]> code.citadel.org Git - citadel.git/blob - webcit/auth.c
* removed handlers from webcit.h if possible
[citadel.git] / webcit / auth.c
1 /*
2  * $Id$
3  *
4  * WebcitAuth; Handles authentication of users to a Citadel server.
5  */
6
7 #include "webcit.h"
8 #include "webserver.h"
9 #include <ctype.h>
10
11
12 void display_reg(int during_login);
13
14 /*
15  * Access level definitions.  This is initialized from a function rather than a
16  * static array so that the strings may be localized.
17  */
18 char *axdefs[7]; 
19
20 void initialize_axdefs(void) {
21         axdefs[0] = _("Deleted");       /* an erased user */
22         axdefs[1] = _("New User");      /* a new user */
23         axdefs[2] = _("Problem User");  /* a trouble maker */
24         axdefs[3] = _("Local User");    /* user with normal privileges */
25         axdefs[4] = _("Network User");  /* a user that may access network resources */
26         axdefs[5] = _("Preferred User");/* a moderator */
27         axdefs[6] = _("Aide");          /* chief */
28 }
29
30
31
32
33 /* 
34  * Display the login screen
35  * mesg = the error message if last attempt failed.
36  */
37 void display_login(char *mesg)
38 {
39         char buf[SIZ];
40
41         output_headers(1, 1, 2, 0, 0, 0);
42         wprintf("<div id=\"login_screen\">\n");
43
44         if (mesg != NULL) if (!IsEmptyStr(mesg)) {
45                         stresc(buf, SIZ,  mesg, 0, 0);
46                         svprintf(HKEY("MESG"), WCS_STRING, "%s", buf);
47         }
48
49         svprintf(HKEY("LOGIN_INSTRUCTIONS"), WCS_STRING,
50                 _("<ul>"
51                 "<li><b>If you already have an account on %s</b>, "
52                 "enter your user name and password and click &quot;Login.&quot; "
53                 "<li><b>If you are a new user</b>, enter the name and password "
54                 "you wish to use, "
55                 "and click &quot;New User.&quot; "
56                 "<li>Please log off properly when finished. "
57                 "<li>You must use a browser that supports <i>frames</i> and "
58                 "<i>cookies</i>. "
59                 "<li>Also keep in mind that if your browser is "
60                 "configured to block pop-up windows, you will not be able "
61                 "to receive any instant messages.<br />"
62                 "</ul>"),
63                 serv_info.serv_humannode
64         );
65
66         svput("USERNAME_BOX", WCS_STRING, _("User name:"));
67         svput("PASSWORD_BOX", WCS_STRING, _("Password:"));
68         svput("LANGUAGE_BOX", WCS_STRING, _("Language:"));
69         svput("LOGIN_BUTTON", WCS_STRING, _("Login"));
70         svput("NEWUSER_BUTTON", WCS_STRING, _("New User"));
71         svput("EXIT_BUTTON", WCS_STRING, _("Exit"));
72         svput("HELLO", WCS_SERVCMD, "MESG hello");
73         svprintf(HKEY("BOXTITLE"), WCS_STRING, _("%s - powered by <a href=\"http://www.citadel.org\">Citadel</a>"),
74                 serv_info.serv_humannode);
75         svcallback("DO_LANGUAGE_BOX", offer_languages);
76         if (serv_info.serv_newuser_disabled) {
77                 svput("NEWUSER_BUTTON_PRE", WCS_STRING, "<div style=\"display:none;\">");
78                 svput("NEWUSER_BUTTON_POST", WCS_STRING, "</div>");
79         }
80         else {
81                 svput("NEWUSER_BUTTON_PRE", WCS_STRING, "");
82                 svput("NEWUSER_BUTTON_POST", WCS_STRING, "");
83         }
84
85         if (serv_info.serv_supports_openid) {
86                 svprintf(HKEY("OFFER_OPENID_LOGIN"), WCS_STRING,
87                         "<div align=center>"
88                         "<a href=\"display_openid_login\">"
89                         "<img src=\"static/openid-small.gif\" border=0 valign=middle>"
90                         "%s</a>"
91                         "</div>"
92                         ,
93                         "Log in using OpenID"
94                 );
95         }
96         else {
97                 svput("OFFER_OPENID_LOGIN", WCS_STRING, "");
98         }
99
100         do_template("login");
101
102         wDumpContent(2);
103 }
104
105
106
107
108 /* 
109  * Display the openid-enabled login screen
110  * mesg = the error message if last attempt failed.
