]> code.citadel.org Git - citadel.git/blob - webcit/auth.c
projects / citadel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
fixed the noframes mode
[citadel.git] / webcit / auth.c
1 /*
2  * auth.c
3  *
4  * This file contains code which relates to authentication of users to Citadel.
5  *
6  * $Id$
7  */
8
9 #include <stdlib.h>
10 #ifdef HAVE_UNISTD_H
11 #include <unistd.h>
12 #endif
13 #include <stdio.h>
14 #include <ctype.h>
15 #include <string.h>
16 #include <errno.h>
17 #include "webcit.h"
18 #include "child.h"
19
20 char *axdefs[] = {
21         "Deleted",
22         "New User",
23         "Problem User",
24         "Local User",
25         "Network User",
26         "Preferred User",
27         "Aide"
28         };
29
30 /*
31  * Display the login screen
32  */
33 void display_login(char *mesg) {
34         char buf[256];
35
36         printf("HTTP/1.0 200 OK\n");
37         output_headers(1, "_top");
38
39         /* Da banner */
40         wprintf("<CENTER><TABLE border=0 width=100%><TR><TD>\n");
41         wprintf("<IMG SRC=\"/image&name=hello\">");
42         wprintf("</TD><TD><CENTER>\n");
43
44         if (mesg != NULL) {
45                 wprintf("<font size=+1><b>%s</b></font>", mesg);
46                 }
47         else {
48                 serv_puts("MESG hello");
49                 serv_gets(buf);
50                 if (buf[0]=='1') fmout(NULL);
51                 }
52
53         wprintf("</CENTER></TD></TR></TABLE></CENTER>\n");
54         wprintf("<HR>\n");
55
56         /* Da login box */
57         wprintf("<CENTER><FORM ACTION=\"/login\" METHOD=\"POST\">\n");
58         wprintf("<TABLE border><TR>\n");
59         wprintf("<TD>User Name:</TD>\n");
60         wprintf("<TD><INPUT TYPE=\"text\" NAME=\"name\" MAXLENGTH=\"25\">\n");
61         wprintf("</TD></TR><TR>\n");
62         wprintf("<TD>Password:</TD>\n");
63         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"pass\" MAXLENGTH=\"20\"></TD>\n");
64         wprintf("</TR></TABLE>\n");
65         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Login\">\n");
66         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"New User\">\n");
67         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Exit\">\n");
68         
69         wprintf("<BR><INPUT TYPE=\"checkbox\" NAME=\"noframes\">");
70         wprintf("<FONT SIZE=-1>Check here to disable frames</FONT>\n");
71         wprintf("</FORM></CENTER>\n");
72
73         /* Da instructions */
74         wprintf("<LI><EM>If you already have an account on %s,",
75                 serv_info.serv_humannode);
76         wprintf("</EM> enter your user name\n");
77         wprintf("and password and click \"<TT>Login</TT>.\"<BR>\n");
78         wprintf("<LI><EM>If you are a new user,</EM>\n");
79         wprintf("enter the name and password you wish to use, and click\n");
80         wprintf("\"New User.\"<BR><LI>");
81         wprintf("<EM>Please log off properly when finished.</EM>");
82         wprintf("<LI>You must use a browser that supports <i>frames</i> ");
83         wprintf("and <i>cookies</i>.\n");
84         wprintf("</EM></UL>\n");
85
86         wDumpContent(1);
87         }
88
89
90
91
92 /*
93  * This function needs to get called whenever a PASS or NEWU succeeds.
94  */
95 void become_logged_in(char *user, char *pass, char *serv_response) {
96         logged_in = 1;
97         extract(wc_username, &serv_response[4], 0);
98         strcpy(wc_password, pass);
99         axlevel = extract_int(&serv_response[4], 1);
100         if (axlevel >=6) is_aide = 1;
101         }
102
103
104 void do_login(void) {
105         char buf[256];
106         int need_regi = 0;
107
108
109         if (!strcasecmp(bstr("noframes"), "on"))
110                 noframes = 1;
111         else
112                 noframes = 0;
113
114         if (!strcasecmp(bstr("action"), "Exit")) {
115                 do_logout();
116                 }
117
118         if (!strcasecmp(bstr("action"), "Login")) {
119                 serv_printf("USER %s", bstr("name"));
120                 serv_gets(buf);
121                 if (buf[0]=='3') {
122                         serv_printf("PASS %s", bstr("pass"));
123                         serv_gets(buf);
124                         if (buf[0]=='2') {
125                                 become_logged_in(bstr("name"),
126                                         bstr("pass"), buf);
127                                 }
128                         else {
129                                 display_login(&buf[4]);
130                                 return;
131                                 }
132                         }
133                 else {
134                         display_login(&buf[4]);
135                         return;
136                         }
137                 }
138
139         if (!strcasecmp(bstr("action"), "New User")) {
140                 serv_printf("NEWU %s", bstr("name"));
141                 serv_gets(buf);
