]> code.citadel.org Git - citadel.git/blob - webcit/auth.c
projects / citadel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
noframes switch
[citadel.git] / webcit / auth.c
1 /*
2  * auth.c
3  *
4  * This file contains code which relates to authentication of users to Citadel.
5  *
6  * $Id$
7  */
8
9 #include <stdlib.h>
10 #ifdef HAVE_UNISTD_H
11 #include <unistd.h>
12 #endif
13 #include <stdio.h>
14 #include <ctype.h>
15 #include <string.h>
16 #include <errno.h>
17 #include "webcit.h"
18 #include "child.h"
19
20 char *axdefs[] = {
21         "Deleted",
22         "New User",
23         "Problem User",
24         "Local User",
25         "Network User",
26         "Preferred User",
27         "Aide"
28         };
29
30 /*
31  * Display the login screen
32  */
33 void display_login(char *mesg) {
34         char buf[256];
35
36         printf("HTTP/1.0 200 OK\n");
37         output_headers(1, "_top");
38
39         /* Da banner */
40         wprintf("<CENTER><TABLE border=0 width=100%><TR><TD>\n");
41         wprintf("<IMG SRC=\"/image&name=hello\">");
42         wprintf("</TD><TD><CENTER>\n");
43
44         if (mesg != NULL) {
45                 wprintf("<font size=+1><b>%s</b></font>", mesg);
46                 }
47         else {
48                 serv_puts("MESG hello");
49                 serv_gets(buf);
50                 if (buf[0]=='1') fmout(NULL);
51                 }
52
53         wprintf("</CENTER></TD></TR></TABLE></CENTER>\n");
54         wprintf("<HR>\n");
55
56         /* Da login box */
57         wprintf("<CENTER><FORM ACTION=\"/login\" METHOD=\"POST\">\n");
58         wprintf("<TABLE border><TR>\n");
59         wprintf("<TD>User Name:</TD>\n");
60         wprintf("<TD><INPUT TYPE=\"text\" NAME=\"name\" MAXLENGTH=\"25\">\n");
61         wprintf("</TD></TR><TR>\n");
62         wprintf("<TD>Password:</TD>\n");
63         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"pass\" MAXLENGTH=\"20\"></TD>\n");
64         wprintf("</TR></TABLE>\n");
65         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Login\">\n");
66         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"New User\">\n");
67         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Exit\">\n");
68         
69         wprintf("<BR><INPUT TYPE=\"checkbox\" NAME=\"noframes\">");
70         wprintf("<FONT SIZE=-1>Check here to disable frames</FONT>\n");
71         wprintf("</FORM></CENTER>\n");
72
73         /* Da instructions */
74         wprintf("<LI><EM>If you already have an account on %s,",
75                 serv_info.serv_humannode);
76         wprintf("</EM> enter your user name\n");
77         wprintf("and password and click \"<TT>Login</TT>.\"<BR>\n");
78         wprintf("<LI><EM>If you are a new user,</EM>\n");
79         wprintf("enter the name and password you wish to use, and click\n");
80         wprintf("\"New User.\"<BR><LI>");
81         wprintf("<EM>Please log off properly when finished.</EM>");
82         wprintf("<LI>You must use a browser that supports <i>frames</i> ");
83         wprintf("and <i>cookies</i>.\n");
84         wprintf("</EM></UL>\n");
85
86         wprintf("</BODY></HTML>\n");
87         wDumpContent();
88         }
89
90
91
92
93 /*
94  * This function needs to get called whenever a PASS or NEWU succeeds.