111  */
112 void display_openid_login(char *mesg)
113 {
114         char buf[SIZ];
115
116         output_headers(1, 1, 2, 0, 0, 0);
117         wprintf("<div id=\"login_screen\">\n");
118
119         if (mesg != NULL) if (!IsEmptyStr(mesg)) {
120                         stresc(buf, SIZ,  mesg, 0, 0);
121                         svprintf(HKEY("MESG"), WCS_STRING, "%s", buf);
122         }
123
124         svprintf(HKEY("LOGIN_INSTRUCTIONS"), WCS_STRING,
125                 _("<ul>"
126                 "<li>Enter your OpenID URL and click &quot;Login&quot;."
127                 "<li><a href=\"http://www.citadel.org/doku.php/documentation:openid\">"
128                 "Click here to learn what OpenID is and how Citadel is using it.</a>"
129                 "<li>Please log off properly when finished. "
130                 "<li>You must use a browser that supports <i>frames</i> and "
131                 "<i>cookies</i>. "
132                 "<li>Also keep in mind that if your browser is "
133                 "configured to block pop-up windows, you will not be able "
134                 "to receive any instant messages.<br />"
135                 "</ul>")
136         );
137
138         svput("OPENID_BOX", WCS_STRING, _("OpenID URL:"));
139         svput("LANGUAGE_BOX", WCS_STRING, _("Language:"));
140         svput("LOGIN_BUTTON", WCS_STRING, _("Login"));
141         svput("EXIT_BUTTON", WCS_STRING, _("Exit"));
142         svput("HELLO", WCS_SERVCMD, "MESG hello");
143         svprintf(HKEY("BOXTITLE"), WCS_STRING, _("%s - powered by <a href=\"http://www.citadel.org\">Citadel</a>"),
144                 serv_info.serv_humannode);
145         svcallback("DO_LANGUAGE_BOX", offer_languages);
146
147         svprintf(HKEY("OFFER_CONVENTIONAL_LOGIN"), WCS_STRING,
148                 "<div align=center>"
149                 "<a href=\"display_login\">"
150                 "%s</a>"
151                 "</div>"
152                 ,
153                 "Log in using a user name and password"
154         );
155
156         do_template("openid_login");
157         wDumpContent(2);
158 }
159
160
161 void display_openid_name_request(char *claimed_id, char *username) {
162         char buf[SIZ];
163
164         output_headers(1, 1, 2, 0, 0, 0);
165         wprintf("<div id=\"login_screen\">\n");
166
167         stresc(buf, sizeof buf, claimed_id, 0, 0);
168         svprintf(HKEY("VERIFIED"), WCS_STRING, _("Your OpenID <tt>%s</tt> was successfully verified."),
169                 claimed_id);
170         svput("CLAIMED_ID", WCS_STRING, claimed_id);
171
172
173         if (!IsEmptyStr(username)) {
174                 stresc(buf, sizeof buf, username, 0, 0);
175                 svprintf(HKEY("REASON"), WCS_STRING,
176                         _("However, the user name '%s' conflicts with an existing user."), username);
177         }
178         else {
179                 svput("REASON", WCS_STRING, "");
180         }
181
182         svput("ACTION_REQUESTED", WCS_STRING, _("Please specify the user name you would like to use."));
183
184         svput("USERNAME_BOX", WCS_STRING, _("User name:"));
185         svput("NEWUSER_BUTTON", WCS_STRING, _("New User"));
186         svput("EXIT_BUTTON", WCS_STRING, _("Exit"));
187
188         svprintf(HKEY("BOXTITLE"), WCS_STRING, _("%s - powered by <a href=\"http://www.citadel.org\">Citadel</a>"),
189                 serv_info.serv_humannode);
190
191         do_template("openid_manual_create");
192         wDumpContent(2);
193 }
194
195
196
197 /* Initialize the session
198  *
199  * This function needs to get called whenever the session changes from
200  * not-logged-in to logged-in, either by an explicit login by the user or
201  * by a timed-out session automatically re-establishing with a little help
202  * from the browser cookie.  Either way, we need to load access controls and
203  * preferences from the server.