142                 if (buf[0]=='2') {
143                         become_logged_in(bstr("name"), bstr("pass"), buf);
144                         serv_printf("SETP %s", bstr("pass"));
145                         serv_gets(buf);
146                         }
147                 else {
148                         display_login(&buf[4]);
149                         return;
150                         }
151                 }
152
153         if (logged_in) {
154                 serv_puts("CHEK");
155                 serv_gets(buf);
156                 if (buf[0]=='2') {
157                         need_regi = extract_int(&buf[4], 1);
158                         /* FIX also check for new mail etc. here */
159                         }
160                 if (need_regi) {
161                         display_reg(1);
162                         }
163                 else {
164                         do_welcome();
165                         }
166                 }
167         else {
168                 display_login("Your password was not accepted.");
169                 }
170
171         }
172
173 void do_welcome(void) {
174
175         if (noframes) {
176                 printf("HTTP/1.0 200 OK\n");
177                 output_headers(1, "_top");
178                 wprintf("<CENTER><H1>");
179                 escputs(wc_username);
180                 wprintf("</H1>\n");
181                 /* FIX add user stats here */
182                 wDumpContent(1);
183                 }
184
185         else {
186                 output_static("frameset.html");
187                 }
188         }
189
190
191 void do_logout(void) {
192         char buf[256];
193
194         strcpy(wc_username, "");
195         strcpy(wc_password, "");
196         strcpy(wc_roomname, "");
197
198         printf("HTTP/1.0 200 OK\n");
199         output_headers(2, "_top");      /* note "2" causes cookies to be unset */
200
201         wprintf("<CENTER>");    
202         serv_puts("MESG goodbye");
203         serv_gets(buf);
204
205         if (buf[0]=='1') fmout(NULL);
206         else wprintf("Goodbye\n");
207
208         wprintf("<HR><A HREF=\"/\">Log in again</A></CENTER>\n");
209         wDumpContent(2);
210         serv_puts("QUIT");
211         exit(0);
212         }
213
214
215
216
217
218 /* 
219  * validate new users
220  */
221 void validate(void) {
222         char cmd[256];
223         char user[256];
224         char buf[256];
225         int a;
226
227         printf("HTTP/1.0 200 OK\n");
228         output_headers(1, "bottom");
229
230         strcpy(buf,bstr("user"));
231         if (strlen(buf)>0) if (strlen(bstr("axlevel"))>0) {
232                 serv_printf("VALI %s|%s",buf,bstr("axlevel"));
233                 serv_gets(buf);
234                 if (buf[0]!='2') {
235                         wprintf("<EM>%s</EM><BR>\n", &buf[4]);
236                         }
237                 }
238         
239         serv_puts("GNUR");
240         serv_gets(buf);
241
242         if (buf[0]!='3') {
243                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
244                 wDumpContent(1);
245                 return;
246                 }
247
248         strcpy(user,&buf[4]);
249         serv_printf("GREG %s",user);
250         serv_gets(cmd);
251         if (cmd[0]=='1') {
252                 a = 0;
253                 do {
254                         serv_gets(buf);
255                         ++a;
256                         if (a==1) wprintf("User #%s<BR><H1>%s</H1>",
257                                 buf,&cmd[4]);
258                         if (a==2) wprintf("PW: %s<BR>\n",buf);
259                         if (a==3) wprintf("%s<BR>\n",buf);
260                         if (a==4) wprintf("%s<BR>\n",buf);
261                         if (a==5) wprintf("%s, ",buf);
262                         if (a==6) wprintf("%s ",buf);
263                         if (a==7) wprintf("%s<BR>\n",buf);
264                         if (a==8) wprintf("%s<BR>\n",buf);
265                         if (a==9) wprintf("Current access level: %d (%s)\n",
266                                 atoi(buf),axdefs[atoi(buf)]);
267                         } while(strcmp(buf,"000"));
268                 }
269         else {
270                 wprintf("<H1>%s</H1>%s<BR>\n",user,&cmd[4]);
271                 }
272
273         wprintf("<CENTER><TABLE border><CAPTION>Select access level:");
274         wprintf("</CAPTION><TR>");
275         for (a=0; a<=6; ++a) {
276                 wprintf(
277                 "<TD><A HREF=\"/validate&user=%s&axlevel=%d\">%s</A></TD>\n",
278                         urlesc(user), a, axdefs[a]);
279                 }
280         wprintf("</TR></TABLE><CENTER><BR>\n");
281         wDumpContent(1);
282         }
283
284
285
286
287
288
289 /* 
290  * Display form for registration.
291  * (Set during_login to 1 if this registration is being performed during
292  * new user login and will require chaining to the proper screen.)
