         char buf[256];
420         char newpass1[32], newpass2[32];
421         
422         if (strcmp(bstr("action"),"Change")) {
423                 display_error("Cancelled.  Password was not changed.");
424                 return;
425                 }
426
427         strcpy(newpass1, bstr("newpass1"));
428         strcpy(newpass2, bstr("newpass2"));
429
430         if (strcasecmp(newpass1, newpass2)) {
431                 display_error("They don't match.  Password was not changed.");
432                 return;
433                 }
434
435         serv_printf("SETP %s", newpass1);
436         serv_gets(buf);
437         if (buf[0]=='2') display_success(&buf[4]);
438         else display_error(&buf[4]);
439         }
Citadel server, clients, utilities