204  *
205  * user                 the username
206  * pass                 his password
207  * serv_response        The parameters returned from a Citadel USER or NEWU command
208  */
209 void become_logged_in(char *user, char *pass, char *serv_response)
210 {
211         char buf[SIZ];
212
213         WC->logged_in = 1;
214         extract_token(WC->wc_fullname, &serv_response[4], 0, '|', sizeof WC->wc_fullname);
215         safestrncpy(WC->wc_username, user, sizeof WC->wc_username);
216         safestrncpy(WC->wc_password, pass, sizeof WC->wc_password);
217         WC->axlevel = extract_int(&serv_response[4], 1);
218         if (WC->axlevel >= 6) {
219                 WC->is_aide = 1;
220         }
221
222         load_preferences();
223
224         serv_puts("CHEK");
225         serv_getln(buf, sizeof buf);
226         if (buf[0] == '2') {
227                 WC->new_mail = extract_int(&buf[4], 0);
228                 WC->need_regi = extract_int(&buf[4], 1);
229                 WC->need_vali = extract_int(&buf[4], 2);
230                 extract_token(WC->cs_inet_email, &buf[4], 3, '|', sizeof WC->cs_inet_email);
231         }
232
233         get_pref_long("current_iconbar", &WC->current_iconbar, current_iconbar_menu);
234
235         get_preference("floordiv_expanded", &WC->floordiv_expanded);
236 }
237
238
239 /* 
240  * Perform authentication using a user name and password
241  */
242 void do_login(void)
243 {
244         char buf[SIZ];
245
246         if (havebstr("language")) {
247                 set_selected_language(bstr("language"));
248                 go_selected_language();
249         }
250
251         if (havebstr("exit_action")) {
252                 do_logout();
253                 return;
254         }
255         if (havebstr("login_action")) {
256                 serv_printf("USER %s", bstr("name"));
257                 serv_getln(buf, sizeof buf);
258                 if (buf[0] == '3') {
259                         serv_printf("PASS %s", bstr("pass"));
260                         serv_getln(buf, sizeof buf);
261                         if (buf[0] == '2') {
262                                 become_logged_in(bstr("name"), bstr("pass"), buf);
263                         } else {
264                                 display_login(&buf[4]);
265                                 return;
266                         }
267                 } else {
268                         display_login(&buf[4]);
269                         return;
270                 }
271         }
272         if (havebstr("newuser_action")) {
273                 if (!havebstr("pass")) {
274                         display_login(_("Blank passwords are not allowed."));
275                         return;
276                 }
277                 serv_printf("NEWU %s", bstr("name"));
278                 serv_getln(buf, sizeof buf);
279                 if (buf[0] == '2') {
280                         become_logged_in(bstr("name"), bstr("pass"), buf);
281                         serv_printf("SETP %s", bstr("pass"));
282                         serv_getln(buf, sizeof buf);
283                 } else {
284                         display_login(&buf[4]);
285                         return;
286                 }
287         }
288         if (WC->logged_in) {
289                 if (WC->need_regi) {
290                         display_reg(1);
291                 } else if (WC->need_vali) {
292                         validate();
293                 } else {
294                         do_welcome();
295                 }
296         } else {
297                 display_login(_("Your password was not accepted."));
298         }
299
300 }
301
302 /* 
303  * Try to create an account manually after an OpenID was verified
304  */
305 void openid_manual_create(void)
306 {
307         if (havebstr("exit_action")) {
308                 do_logout();
309                 return;
310         }
311
312         char buf[1024];
313         if (havebstr("newuser_action")) {
314                 serv_printf("OIDC %s", bstr("name"));
315                 serv_getln(buf, sizeof buf);
316                 if (buf[0] == '2') {
317                         char gpass[1024] = "";
318                         serv_puts("SETP GENERATE_RANDOM_PASSWORD");
319                         serv_getln(gpass, sizeof gpass);
320                         become_logged_in(bstr("name"), &gpass[4], buf);
321                 }
322         }
323
324         if (WC->logged_in) {
325                 if (WC->need_regi) {
326                         display_reg(1);
327                 } else if (WC->need_vali) {
328                         validate();
329                 } else {
330                         do_welcome();
331                 }
332         } else {
333                 display_openid_name_request(bstr("openid_url"), bstr("name"));
334         }
335
336 }
337
338
339 /* 
340  * Perform authentication using OpenID
341  * assemble the checkid_setup request and then redirect to the user's identity provider
342  */
343 void do_openid_login(void)
344 {
345         char buf[4096];
346
347         if (havebstr("language")) {
348                 set_selected_language(bstr("language"));
349                 go_selected_language();