95  */
96 void become_logged_in(char *user, char *pass, char *serv_response) {
97         logged_in = 1;
98         extract(wc_username, &serv_response[4], 0);
99         strcpy(wc_password, pass);
100         axlevel = extract_int(&serv_response[4], 1);
101         if (axlevel >=6) is_aide = 1;
102         }
103
104
105 void do_login(void) {
106         char buf[256];
107         int need_regi = 0;
108
109
110         if (!strcasecmp(bstr("noframes"), "on")) noframes = 1;
111
112         if (!strcasecmp(bstr("action"), "Exit")) {
113                 do_logout();
114                 }
115
116         if (!strcasecmp(bstr("action"), "Login")) {
117                 serv_printf("USER %s", bstr("name"));
118                 serv_gets(buf);
119                 if (buf[0]=='3') {
120                         serv_printf("PASS %s", bstr("pass"));
121                         serv_gets(buf);
122                         if (buf[0]=='2') {
123                                 become_logged_in(bstr("name"),
124                                         bstr("pass"), buf);
125                                 }
126                         else {
127                                 display_login(&buf[4]);
128                                 return;
129                                 }
130                         }
131                 else {
132                         display_login(&buf[4]);
133                         return;
134                         }
135                 }
136
137         if (!strcasecmp(bstr("action"), "New User")) {
138                 serv_printf("NEWU %s", bstr("name"));
139                 serv_gets(buf);
140                 if (buf[0]=='2') {
141                         become_logged_in(bstr("name"), bstr("pass"), buf);
142                         serv_printf("SETP %s", bstr("pass"));
143                         serv_gets(buf);
144                         }
145                 else {
146                         display_login(&buf[4]);
147                         return;
148                         }
149                 }
150
151         if (logged_in) {
152                 serv_puts("CHEK");
153                 serv_gets(buf);
154                 if (buf[0]=='2') {
155                         need_regi = extract_int(&buf[4], 1);
156                         /* FIX also check for new mail etc. here */
157                         }
158                 if (need_regi) {
159                         display_reg(1);
160                         }
161                 else {
162                         output_static("frameset.html");
163                         }
164                 }
165         else {
166                 display_login("Your password was not accepted.");
167                 }
168
169         }
170
171 void do_welcome(void) {
172         printf("HTTP/1.0 200 OK\n");
173         output_headers(1, "bottom");
174         wprintf("<CENTER><H1>");
175         escputs(wc_username);
176         wprintf("</H1>\n");
177         /* FIX add user stats here */
178
179         wprintf("<HR>");
180         /* FIX  ---  what should we put here?  the main menu,
181          * or new messages in the lobby?
182          */
183         embed_main_menu();
184
185         wprintf("</BODY></HTML>\n");
186         wDumpContent();
187         }
188
189
190 void do_logout(void) {
191         char buf[256];
192
193         strcpy(wc_username, "");
194         strcpy(wc_password, "");
195         strcpy(wc_roomname, "");
196
197         printf("HTTP/1.0 200 OK\n");
198         output_headers(2, "_top");      /* note "2" causes cookies to be unset */
199
200         wprintf("<CENTER>");    
201         serv_puts("MESG goodbye");
202         serv_gets(buf);
203
204         if (buf[0]=='1') fmout(NULL);
205         else wprintf("Goodbye\n");
206
207         wprintf("<HR><A HREF=\"/\">Log in again</A>\n");
208         wprintf("</CENTER></BODY></HTML>\n");
209         wDumpContent();
210         serv_puts("QUIT");
211         exit(0);
212         }
213
214
215
216
217
218 /* 
219  * validate new users
220  */
221 void validate(void) {
222         char cmd[256];
223         char user[256];
224         char buf[256];
225         int a;
226
227         printf("HTTP/1.0 200 OK\n");
228         output_headers(1, "bottom");
229
230         strcpy(buf,bstr("user"));
231         if (strlen(buf)>0) if (strlen(bstr("axlevel"))>0) {
