]> code.citadel.org Git - citadel.git/blob - webcit/auth.c
projects / citadel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fixed stuff
[citadel.git] / webcit / auth.c
1 /*
2  * auth.c
3  *
4  * This file contains code which relates to authentication of users to Citadel.
5  *
6  * $Id$
7  */
8
9 #include <stdlib.h>
10 #ifdef HAVE_UNISTD_H
11 #include <unistd.h>
12 #endif
13 #include <stdio.h>
14 #include <ctype.h>
15 #include <string.h>
16 #include <errno.h>
17 #include "webcit.h"
18 #include "child.h"
19
20 char *axdefs[] =
21 {
22         "Deleted",
23         "New User",
24         "Problem User",
25         "Local User",
26         "Network User",
27         "Preferred User",
28         "Aide"
29 };
30
31 /*
32  * Display the login screen
33  */
34 void display_login(char *mesg)
35 {
36         char buf[256];
37
38         printf("HTTP/1.0 200 OK\n");
39         output_headers(1, "_top");
40
41         /* Da banner */
42         wprintf("<CENTER><TABLE border=0 width=100%><TR><TD>\n");
43         wprintf("<IMG SRC=\"/image&name=hello\">");
44         wprintf("</TD><TD><CENTER>\n");
45
46         if (mesg != NULL) {
47                 wprintf("<font size=+1><b>%s</b></font>", mesg);
48         } else {
49                 serv_puts("MESG hello");
50                 serv_gets(buf);
51                 if (buf[0] == '1')
52                         fmout(NULL);
53         }
54
55         wprintf("</CENTER></TD></TR></TABLE></CENTER>\n");
56         wprintf("<HR>\n");
57
58         /* Da login box */
59         wprintf("<CENTER><FORM ACTION=\"/login\" METHOD=\"POST\">\n");
60         wprintf("<TABLE border><TR>\n");
61         wprintf("<TD>User Name:</TD>\n");
62         wprintf("<TD><INPUT TYPE=\"text\" NAME=\"name\" MAXLENGTH=\"25\">\n");
63         wprintf("</TD></TR><TR>\n");
64         wprintf("<TD>Password:</TD>\n");
65         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"pass\" MAXLENGTH=\"20\"></TD>\n");
66         wprintf("</TR></TABLE>\n");
67         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Login\">\n");
68         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"New User\">\n");
69         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Exit\">\n");
70
71         /* Only offer the "check to disable frames" selection if frames haven't
72          * already been disabled by the browser braindamage check.
73          */
74         if (noframes == 0) {
75                 wprintf("<BR><INPUT TYPE=\"checkbox\" NAME=\"noframes\">");
76                 wprintf("<FONT SIZE=-1>&nbsp;Check here to disable frames</FONT>\n");
77                 wprintf("</FORM></CENTER>\n");
78         }
79
80         /* Da instructions */
81         wprintf("<LI><EM>If you already have an account on %s,",
82                 serv_info.serv_humannode);
83         wprintf("</EM> enter your user name\n");
84         wprintf("and password and click \"<TT>Login</TT>.\"<BR>\n");
85         wprintf("<LI><EM>If you are a new user,</EM>\n");
86         wprintf("enter the name and password you wish to use, and click\n");
87         wprintf("\"New User.\"<BR><LI>");
88         wprintf("<EM>Please log off properly when finished.</EM>");
89         wprintf("<LI>You must use a browser that supports <i>cookies</i>.<BR>\n");
90         wprintf("</EM></UL>\n");
91
92         wDumpContent(1);
93 }
94
95
96
97
98 /*
99  * This function needs to get called whenever a PASS or NEWU succeeds.