293  */
294 void display_reg(int during_login) {
295         char buf[256];
296         int a;
297
298         printf("HTTP/1.0 200 OK\n");
299         output_headers(1, "bottom");
300
301         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=007700><TR><TD>");
302         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
303         wprintf("<B>Enter registration info</B>\n");
304         wprintf("</FONT></TD></TR></TABLE>\n");
305
306         wprintf("<CENTER>");
307         serv_puts("MESG register");
308         serv_gets(buf);
309         if (buf[0]=='1') fmout(NULL);
310
311         wprintf("<FORM ACTION=\"/register\" METHOD=\"POST\">\n");
312         wprintf("<INPUT TYPE=\"hidden\" NAME=\"during_login\" VALUE=\"%d\">\n", during_login);
313
314         serv_puts("GREG _SELF_");
315         serv_gets(buf);
316         if (buf[0]!='1') {
317                 wprintf("<EM>%s</EM><BR>\n",&buf[4]);
318                 }
319         else {
320         
321                 wprintf("<H1>%s</H1><TABLE border>\n",&buf[4]);
322                 a = 0;
323                 while (serv_gets(buf), strcmp(buf,"000")) {
324                         ++a;
325                         wprintf("<TR><TD>");
326                         switch(a) {
327                                 case 3: wprintf("Real Name:</TD><TD><INPUT TYPE=\"text\" NAME=\"realname\" VALUE=\"%s\" MAXLENGTH=\"29\"><BR>\n",buf);
328                                         break;
329                                 case 4: wprintf("Street Address:</TD><TD><INPUT TYPE=\"text\" NAME=\"address\" VALUE=\"%s\" MAXLENGTH=\"24\"><BR>\n",buf);
330                                         break;
331                                 case 5: wprintf("City/town:</TD><TD><INPUT TYPE=\"text\" NAME=\"city\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n",buf);
332                                         break;
333                                 case 6: wprintf("State/province:</TD><TD><INPUT TYPE=\"text\" NAME=\"state\" VALUE=\"%s\" MAXLENGTH=\"2\"><BR>\n",buf);
334                                         break;
335                                 case 7: wprintf("ZIP code:</TD><TD><INPUT TYPE=\"text\" NAME=\"zip\" VALUE=\"%s\" MAXLENGTH=\"10\"><BR>\n",buf);
336                                         break;
337                                 case 8: wprintf("Telephone:</TD><TD><INPUT TYPE=\"text\" NAME=\"phone\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n",buf);
338                                         break;
339                                 case 9: wprintf("E-Mail:</TD><TD><INPUT TYPE=\"text\" NAME=\"email\" VALUE=\"%s\" MAXLENGTH=\"31\"><BR>\n",buf);
340                                         break;
341                                 }
342                         wprintf("</TD></TR>\n");
343                         }
344                 wprintf("</TABLE><P>");
345                 }
346         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Register\">\n");
347         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
348         wprintf("</CENTER>\n");
349         wDumpContent(1);
350         }
351
352 /*
353  * register
354  */
355 void register_user(void) {
356         char buf[256];
357         
358         if (strcmp(bstr("action"),"Register")) {
359                 display_error("Cancelled.  Registration was not saved.");
360                 return;
361                 }
362
363         serv_puts("REGI");
364         serv_gets(buf);
365         if (buf[0]!='4') {
366                 display_error(&buf[4]);
367                 }
368
369         serv_puts(bstr("realname"));
370         serv_puts(bstr("address"));
371         serv_puts(bstr("city"));
372         serv_puts(bstr("state"));
373         serv_puts(bstr("zip"));
374         serv_puts(bstr("phone"));
375         serv_puts(bstr("email"));
376         serv_puts("000");
377         
378         if (atoi(bstr("during_login"))) {
379                 do_welcome();
380                 }
381         else {
382                 display_error("Registration information has been saved.");
383                 }
384         }
385
386
387
388
389
390 /* 
391  * display form for changing your password
392  */
393 void display_changepw(void) {
394         char buf[256];
395
396         printf("HTTP/1.0 200 OK\n");
397         output_headers(1, "bottom");
398
399         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=770000><TR><TD>");
400         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
401         wprintf("<B>Change your password</B>\n");
402         wprintf("</FONT></TD></TR></TABLE>\n");
403
404         wprintf("<CENTER>");
405         serv_puts("MESG changepw");
406         serv_gets(buf);
407         if (buf[0]=='1') fmout(NULL);
408
409         wprintf("<FORM ACTION=\"changepw\" METHOD=\"POST\">\n");
410         wprintf("<CENTER><TABLE border><TR><TD>Enter new password:</TD>\n");
411         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass1\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
412         wprintf("<TR><TD>Enter it again to confirm:</TD>\n");
413         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass2\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
414         wprintf("</TABLE>\n");  
415         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Change\">\n");
416         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
417         wprintf("</CENTER>\n");
418         wDumpContent(1);
419         }
420
421 /*
422  * change password
423  */
424 void changepw(void) {
425         char buf[256];
426         char newpass1[32], newpass2[32];
427         
428         if (strcmp(bstr("action"),"Change")) {
429                 display_error("Cancelled.  Password was not changed.");
430                 return;
431                 }
432
433         strcpy(newpass1, bstr("newpass1"));
434         strcpy(newpass2, bstr("newpass2"));
435
436         if (strcasecmp(newpass1, newpass2)) {
437                 display_error("They don't match.  Password was not changed.");
438                 return;
439                 }
440
441         serv_printf("SETP %s", newpass1);
442         serv_gets(buf);
443         if (buf[0]=='2') display_success(&buf[4]);
444         else display_error(&buf[4]);
445         }
Citadel server, clients, utilities