* Added a "preferences and settings" screen for each user.

[citadel.git] / webcit / auth.c

diff --git a/webcit/auth.c b/webcit/auth.c
index a48e2277190519f8a0ed549312c3faf6567e9096..4ed68ff68efa7e21bf3899b2af6b617248f0c276 100644 (file)
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -77,8 +77,8 @@ void become_logged_in(char *user, char *pass, char *serv_response)
        char buf[SIZ];
 
        WC->logged_in = 1;
-       extract(WC->wc_username, &serv_response[4], 0);
-       strcpy(WC->wc_password, pass);
+       extract_token(WC->wc_username, &serv_response[4], 0, '|', sizeof WC->wc_username);
+       safestrncpy(WC->wc_password, pass, sizeof WC->wc_password);
        WC->axlevel = extract_int(&serv_response[4], 1);
        if (WC->axlevel >= 6) {
                WC->is_aide = 1;
@@ -87,12 +87,12 @@ void become_logged_in(char *user, char *pass, char *serv_response)
        load_preferences();
 
        serv_puts("CHEK");
-       serv_gets(buf);
+       serv_getln(buf, sizeof buf);
        if (buf[0] == '2') {
                WC->new_mail = extract_int(&buf[4], 0);
                WC->need_regi = extract_int(&buf[4], 1);
                WC->need_vali = extract_int(&buf[4], 2);
-               extract(WC->cs_inet_email, &buf[4], 3);
+               extract_token(WC->cs_inet_email, &buf[4], 3, '|', sizeof WC->cs_inet_email);
        }
 }
 
@@ -107,10 +107,10 @@ void do_login(void)
        }
        if (!strcasecmp(bstr("action"), "Login")) {
                serv_printf("USER %s", bstr("name"));
-               serv_gets(buf);
+               serv_getln(buf, sizeof buf);
                if (buf[0] == '3') {
                        serv_printf("PASS %s", bstr("pass"));
-                       serv_gets(buf);
+                       serv_getln(buf, sizeof buf);
                        if (buf[0] == '2') {
                                become_logged_in(bstr("name"),
                                                 bstr("pass"), buf);
@@ -129,11 +129,11 @@ void do_login(void)
                        return;
                }
                serv_printf("NEWU %s", bstr("name"));
-               serv_gets(buf);
+               serv_getln(buf, sizeof buf);
                if (buf[0] == '2') {
                        become_logged_in(bstr("name"), bstr("pass"), buf);
                        serv_printf("SETP %s", bstr("pass"));
-                       serv_gets(buf);
+                       serv_getln(buf, sizeof buf);
                } else {
                        display_login(&buf[4]);
                        return;
@@ -154,10 +154,10 @@ void do_login(void)
 void do_welcome(void)
 {
        char buf[SIZ];
+#ifdef XXX_NOT_FINISHED_YET_XXX
        FILE *fp;
        int i;
 
-#ifdef XXX_NOT_FINISHED_YET_XXX
        /*
         * See if we have to run the first-time setup wizard
         */
@@ -193,10 +193,10 @@ void do_welcome(void)
        /*
         * Go to the user's preferred start page
         */
-       get_preference("startpage", buf);
+       get_preference("startpage", buf, sizeof buf);
        if (strlen(buf)==0) {
-               strcpy(buf, "/dotskip&room=_BASEROOM_");
-               set_preference("startpage", buf);
+               safestrncpy(buf, "/dotskip&room=_BASEROOM_", sizeof buf);
+               set_preference("startpage", buf, 1);
        }
        http_redirect(buf);
 }
@@ -216,16 +216,16 @@ void do_logout(void)
 {
        char buf[SIZ];
 
-       strcpy(WC->wc_username, "");
-       strcpy(WC->wc_password, "");
-       strcpy(WC->wc_roomname, "");
+       safestrncpy(WC->wc_username, "", sizeof WC->wc_username);
+       safestrncpy(WC->wc_password, "", sizeof WC->wc_password);
+       safestrncpy(WC->wc_roomname, "", sizeof WC->wc_roomname);
 