100  */
101 void become_logged_in(char *user, char *pass, char *serv_response)
102 {
103         logged_in = 1;
104         extract(wc_username, &serv_response[4], 0);
105         strcpy(wc_password, pass);
106         axlevel = extract_int(&serv_response[4], 1);
107         if (axlevel >= 6)
108                 is_aide = 1;
109 }
110
111
112 void do_login(void)
113 {
114         char buf[256];
115         int need_regi = 0;
116
117
118         /* Note that the initial value of noframes is set by the browser braindamage
119          * check, so don't add an "else" clause here.
120          */
121         if (!strcasecmp(bstr("noframes"), "on"))
122                 noframes = 1;
123
124         if (!strcasecmp(bstr("action"), "Exit")) {
125                 do_logout();
126         }
127         if (!strcasecmp(bstr("action"), "Login")) {
128                 serv_printf("USER %s", bstr("name"));
129                 serv_gets(buf);
130                 if (buf[0] == '3') {
131                         serv_printf("PASS %s", bstr("pass"));
132                         serv_gets(buf);
133                         if (buf[0] == '2') {
134                                 become_logged_in(bstr("name"),
135                                                  bstr("pass"), buf);
136                         } else {
137                                 display_login(&buf[4]);
138                                 return;
139                         }
140                 } else {
141                         display_login(&buf[4]);
142                         return;
143                 }
144         }
145         if (!strcasecmp(bstr("action"), "New User")) {
146                 serv_printf("NEWU %s", bstr("name"));
147                 serv_gets(buf);
148                 if (buf[0] == '2') {
149                         become_logged_in(bstr("name"), bstr("pass"), buf);
150                         serv_printf("SETP %s", bstr("pass"));
151                         serv_gets(buf);
152                 } else {
153                         display_login(&buf[4]);
154                         return;
155                 }
156         }
157         if (logged_in) {
158                 serv_puts("CHEK");
159                 serv_gets(buf);
160                 if (buf[0] == '2') {
161                         need_regi = extract_int(&buf[4], 1);
162                         /* FIX also check for new mail etc. here */
163                 }
164                 if (need_regi) {
165                         display_reg(1);
166                 } else {
167                         do_welcome();
168                 }
169         } else {
170                 display_login("Your password was not accepted.");
171         }
172
173 }
174
175 void do_welcome(void)
176 {
177
178         if (noframes) {
179                 printf("HTTP/1.0 200 OK\n");
180                 output_headers(1, "_top");
181                 wprintf("<CENTER><H1>");
182                 escputs(wc_username);
183                 wprintf("</H1>\n");
184                 /* FIX add user stats here */
185                 wDumpContent(1);
186         } else {
187                 output_static("frameset.html");
188         }
189 }
190
191
192 void do_logout(void)
193 {
194         char buf[256];
195
196         strcpy(wc_username, "");
197         strcpy(wc_password, "");
198         strcpy(wc_roomname, "");
199
200         printf("HTTP/1.0 200 OK\n");
201         output_headers(2, "_top");      /* note "2" causes cookies to be unset */
202
203         wprintf("<CENTER>");
204         serv_puts("MESG goodbye");
205         serv_gets(buf);
206
207         if (buf[0] == '1')
208                 fmout(NULL);
209         else
210                 wprintf("Goodbye\n");
211
212         wprintf("<HR><A HREF=\"/\">Log in again</A></CENTER>\n");
213         wDumpContent(2);
214         serv_puts("QUIT");
215         exit(0);
216 }
217
218
219
220
221
222 /* 
223  * validate new users
224  */
225 void validate(void)
226 {
227         char cmd[256];
228         char user[256];
229         char buf[256];
230         int a;
231
232         printf("HTTP/1.0 200 OK\n");
233         output_headers(1, "bottom");
234
235         strcpy(buf, bstr("user"));
236         if (strlen(buf) > 0)
237                 if (strlen(bstr("axlevel")) > 0) {
238                         serv_printf("VALI %s|%s", buf, bstr("axlevel"));
239                         serv_gets(buf);
240                         if (buf[0] != '2') {
