webcit/auth.c

   1 /*
   2  * auth.c
   3  *
   4  * This file contains code which relates to authentication of users to Citadel.
   5  *
   6  * $Id$
   7  */
   8
   9 #include <stdlib.h>
  10 #ifdef HAVE_UNISTD_H
  11 #include <unistd.h>
  12 #endif
  13 #include <stdio.h>
  14 #include <ctype.h>
  15 #include <string.h>
  16 #include <errno.h>
  17 #include "webcit.h"
  18 #include "child.h"
  19
  20 char *axdefs[] = {
  21         "Deleted",
  22         "New User",
  23         "Problem User",
  24         "Local User",
  25         "Network User",
  26         "Preferred User",
  27         "Aide"
  28         };
  29
  30 /*
  31  * Display the login screen
  32  */
  33 void display_login(char *mesg) {
  34         char buf[256];
  35
  36         printf("HTTP/1.0 200 OK\n");
  37         output_headers(1);
  38
  39         /* Da banner */
  40         wprintf("<CENTER><TABLE border=0 width=100%><TR><TD>\n");
  41         wprintf("<IMG SRC=\"/image&name=hello\">");
  42         wprintf("</TD><TD><CENTER>\n");
  43
  44         if (mesg != NULL) {
  45                 wprintf("<font size=+1><b>%s</b></font>", mesg);
  46                 }
  47         else {
  48                 serv_puts("MESG hello");
  49                 serv_gets(buf);
  50                 if (buf[0]=='1') fmout(NULL);
  51                 }
  52
  53         wprintf("</CENTER></TD></TR></TABLE></CENTER>\n");
  54         wprintf("<HR>\n");
  55
  56         /* Da login box */
  57         wprintf("<CENTER><FORM ACTION=\"/login\" METHOD=\"POST\">\n");
  58         wprintf("<TABLE border><TR>\n");
  59         wprintf("<TD>User Name:</TD>\n");
  60         wprintf("<TD><INPUT TYPE=\"text\" NAME=\"name\" MAXLENGTH=\"25\">\n");
  61         wprintf("</TD></TR><TR>\n");
  62         wprintf("<TD>Password:</TD>\n");
  63         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"pass\" MAXLENGTH=\"20\"></TD>\n");
  64         wprintf("</TR></TABLE>\n");
  65         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Login\">\n");
  66         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"New User\">\n");
  67         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Exit\">\n");
  68         wprintf("</FORM></CENTER>\n");
  69
  70         /* Da instructions */
  71         wprintf("<LI><EM>If you already have an account on %s,",
  72                 serv_info.serv_humannode);
  73         wprintf("</EM> enter your user name\n");
  74         wprintf("and password and click \"<TT>Login</TT>.\"<BR>\n");
  75         wprintf("<LI><EM>If you are a new user,</EM>\n");
  76         wprintf("enter the name and password you wish to use, and click\n");
  77         wprintf("\"New User.\"<BR><LI>");
  78         wprintf("<EM>Please log off properly when finished.</EM>");
  79         wprintf("<LI>You must use a browser that supports <i>frames</i> ");
  80         wprintf("and <i>cookies</i>.\n");
  81         wprintf("</EM></UL>\n");
  82
  83         wprintf("</BODY></HTML>\n");
  84         wDumpContent();
  85         }
  86
  87
  88
  89
  90 /*
  91  * This function needs to get called whenever a PASS or NEWU succeeds
  92  */
  93 void become_logged_in(char *user, char *pass, char *serv_response) {
  94         logged_in = 1;
  95         extract(wc_username, &serv_response[4], 0);
  96         strcpy(wc_password, pass);
  97         axlevel = extract_int(&serv_response[4], 1);
  98         if (axlevel >=6) is_aide = 1;
  99         }
 100
 101
 102 void do_login(void) {
 103         char buf[256];
 104
 105         if (!strcasecmp(bstr("action"), "Exit")) {
 106                 do_logout();
 107                 }
 108
 109         if (!strcasecmp(bstr("action"), "Login")) {
 110                 serv_printf("USER %s", bstr("name"));
 111                 serv_gets(buf);
 112                 if (buf[0]=='3') {
 113                         serv_printf("PASS %s", bstr("pass"));
 114                         serv_gets(buf);
 115                         if (buf[0]=='2') {
 116                                 become_logged_in(bstr("name"),
 117                                         bstr("pass"), buf);
 118                                 }
 119                         else {
 120                                 display_login(&buf[4]);
 121                                 return;
 122                                 }
 123                         }
 124                 else {
 125                         display_login(&buf[4]);
 126                         return;
 127                         }
 128                 }
 129
 130         if (!strcasecmp(bstr("action"), "New User")) {
 131                 serv_printf("NEWU %s", bstr("name"));
 132                 serv_gets(buf);
 133                 if (buf[0]=='2') {
 134                         become_logged_in(bstr("name"), bstr("pass"), buf);
 135                         serv_printf("SETP %s", bstr("pass"));
 136                         serv_gets(buf);
 137                         }
 138                 else {
 139                         display_login(&buf[4]);
 140                         return;
 141                         }
 142                 }
 143
 144         if (logged_in) {
 145                 output_static("frameset.html");
 146                 }
 147         else {
 148                 display_login("Your password was not accepted.");
 149                 }
 150
 151         }
 152
 153 void do_welcome(void) {
 154         printf("HTTP/1.0 200 OK\n");
 155         output_headers(1);
 156         wprintf("<CENTER><H1>");
 157         escputs(wc_username);
 158         wprintf("</H1>\n");
 159         /* FIX add user stats here */
 160
 161         wprintf("<HR>");
 162         /* FIX  ---  what should we put here?  the main menu,
 163          * or new messages in the lobby?