350         }
351
352         if (havebstr("exit_action")) {
353                 do_logout();
354                 return;
355         }
356         if (havebstr("login_action")) {
357                 snprintf(buf, sizeof buf,
358                         "OIDS %s|%s://%s/finalize_openid_login|%s://%s",
359                         bstr("openid_url"),
360                         (is_https ? "https" : "http"), WC->http_host,
361                         (is_https ? "https" : "http"), WC->http_host
362                 );
363
364                 serv_puts(buf);
365                 serv_getln(buf, sizeof buf);
366                 if (buf[0] == '2') {
367                         lprintf(CTDL_DEBUG, "OpenID server contacted; redirecting to %s\n", &buf[4]);
368                         http_redirect(&buf[4]);
369                         return;
370                 }
371                 else {
372                         display_openid_login(&buf[4]);
373                         return;
374                 }
375         }
376
377         /* If we get to this point then something failed. */
378         display_openid_login(_("Your password was not accepted."));
379 }
380
381 /* 
382  * Complete the authentication using OpenID
383  * This function handles the positive or negative assertion from the user's Identity Provider
384  */
385 void finalize_openid_login(void)
386 {
387         char buf[1024];
388         struct wcsession *WCC = WC;
389         int already_logged_in = (WCC->logged_in) ;
390         int linecount = 0;
391         char result[128] = "";
392         char username[128] = "";
393         char password[128] = "";
394         char logged_in_response[1024] = "";
395         char claimed_id[1024] = "";
396
397         if (havebstr("openid.mode")) {
398                 if (!strcasecmp(bstr("openid.mode"), "id_res")) {
399
400                         serv_puts("OIDF");
401                         serv_getln(buf, sizeof buf);
402
403                         if (buf[0] == '8') {
404                                 urlcontent *u;
405                                 void *U;
406                                 long HKLen;
407                                 char *HKey;
408                                 HashPos *Cursor;
409                                 
410                                 Cursor = GetNewHashPos ();
411                                 while (GetNextHashPos(WCC->urlstrings, Cursor, &HKLen, &HKey, &U)) {
412                                         u = (urlcontent*) U;
413                                         if (!strncasecmp(u->url_key, "openid.", 7)) {
414                                                 serv_printf("%s|%s", &u->url_key[7], u->url_data);
415                                         }
416                                 }
417
418                                 serv_puts("000");
419
420                                 linecount = 0;
421                                 while (serv_getln(buf, sizeof buf), strcmp(buf, "000")) {
422                                         if (linecount == 0) safestrncpy(result, buf, sizeof result);
423                                         if (!strcasecmp(result, "authenticate")) {
424                                                 if (linecount == 1) {
425                                                         safestrncpy(username, buf, sizeof username);
426                                                 }
427                                                 else if (linecount == 2) {
428                                                         safestrncpy(password, buf, sizeof password);
429                                                 }
430                                                 else if (linecount == 3) {
431                                                         safestrncpy(logged_in_response, buf,
432                                                                 sizeof logged_in_response);
433                                                 }
434                                         }
435                                         else if (!strcasecmp(result, "verify_only")) {
436                                                 if (linecount == 1) {
437                                                         safestrncpy(claimed_id, buf, sizeof claimed_id);
438                                                 }
439                                                 if (linecount == 2) {
440                                                         safestrncpy(username, buf, sizeof username);
441                                                 }
442                                         }
443                                         ++linecount;
444                                 }
445                         }
446                 }
447         }
448
449         /* If we were already logged in, this was an attempt to associate an OpenID account */
450         if (already_logged_in) {
451                 display_openids();
452                 return;
453         }
454
455         /* If this operation logged us in, either by connecting with an existing account or by
456          * auto-creating one using Simple Registration Extension, we're already on our way.