241                                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
242                         }
243                 }
244         serv_puts("GNUR");
245         serv_gets(buf);
246
247         if (buf[0] != '3') {
248                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
249                 wDumpContent(1);
250                 return;
251         }
252         strcpy(user, &buf[4]);
253         serv_printf("GREG %s", user);
254         serv_gets(cmd);
255         if (cmd[0] == '1') {
256                 a = 0;
257                 do {
258                         serv_gets(buf);
259                         ++a;
260                         if (a == 1)
261                                 wprintf("User #%s<BR><H1>%s</H1>",
262                                         buf, &cmd[4]);
263                         if (a == 2)
264                                 wprintf("PW: %s<BR>\n", buf);
265                         if (a == 3)
266                                 wprintf("%s<BR>\n", buf);
267                         if (a == 4)
268                                 wprintf("%s<BR>\n", buf);
269                         if (a == 5)
270                                 wprintf("%s, ", buf);
271                         if (a == 6)
272                                 wprintf("%s ", buf);
273                         if (a == 7)
274                                 wprintf("%s<BR>\n", buf);
275                         if (a == 8)
276                                 wprintf("%s<BR>\n", buf);
277                         if (a == 9)
278                                 wprintf("Current access level: %d (%s)\n",
279                                         atoi(buf), axdefs[atoi(buf)]);
280                 } while (strcmp(buf, "000"));
281         } else {
282                 wprintf("<H1>%s</H1>%s<BR>\n", user, &cmd[4]);
283         }
284
285         wprintf("<CENTER><TABLE border><CAPTION>Select access level:");
286         wprintf("</CAPTION><TR>");
287         for (a = 0; a <= 6; ++a) {
288                 wprintf(
289                                "<TD><A HREF=\"/validate&user=%s&axlevel=%d\">%s</A></TD>\n",
290                                urlesc(user), a, axdefs[a]);
291         }
292         wprintf("</TR></TABLE><CENTER><BR>\n");
293         wDumpContent(1);
294 }
295
296
297
298
299
300
301 /* 
302  * Display form for registration.
303  * (Set during_login to 1 if this registration is being performed during
304  * new user login and will require chaining to the proper screen.)
305  */
306 void display_reg(int during_login)
307 {
308         char buf[256];
309         int a;
310
311         printf("HTTP/1.0 200 OK\n");
312         output_headers(1, "bottom");
313
314         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=007700><TR><TD>");
315         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
316         wprintf("<B>Enter registration info</B>\n");
317         wprintf("</FONT></TD></TR></TABLE>\n");
318
319         wprintf("<CENTER>");
320         serv_puts("MESG register");
321         serv_gets(buf);
322         if (buf[0] == '1')
323                 fmout(NULL);
324
325         wprintf("<FORM ACTION=\"/register\" METHOD=\"POST\">\n");
326         wprintf("<INPUT TYPE=\"hidden\" NAME=\"during_login\" VALUE=\"%d\">\n", during_login);
327
328         serv_puts("GREG _SELF_");
329         serv_gets(buf);
330         if (buf[0] != '1') {
331                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
332         } else {
333
334                 wprintf("<H1>%s</H1><TABLE border>\n", &buf[4]);
335                 a = 0;
336                 while (serv_gets(buf), strcmp(buf, "000")) {
337                         ++a;
338                         wprintf("<TR><TD>");
339                         switch (a) {
340                         case 3:
341                                 wprintf("Real Name:</TD><TD><INPUT TYPE=\"text\" NAME=\"realname\" VALUE=\"%s\" MAXLENGTH=\"29\"><BR>\n", buf);
342                                 break;
343                         case 4:
344                                 wprintf("Street Address:</TD><TD><INPUT TYPE=\"text\" NAME=\"address\" VALUE=\"%s\" MAXLENGTH=\"24\"><BR>\n", buf);
345                                 break;
346                         case 5:
347                                 wprintf("City/town:</TD><TD><INPUT TYPE=\"text\" NAME=\"city\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n", buf);