232                 serv_printf("VALI %s|%s",buf,bstr("axlevel"));
233                 serv_gets(buf);
234                 if (buf[0]!='2') {
235                         wprintf("<EM>%s</EM><BR>\n", &buf[4]);
236                         }
237                 }
238         
239         serv_puts("GNUR");
240         serv_gets(buf);
241
242         if (buf[0]!='3') {
243                 wprintf("<EM>%s</EM><BR></BODY></HTML>\n", &buf[4]);
244                 wDumpContent();
245                 return;
246                 }
247
248         strcpy(user,&buf[4]);
249         serv_printf("GREG %s",user);
250         serv_gets(cmd);
251         if (cmd[0]=='1') {
252                 a = 0;
253                 do {
254                         serv_gets(buf);
255                         ++a;
256                         if (a==1) wprintf("User #%s<BR><H1>%s</H1>",
257                                 buf,&cmd[4]);
258                         if (a==2) wprintf("PW: %s<BR>\n",buf);
259                         if (a==3) wprintf("%s<BR>\n",buf);
260                         if (a==4) wprintf("%s<BR>\n",buf);
261                         if (a==5) wprintf("%s, ",buf);
262                         if (a==6) wprintf("%s ",buf);
263                         if (a==7) wprintf("%s<BR>\n",buf);
264                         if (a==8) wprintf("%s<BR>\n",buf);
265                         if (a==9) wprintf("Current access level: %d (%s)\n",
266                                 atoi(buf),axdefs[atoi(buf)]);
267                         } while(strcmp(buf,"000"));
268                 }
269         else {
270                 wprintf("<H1>%s</H1>%s<BR>\n",user,&cmd[4]);
271                 }
272
273         wprintf("<CENTER><TABLE border><CAPTION>Select access level:");
274         wprintf("</CAPTION><TR>");
275         for (a=0; a<=6; ++a) {
276                 wprintf(
277                 "<TD><A HREF=\"/validate&user=%s&axlevel=%d\">%s</A></TD>\n",
278                         urlesc(user), a, axdefs[a]);
279                 }
280         wprintf("</TR></TABLE><CENTER><BR>\n");
281         wDumpContent();
282         }
283
284
285
286
287
288
289 /* 
290  * Display form for registration.
291  * (Set during_login to 1 if this registration is being performed during
292  * new user login and will require chaining to the proper screen.)
293  */
294 void display_reg(int during_login) {
295         char buf[256];
296         int a;
297
298         printf("HTTP/1.0 200 OK\n");
299         output_headers(1, "bottom");
300
301         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=007700><TR><TD>");
302         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
303         wprintf("<B>Enter registration info</B>\n");
304         wprintf("</FONT></TD></TR></TABLE>\n");
305
306         wprintf("<CENTER>");
307         serv_puts("MESG register");
308         serv_gets(buf);
309         if (buf[0]=='1') fmout(NULL);
310
311         wprintf("<FORM ACTION=\"/register\" METHOD=\"POST\">\n");
312         wprintf("<INPUT TYPE=\"hidden\" NAME=\"during_login\" VALUE=\"%d\">\n", during_login);
313
314         serv_puts("GREG _SELF_");
315         serv_gets(buf);
316         if (buf[0]!='1') {
317                 wprintf("<EM>%s</EM><BR>\n",&buf[4]);
318                 }
319         else {
320         
321                 wprintf("<H1>%s</H1><TABLE border>\n",&buf[4]);
322                 a = 0;
323                 while (serv_gets(buf), strcmp(buf,"000")) {
324                         ++a;
325                         wprintf("<TR><TD>");
326                         switch(a) {
327                                 case 3: wprintf("Real Name:</TD><TD><INPUT TYPE=\"text\" NAME=\"realname\" VALUE=\"%s\" MAXLENGTH=\"29\"><BR>\n",buf);
328                                         break;
329                                 case 4: wprintf("Street Address:</TD><TD><INPUT TYPE=\"text\" NAME=\"address\" VALUE=\"%s\" MAXLENGTH=\"24\"><BR>\n",buf);
330                                         break;
331                                 case 5: wprintf("City/town:</TD><TD><INPUT TYPE=\"text\" NAME=\"city\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n",buf);
332                                         break;
333                                 case 6: wprintf("State/province:</TD><TD><INPUT TYPE=\"text\" NAME=\"state\" VALUE=\"%s\" MAXLENGTH=\"2\"><BR>\n",buf);