457          */
458         if (!strcasecmp(result, "authenticate")) {
459                 become_logged_in(username, password, logged_in_response);
460         }
461
462         /* The specified OpenID was verified but the desired user name was either not specified via SRI
463          * or conflicts with an existing user.  Either way the user will need to specify a new name.
464          */
465
466         else if (!strcasecmp(result, "verify_only")) {
467                 display_openid_name_request(claimed_id, username);
468         }
469
470         /* Did we manage to log in?  If so, continue with the normal flow... */
471         if (WC->logged_in) {
472                 if (WC->need_regi) {
473                         display_reg(1);
474                 } else {
475                         do_welcome();
476                 }
477         } else {
478                 display_openid_login(_("Your password was not accepted."));
479         }
480
481 }
482
483
484 /*
485  * Display a welcome screen to the user.
486  *
487  * If this is the first time login, and the web based setup is enabled, 
488  * lead the user through the setup routines
489  */
490 void do_welcome(void)
491 {
492         StrBuf *Buf;
493 #ifdef XXX_NOT_FINISHED_YET_XXX
494         FILE *fp;
495         int i;
496
497         /**
498          * See if we have to run the first-time setup wizard
499          */
500         if (WC->is_aide) {
501                 if (!setup_wizard) {
502                         int len;
503                         sprintf(wizard_filename, "setupwiz.%s.%s",
504                                 ctdlhost, ctdlport);
505                         len = strlen(wizard_filename);
506                         for (i=0; i<len; ++i) {
507                                 if (    (wizard_filename[i]==' ')
508                                         || (wizard_filename[i] == '/')
509                                 ) {
510                                         wizard_filename[i] = '_';
511                                 }
512                         }
513         
514                         fp = fopen(wizard_filename, "r");
515                         if (fp != NULL) {
516                                 fgets(buf, sizeof buf, fp);
517                                 buf[strlen(buf)-1] = 0;
518                                 fclose(fp);
519                                 if (atoi(buf) == serv_info.serv_rev_level) {
520                                         setup_wizard = 1; /**< already run */
521                                 }
522                         }
523                 }
524
525                 if (!setup_wizard) {
526                         http_redirect("setup_wizard");
527                 }
528         }
529 #endif
530
531         /*
532          * Go to the user's preferred start page
533          */
534         if (!get_preference("startpage", &Buf)) {
535                 Buf = NewStrBuf ();
536                 StrBufPrintf(Buf, "dotskip&room=_BASEROOM_");
537                 set_preference("startpage", Buf, 1);
538         }
539         if (ChrPtr(Buf)[0] == '/') {
540                 StrBufCutLeft(Buf, 1);
541         }
542         http_redirect(ChrPtr(Buf));
543 }
544
545
546 /*
547  * Disconnect from the Citadel server, and end this WebCit session
548  */
549 void end_webcit_session(void) {
550         
551         if (WC->logged_in) {
552                 set_pref_long("current_iconbar", WC->current_iconbar, 0);
553                 set_preference("floordiv_expanded", WC->floordiv_expanded, 1);
554         }
555
556         serv_puts("QUIT");
557         WC->killthis = 1;
558         /* close() of citadel socket will be done by do_housekeeping() */
559 }
560
561 /* 
562  * execute the logout
563  */
564 void do_logout(void)
565 {
566         char buf[SIZ];
567
568         safestrncpy(WC->wc_username, "", sizeof WC->wc_username);
569         safestrncpy(WC->wc_password, "", sizeof WC->wc_password);
570         safestrncpy(WC->wc_roomname, "", sizeof WC->wc_roomname);
571         safestrncpy(WC->wc_fullname, "", sizeof WC->wc_fullname);
572
573         /** Calling output_headers() this way causes the cookies to be un-set */
574         output_headers(1, 1, 0, 1, 0, 0);
575
576         wprintf("<div id=\"logout_screen\">");
577         wprintf("<div class=\"box\">");
578         wprintf("<div class=\"boxlabel\">");
579         wprintf(_("Log off"));
580         wprintf("</div><div class=\"boxcontent\">");    
581         serv_puts("MESG goodbye");
582         serv_getln(buf, sizeof buf);
583
584         if (WC->serv_sock >= 0) {
585                 if (buf[0] == '1') {
586                         fmout("CENTER");
587                 } else {
588                         wprintf("Goodbye\n");
589                 }
590         }
591         else {
592                 wprintf(_("This program was unable to connect or stay "
593                         "connected to the Citadel server.  Please report "
594                         "this problem to your system administrator.")