 164          */
 165         embed_main_menu();
 166
 167         wprintf("</BODY></HTML>\n");
 168         wDumpContent();
 169         }
 170
 171
 172 void do_logout(void) {
 173         char buf[256];
 174
 175         strcpy(wc_username, "");
 176         strcpy(wc_password, "");
 177         strcpy(wc_roomname, "");
 178         strcpy(wc_host, "");
 179         strcpy(wc_port, "");
 180
 181         printf("HTTP/1.0 200 OK\n");
 182         printf("X-WebCit-Session: close\n");
 183         output_headers(1);
 184
 185         wprintf("<CENTER>");
 186         serv_puts("MESG goodbye");
 187         serv_gets(buf);
 188
 189         if (buf[0]=='1') fmout(NULL);
 190         else wprintf("Goodbye\n");
 191
 192         wprintf("<HR><A HREF=\"/\">Log in again</A>\n");
 193
 194         wprintf("</CENTER></BODY></HTML>\n");
 195         wDumpContent();
 196         serv_puts("QUIT");
 197         exit(0);
 198         }
 199
 200
 201
 202
 203
 204 /*
 205  * validate new users
 206  */
 207 void validate(void) {
 208         char cmd[256];
 209         char user[256];
 210         char buf[256];
 211         int a;
 212
 213         printf("HTTP/1.0 200 OK\n");
 214         output_headers(1);
 215
 216         strcpy(buf,bstr("user"));
 217         if (strlen(buf)>0) if (strlen(bstr("axlevel"))>0) {
 218                 serv_printf("VALI %s|%s",buf,bstr("axlevel"));
 219                 serv_gets(buf);
 220                 if (buf[0]!='2') {
 221                         wprintf("<EM>%s</EM><BR>\n", &buf[4]);
 222                         }
 223                 }
 224
 225         serv_puts("GNUR");
 226         serv_gets(buf);
 227
 228         if (buf[0]!='3') {
 229                 wprintf("<EM>%s</EM><BR></BODY></HTML>\n", &buf[4]);
 230                 wDumpContent();
 231                 return;
 232                 }
 233
 234         strcpy(user,&buf[4]);
 235         serv_printf("GREG %s",user);
 236         serv_gets(cmd);
 237         if (cmd[0]=='1') {
 238                 a = 0;
 239                 do {
 240                         serv_gets(buf);
 241                         ++a;
 242                         if (a==1) wprintf("User #%s<BR><H1>%s</H1>",
 243                                 buf,&cmd[4]);
 244                         if (a==2) wprintf("PW: %s<BR>\n",buf);
 245                         if (a==3) wprintf("%s<BR>\n",buf);
 246                         if (a==4) wprintf("%s<BR>\n",buf);
 247                         if (a==5) wprintf("%s, ",buf);
 248                         if (a==6) wprintf("%s ",buf);
 249                         if (a==7) wprintf("%s<BR>\n",buf);
 250                         if (a==8) wprintf("%s<BR>\n",buf);
 251                         if (a==9) wprintf("Current access level: %d (%s)\n",
 252                                 atoi(buf),axdefs[atoi(buf)]);
 253                         } while(strcmp(buf,"000"));
 254                 }
 255         else {
 256                 wprintf("<H1>%s</H1>%s<BR>\n",user,&cmd[4]);
 257                 }
 258
 259         wprintf("<CENTER><TABLE border><CAPTION>Select access level:");
 260         wprintf("</CAPTION><TR>");
 261         for (a=0; a<=6; ++a) {
 262                 wprintf(
 263                 "<TD><A HREF=\"/validate&user=%s&axlevel=%d\">%s</A></TD>\n",
 264                         urlesc(user), a, axdefs[a]);
 265                 }
 266         wprintf("</TR></TABLE><CENTER><BR>\n");
 267         wDumpContent();
 268         }