        /* Calling output_headers() this way causes the cookies to be un-set */
        output_headers(1, 1, 0, 1, 0, 0, 0);
 
        wprintf("<center>");
        serv_puts("MESG goodbye");
-       serv_gets(buf);
+       serv_getln(buf, sizeof buf);
 
        if (WC->serv_sock >= 0) {
                if (buf[0] == '1') {
@@ -267,17 +267,17 @@ void validate(void)
                "</div>\n<div id=\"content\">\n"
        );
                                                                                                                             
-       strcpy(buf, bstr("user"));
+       safestrncpy(buf, bstr("user"), sizeof buf);
        if (strlen(buf) > 0)
                if (strlen(bstr("axlevel")) > 0) {
                        serv_printf("VALI %s|%s", buf, bstr("axlevel"));
-                       serv_gets(buf);
+                       serv_getln(buf, sizeof buf);
                        if (buf[0] != '2') {
                                wprintf("<b>%s</b><br />\n", &buf[4]);
                        }
                }
        serv_puts("GNUR");
-       serv_gets(buf);
+       serv_getln(buf, sizeof buf);
 
        if (buf[0] != '3') {
                wprintf("<b>%s</b><br />\n", &buf[4]);
@@ -289,13 +289,13 @@ void validate(void)
                "<table border=0 width=100%% bgcolor=\"#ffffff\"><tr><td>\n");
        wprintf("<center>");
 
-       strcpy(user, &buf[4]);
+       safestrncpy(user, &buf[4], sizeof user);
        serv_printf("GREG %s", user);
-       serv_gets(cmd);
+       serv_getln(cmd, sizeof cmd);
        if (cmd[0] == '1') {
                a = 0;
                do {
-                       serv_gets(buf);
+                       serv_getln(buf, sizeof buf);
                        ++a;
                        if (a == 1)
                                wprintf("User #%s<br /><H1>%s</H1>",
@@ -392,7 +392,7 @@ void display_changepw(void)
                wprintf("<SPAN CLASS=\"errormsg\">"
                        "%s</SPAN><br />\n", WC->ImportantMessage);
                do_template("endbox");
-               strcpy(WC->ImportantMessage, "");
+               safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage);
        }
 
        wprintf("<div id=\"fix_scrollbar_bug\">"
@@ -400,7 +400,7 @@ void display_changepw(void)
 
        wprintf("<CENTER><br />");
        serv_puts("MESG changepw");
-       serv_gets(buf);
+       serv_getln(buf, sizeof buf);
        if (buf[0] == '1') {
                fmout(NULL, "CENTER");
        }
@@ -432,31 +432,34 @@ void changepw(void)
        char newpass1[32], newpass2[32];
 
        if (strcmp(bstr("action"), "Change")) {
-               strcpy(WC->ImportantMessage, 
-                       "Cancelled.  Password was not changed.");
+               safestrncpy(WC->ImportantMessage, 
+                       "Cancelled.  Password was not changed.",
+                       sizeof WC->ImportantMessage);
                display_main_menu();
                return;
        }
 
-       strcpy(newpass1, bstr("newpass1"));
-       strcpy(newpass2, bstr("newpass2"));
+       safestrncpy(newpass1, bstr("newpass1"), sizeof newpass1);
+       safestrncpy(newpass2, bstr("newpass2"), sizeof newpass2);
 
        if (strcasecmp(newpass1, newpass2)) {
-               strcpy(WC->ImportantMessage, 
-                       "They don't match.  Password was not changed.");
+               safestrncpy(WC->ImportantMessage, 
+                       "They don't match.  Password was not changed.",
+                       sizeof WC->ImportantMessage);
                display_changepw();
                return;
        }
 
        if (strlen(newpass1) == 0) {
-               strcpy(WC->ImportantMessage, 
-                       "Blank passwords are not allowed.");
+               safestrncpy(WC->ImportantMessage, 
+                       "Blank passwords are not allowed.",
+                       sizeof WC->ImportantMessage);
                display_changepw();
                return;
        }
 
        serv_printf("SETP %s", newpass1);
-       serv_gets(buf);
+       serv_getln(buf, sizeof buf);
        sprintf(WC->ImportantMessage, "%s", &buf[4]);
        if (buf[0] == '2') {
                safestrncpy(WC->wc_password, buf, sizeof WC->wc_password);