595                 );
596                 wprintf("<a href=\"http://www.citadel.org/doku.php/"
597                         "faq:mastering_your_os:net#netstat\">%s</a>", 
598                         _("Read More..."));
599         }
600
601         wprintf("<hr /><div class=\"buttons\"> "
602                 "<span class=\"button_link\"><a href=\".\">");
603         wprintf(_("Log in again"));
604         wprintf("</a></span>&nbsp;&nbsp;&nbsp;<span class=\"button_link\">"
605                 "<a href=\"javascript:window.close();\">");
606         wprintf(_("Close window"));
607         wprintf("</a></span></div></div></div></div>\n");
608         wDumpContent(2);
609         end_webcit_session();
610 }
611
612
613 /*
614  * validate new users
615  */
616 void validate(void)
617 {
618         char cmd[SIZ];
619         char user[SIZ];
620         char buf[SIZ];
621         int a;
622
623         output_headers(1, 1, 2, 0, 0, 0);
624         wprintf("<div id=\"banner\">\n");
625         wprintf("<h1>");
626         wprintf(_("Validate new users"));
627         wprintf("</h1>");
628         wprintf("</div>\n");
629
630         wprintf("<div id=\"content\" class=\"service\">\n");
631
632         /* If the user just submitted a validation, process it... */
633         safestrncpy(buf, bstr("user"), sizeof buf);
634         if (!IsEmptyStr(buf)) {
635                 if (havebstr("axlevel")) {
636                         serv_printf("VALI %s|%s", buf, bstr("axlevel"));
637                         serv_getln(buf, sizeof buf);
638                         if (buf[0] != '2') {
639                                 wprintf("<b>%s</b><br />\n", &buf[4]);
640                         }
641                 }
642         }
643
644         /* Now see if any more users require validation. */
645         serv_puts("GNUR");
646         serv_getln(buf, sizeof buf);
647         if (buf[0] == '2') {
648                 wprintf("<b>");
649                 wprintf(_("No users require validation at this time."));
650                 wprintf("</b><br />\n");
651                 wDumpContent(1);
652                 return;
653         }
654         if (buf[0] != '3') {
655                 wprintf("<b>%s</b><br />\n", &buf[4]);
656                 wDumpContent(1);
657                 return;
658         }
659
660         wprintf("<div class=\"fix_scrollbar_bug\">"
661                 "<table class=\"auth_validate\"><tr><td>\n");
662         wprintf("<center>");
663
664         safestrncpy(user, &buf[4], sizeof user);
665         serv_printf("GREG %s", user);
666         serv_getln(cmd, sizeof cmd);
667         if (cmd[0] == '1') {
668                 a = 0;
669                 do {
670                         serv_getln(buf, sizeof buf);
671                         ++a;
672                         if (a == 1)
673                                 wprintf("#%s<br /><H1>%s</H1>",
674                                         buf, &cmd[4]);
675                         if (a == 2) {
676                                 char *pch;
677                                 int haveChar = 0;
678                                 int haveNum = 0;
679                                 int haveOther = 0;
680                                 int count = 0;
681                                 pch = buf;
682                                 while (!IsEmptyStr(pch))
683                                 {
684                                         if (isdigit(*pch))
685                                                 haveNum = 1;
686                                         else if (isalpha(*pch))
687                                                 haveChar = 1;
688                                         else
689                                                 haveOther = 1;
690                                         pch ++;
691                                 }
692                                 count = pch - buf;
693                                 if (count > 7)
694                                         count = 0;
695                                 switch (count){
696                                 case 0:
697                                         pch = _("very weak");
698                                         break;
699                                 case 1:
700                                         pch = _("weak");
701                                         break;
702                                 case 2:
703                                         pch = _("ok");
704                                         break;
705                                 case 3:
706                                 default:
707                                         pch = _("strong");