348                                 break;
349                         case 6:
350                                 wprintf("State/province:</TD><TD><INPUT TYPE=\"text\" NAME=\"state\" VALUE=\"%s\" MAXLENGTH=\"2\"><BR>\n", buf);
351                                 break;
352                         case 7:
353                                 wprintf("ZIP code:</TD><TD><INPUT TYPE=\"text\" NAME=\"zip\" VALUE=\"%s\" MAXLENGTH=\"10\"><BR>\n", buf);
354                                 break;
355                         case 8:
356                                 wprintf("Telephone:</TD><TD><INPUT TYPE=\"text\" NAME=\"phone\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n", buf);
357                                 break;
358                         case 9:
359                                 wprintf("E-Mail:</TD><TD><INPUT TYPE=\"text\" NAME=\"email\" VALUE=\"%s\" MAXLENGTH=\"31\"><BR>\n", buf);
360                                 break;
361                         }
362                         wprintf("</TD></TR>\n");
363                 }
364                 wprintf("</TABLE><P>");
365         }
366         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Register\">\n");
367         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
368         wprintf("</CENTER>\n");
369         wDumpContent(1);
370 }
371
372 /*
373  * register
374  */
375 void register_user(void)
376 {
377         char buf[256];
378
379         if (strcmp(bstr("action"), "Register")) {
380                 display_error("Cancelled.  Registration was not saved.");
381                 return;
382         }
383         serv_puts("REGI");
384         serv_gets(buf);
385         if (buf[0] != '4') {
386                 display_error(&buf[4]);
387         }
388         serv_puts(bstr("realname"));
389         serv_puts(bstr("address"));
390         serv_puts(bstr("city"));
391         serv_puts(bstr("state"));
392         serv_puts(bstr("zip"));
393         serv_puts(bstr("phone"));
394         serv_puts(bstr("email"));
395         serv_puts("000");
396
397         if (atoi(bstr("during_login"))) {
398                 do_welcome();
399         } else {
400                 display_error("Registration information has been saved.");
401         }
402 }
403
404
405
406
407
408 /* 
409  * display form for changing your password
410  */
411 void display_changepw(void)
412 {
413         char buf[256];
414
415         printf("HTTP/1.0 200 OK\n");
416         output_headers(1, "bottom");
417
418         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=770000><TR><TD>");
419         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
420         wprintf("<B>Change your password</B>\n");
421         wprintf("</FONT></TD></TR></TABLE>\n");
422
423         wprintf("<CENTER>");
424         serv_puts("MESG changepw");
425         serv_gets(buf);
426         if (buf[0] == '1')
427                 fmout(NULL);
428
429         wprintf("<FORM ACTION=\"changepw\" METHOD=\"POST\">\n");
430         wprintf("<CENTER><TABLE border><TR><TD>Enter new password:</TD>\n");
431         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass1\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
432         wprintf("<TR><TD>Enter it again to confirm:</TD>\n");
433         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass2\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
434         wprintf("</TABLE>\n");
435         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Change\">\n");
436         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
437         wprintf("</CENTER>\n");
438         wDumpContent(1);
439 }
440
441 /*
442  * change password
443  */
444 void changepw(void)
445 {
446         char buf[256];
447         char newpass1[32], newpass2[32];
448
449         if (strcmp(bstr("action"), "Change")) {
450                 display_error("Cancelled.  Password was not changed.");
451                 return;
452         }
453         strcpy(newpass1, bstr("newpass1"));
454         strcpy(newpass2, bstr("newpass2"));
455
456         if (strcasecmp(newpass1, newpass2)) {
457                 display_error("They don't match.  Password was not changed.");
458                 return;
459         }
460         serv_printf("SETP %s", newpass1);
461         serv_gets(buf);
462         if (buf[0] == '2')
463                 display_success(&buf[4]);
464         else
465                 display_error(&buf[4]);
466 }
Citadel server, clients, utilities