334                                         break;
335                                 case 7: wprintf("ZIP code:</TD><TD><INPUT TYPE=\"text\" NAME=\"zip\" VALUE=\"%s\" MAXLENGTH=\"10\"><BR>\n",buf);
336                                         break;
337                                 case 8: wprintf("Telephone:</TD><TD><INPUT TYPE=\"text\" NAME=\"phone\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n",buf);
338                                         break;
339                                 case 9: wprintf("E-Mail:</TD><TD><INPUT TYPE=\"text\" NAME=\"email\" VALUE=\"%s\" MAXLENGTH=\"31\"><BR>\n",buf);
340                                         break;
341                                 }
342                         wprintf("</TD></TR>\n");
343                         }
344                 wprintf("</TABLE><P>");
345                 }
346         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Register\">\n");
347         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
348         wprintf("</CENTER></BODY></HTML>\n");
349         wDumpContent();
350         }
351
352 /*
353  * register
354  */
355 void register_user(void) {
356         char buf[256];
357         
358         if (strcmp(bstr("action"),"Register")) {
359                 display_error("Cancelled.  Registration was not saved.");
360                 return;
361                 }
362
363         serv_puts("REGI");
364         serv_gets(buf);
365         if (buf[0]!='4') {
366                 display_error(&buf[4]);
367                 }
368
369         serv_puts(bstr("realname"));
370         serv_puts(bstr("address"));
371         serv_puts(bstr("city"));
372         serv_puts(bstr("state"));
373         serv_puts(bstr("zip"));
374         serv_puts(bstr("phone"));
375         serv_puts(bstr("email"));
376         serv_puts("000");
377         
378         if (atoi(bstr("during_login"))) {
379                 output_static("frameset.html");
380                 }
381         else {
382                 display_error("Registration information has been saved.");
383                 }
384         }
385
386
387
388
389
390 /* 
391  * display form for changing your password
392  */
393 void display_changepw(void) {
394         char buf[256];
395
396         printf("HTTP/1.0 200 OK\n");
397         output_headers(1, "bottom");
398
399         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=770000><TR><TD>");
400         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
401         wprintf("<B>Change your password</B>\n");
402         wprintf("</FONT></TD></TR></TABLE>\n");
403
404         wprintf("<CENTER>");
405         serv_puts("MESG changepw");
406         serv_gets(buf);
407         if (buf[0]=='1') fmout(NULL);
408
409         wprintf("<FORM ACTION=\"changepw\" METHOD=\"POST\">\n");
410         wprintf("<CENTER><TABLE border><TR><TD>Enter new password:</TD>\n");
411         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass1\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
412         wprintf("<TR><TD>Enter it again to confirm:</TD>\n");
413         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass2\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
414         wprintf("</TABLE>\n");  
415         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Change\">\n");
416         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
417         wprintf("</CENTER></BODY></HTML>\n");
418         wDumpContent();
419         }
420
421 /*
422  * change password
423  */
424 void changepw(void) {
425         char buf[256];
426         char newpass1[32], newpass2[32];
427         
428         if (strcmp(bstr("action"),"Change")) {
429                 display_error("Cancelled.  Password was not changed.");
430                 return;
431                 }
432
433         strcpy(newpass1, bstr("newpass1"));
434         strcpy(newpass2, bstr("newpass2"));
435
436         if (strcasecmp(newpass1, newpass2)) {
437                 display_error("They don't match.  Password was not changed.");
438                 return;
439                 }
440
441         serv_printf("SETP %s", newpass1);
442         serv_gets(buf);
443         if (buf[0]=='2') display_success(&buf[4]);
444         else display_error(&buf[4]);
445         }
Citadel server, clients, utilities