708                                 }
709
710                                 wprintf("PW: %s<br />\n", pch);
711                         }
712                         if (a == 3)
713                                 wprintf("%s<br />\n", buf);
714                         if (a == 4)
715                                 wprintf("%s<br />\n", buf);
716                         if (a == 5)
717                                 wprintf("%s, ", buf);
718                         if (a == 6)
719                                 wprintf("%s ", buf);
720                         if (a == 7)
721                                 wprintf("%s<br />\n", buf);
722                         if (a == 8)
723                                 wprintf("%s<br />\n", buf);
724                         if (a == 9)
725                                 wprintf(_("Current access level: %d (%s)\n"),
726                                         atoi(buf), axdefs[atoi(buf)]);
727                 } while (strcmp(buf, "000"));
728         } else {
729                 wprintf("<H1>%s</H1>%s<br />\n", user, &cmd[4]);
730         }
731
732         wprintf("<hr />");
733         wprintf(_("Select access level for this user:"));
734         wprintf("<br />\n");
735         for (a = 0; a <= 6; ++a) {
736                 wprintf("<a href=\"validate?nonce=%d?user=", WC->nonce);
737                 urlescputs(user);
738                 wprintf("&axlevel=%d\">%s</A>&nbsp;&nbsp;&nbsp;\n",
739                         a, axdefs[a]);
740         }
741         wprintf("<br />\n");
742
743         wprintf("</CENTER>\n");
744         wprintf("</td></tr></table></div>\n");
745         wDumpContent(1);
746 }
747
748
749
750 /*
751  * Display form for registration.
752  *
753  * (Set during_login to 1 if this registration is being performed during
754  * new user login and will require chaining to the proper screen.)
755  */
756 void display_reg(int during_login)
757 {
758         long vcard_msgnum;
759
760         if (goto_config_room() != 0) {
761                 if (during_login) do_welcome();
762                 else display_main_menu();
763                 return;
764         }
765
766         vcard_msgnum = locate_user_vcard(WC->wc_fullname, -1);
767         if (vcard_msgnum < 0L) {
768                 if (during_login) do_welcome();
769                 else display_main_menu();
770                 return;
771         }
772
773         if (during_login) {
774                 do_edit_vcard(vcard_msgnum, "1", "do_welcome", USERCONFIGROOM);
775         }
776         else {
777                 do_edit_vcard(vcard_msgnum, "1", "display_main_menu", USERCONFIGROOM);
778         }
779
780 }
781
782
783
784
785 /*
786  * display form for changing your password
787  */
788 void display_changepw(void)
789 {
790         char buf[SIZ];
791
792         output_headers(1, 1, 1, 0, 0, 0);
793
794         svput("BOXTITLE", WCS_STRING, _("Change your password"));
795         do_template("beginbox");
796
797         if (!IsEmptyStr(WC->ImportantMessage)) {
798                 wprintf("<span class=\"errormsg\">"
799                         "%s</span><br />\n", WC->ImportantMessage);
800                 safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage);
801         }
802
803         serv_puts("MESG changepw");
804         serv_getln(buf, sizeof buf);
805         if (buf[0] == '1') {
806                 fmout("CENTER");
807         }
808
809         wprintf("<form name=\"changepwform\" action=\"changepw\" method=\"post\">\n");
810         wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%d\">\n", WC->nonce);
811         wprintf("<table class=\"altern\" ");
812         wprintf("<tr class=\"even\"><td>");
813         wprintf(_("Enter new password:"));
814         wprintf("</td><td>");
815         wprintf("<input type=\"password\" name=\"newpass1\" value=\"\" maxlength=\"20\"></td></tr>\n");
816         wprintf("<tr class=\"odd\"><td>");
817         wprintf(_("Enter it again to confirm:"));
818         wprintf("</td><td>");
819         wprintf("<input type=\"password\" name=\"newpass2\" value=\"\" maxlength=\"20\"></td></tr>\n");
820         wprintf("</table>\n");
821
822         wprintf("<div class=\"buttons\">\n");
823         wprintf("<input type=\"submit\" name=\"change_action\" value=\"%s\">", _("Change password"));
824         wprintf("&nbsp;");
825         wprintf("<input type=\"submit\" name=\"cancel_action\" value=\"%s\">\n", _("Cancel"));
826         wprintf("</div>\n");
827         wprintf("</form>\n");
828
829         do_template("endbox");
830         wDumpContent(1);
831 }
832
833 /*
834  * change password
835  * if passwords match, propagate it to citserver.
836  */
837 void changepw(void)
838 {
839         char buf[SIZ];
840         char newpass1[32], newpass2[32];
841
842         if (!havebstr("change_action")) {
843                 safestrncpy(WC->ImportantMessage, 
844                         _("Cancelled.  Password was not changed."),
845                         sizeof WC->ImportantMessage);
846                 display_main_menu();
847                 return;
848         }
849
850         safestrncpy(newpass1, bstr("newpass1"), sizeof newpass1);
851         safestrncpy(newpass2, bstr("newpass2"), sizeof newpass2);
852
853         if (strcasecmp(newpass1, newpass2)) {
854                 safestrncpy(WC->ImportantMessage, 
855                         _("They don't match.  Password was not changed."),
856                         sizeof WC->ImportantMessage);
857                 display_changepw();
858                 return;
859         }
860
861         if (IsEmptyStr(newpass1)) {
862                 safestrncpy(WC->ImportantMessage, 
863                         _("Blank passwords are not allowed."),
864                         sizeof WC->ImportantMessage);
865                 display_changepw();
866                 return;
867         }
868
869         serv_printf("SETP %s", newpass1);
870         serv_getln(buf, sizeof buf);
871         sprintf(WC->ImportantMessage, "%s", &buf[4]);
872         if (buf[0] == '2') {
873                 safestrncpy(WC->wc_password, buf, sizeof WC->wc_password);
874                 display_main_menu();
875         }
876         else {
877                 display_changepw();
878         }
879 }
880
881 void _display_openid_login(void) {display_openid_login(NULL);}
882 void _display_reg(void) {display_reg(0);}
883
884
885 void 
886 InitModule_AUTH
887 (void)
888 {
889         WebcitAddUrlHandler(HKEY("do_welcome"), do_welcome, ANONYMOUS);
890         WebcitAddUrlHandler(HKEY("login"), do_login, ANONYMOUS);
891         WebcitAddUrlHandler(HKEY("display_openid_login"), _display_openid_login, ANONYMOUS);
892         WebcitAddUrlHandler(HKEY("openid_login"), do_openid_login, ANONYMOUS);
893         WebcitAddUrlHandler(HKEY("finalize_openid_login"), finalize_openid_login, ANONYMOUS);
894         WebcitAddUrlHandler(HKEY("openid_manual_create"), openid_manual_create, ANONYMOUS);
895         WebcitAddUrlHandler(HKEY("do_logout"), do_logout, 0);
896         WebcitAddUrlHandler(HKEY("validate"), validate, 0);
897         WebcitAddUrlHandler(HKEY("display_reg"), _display_reg, 0);
898         WebcitAddUrlHandler(HKEY("display_changepw"), display_changepw, 0);
899         WebcitAddUrlHandler(HKEY("changepw"), changepw, 0);
900         WebcitAddUrlHandler(HKEY("termquit"), do_logout, 0);
901         return ;
902 }