X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=webcit%2Fauth.c;h=1cd4a3b0a16a5d1a3b7c8f25828eb4e2f11c41f4;hb=570f816b5024916402d429fbcff0f094779a943a;hp=5633b238bfbd71b1e4f432d654a43fbded9210cf;hpb=a70845a83de0a03ce1b26f8a2da3f10cf00d3b40;p=citadel.git diff --git a/webcit/auth.c b/webcit/auth.c index 5633b238b..1cd4a3b0a 100644 --- a/webcit/auth.c +++ b/webcit/auth.c @@ -1,105 +1,157 @@ /* - * auth.c - * - * This file contains code which relates to authentication of users to Citadel. - * * $Id$ + * + * WebcitAuth; Handles authentication of users to a Citadel server. */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include #include "webcit.h" -char *axdefs[] = -{ - "Deleted", - "New User", - "Problem User", - "Local User", - "Network User", - "Preferred User", - "Aide" -}; - /* + * user states + * the plain text states of a user. filled in at \ function TODO initialize_ax_defs() + * due to NLS + */ +char *axdefs[7]; + +void initialize_axdefs(void) { + axdefs[0] = _("Deleted"); /*!0: an erased user */ + axdefs[1] = _("New User"); /*!1: a new user */ + axdefs[2] = _("Problem User"); /*!2: a trouble maker */ + axdefs[3] = _("Local User"); /*!3: user with normal privileges */ + axdefs[4] = _("Network User"); /*!4: a user that may access network resources */ + axdefs[5] = _("Preferred User");/*!5: a moderator */ + axdefs[6] = _("Aide"); /*!6: chief */ +} + + + + +/* * Display the login screen + * mesg = the error message if last attempt failed. */ void display_login(char *mesg) { char buf[SIZ]; - output_headers(3); + output_headers(1, 1, 2, 0, 0, 0); + wprintf("
\n"); - if (mesg != NULL) if (strlen(mesg) > 0) { - stresc(buf, mesg, 0); - svprintf("mesg", WCS_STRING, "%s", buf); + if (mesg != NULL) if (!IsEmptyStr(mesg)) { + stresc(buf, SIZ, mesg, 0, 0); + svprintf("mesg", WCS_STRING, "%s", buf); } + svprintf("LOGIN_INSTRUCTIONS", WCS_STRING, + _("
    " + "
  • If you already have an account on %s, " + "enter your user name and password and click "Login." " + "
  • If you are a new user, enter the name and password " + "you wish to use, " + "and click "New User." " + "
  • Please log off properly when finished. " + "
  • You must use a browser that supports frames and " + "cookies. " + "
  • Also keep in mind that if your browser is " + "configured to block pop-up windows, you will not be able " + "to receive any instant messages.
    " + "
"), + serv_info.serv_humannode + ); + + svprintf("USERNAME_BOX", WCS_STRING, "%s", _("User name:")); + svprintf("PASSWORD_BOX", WCS_STRING, "%s", _("Password:")); + svprintf("LANGUAGE_BOX", WCS_STRING, "%s", _("Language:")); + svprintf("LOGIN_BUTTON", WCS_STRING, "%s", _("Login")); + svprintf("NEWUSER_BUTTON", WCS_STRING, "%s", _("New User")); + svprintf("EXIT_BUTTON", WCS_STRING, "%s", _("Exit")); svprintf("hello", WCS_SERVCMD, "MESG hello"); + svprintf("BOXTITLE", WCS_STRING, _("%s - powered by Citadel"), + serv_info.serv_humannode); + svcallback("DO_LANGUAGE_BOX", offer_languages); + if (serv_info.serv_newuser_disabled) { + svprintf("NEWUSER_BUTTON_PRE", WCS_STRING, "
"); + svprintf("NEWUSER_BUTTON_POST", WCS_STRING, "
"); + } + else { + svprintf("NEWUSER_BUTTON_PRE", WCS_STRING, ""); + svprintf("NEWUSER_BUTTON_POST", WCS_STRING, ""); + } do_template("login"); - clear_local_substs(); - wDumpContent(0); /* No menu here; not logged in yet! */ + wDumpContent(2); } -/* +/* Initialize the session + * * This function needs to get called whenever the session changes from * not-logged-in to logged-in, either by an explicit login by the user or * by a timed-out session automatically re-establishing with a little help * from the browser cookie. Either way, we need to load access controls and * preferences from the server. + * + * user the username + * pass his password + * serv_response The parameters returned from a Citadel USER or NEWU command */ void become_logged_in(char *user, char *pass, char *serv_response) { + char buf[SIZ]; + WC->logged_in = 1; - extract(WC->wc_username, &serv_response[4], 0); - strcpy(WC->wc_password, pass); + extract_token(WC->wc_fullname, &serv_response[4], 0, '|', sizeof WC->wc_fullname); + safestrncpy(WC->wc_username, user, sizeof WC->wc_username); + safestrncpy(WC->wc_password, pass, sizeof WC->wc_password); WC->axlevel = extract_int(&serv_response[4], 1); if (WC->axlevel >= 6) { WC->is_aide = 1; } + load_preferences(); + + serv_puts("CHEK"); + serv_getln(buf, sizeof buf); + if (buf[0] == '2') { + WC->new_mail = extract_int(&buf[4], 0); + WC->need_regi = extract_int(&buf[4], 1); + WC->need_vali = extract_int(&buf[4], 2); + extract_token(WC->cs_inet_email, &buf[4], 3, '|', sizeof WC->cs_inet_email); + } + + get_preference("current_iconbar", buf, sizeof buf); + WC->current_iconbar = atoi(buf); + + get_preference("floordiv_expanded", WC->floordiv_expanded, sizeof WC->floordiv_expanded); } +/* + * Login Checks + * the logic to detect invalid passwords not to get on citservers nerves + */ void do_login(void) { char buf[SIZ]; - int need_regi = 0; + if (havebstr("language")) { + set_selected_language(bstr("language")); + go_selected_language(); + } - if (!strcasecmp(bstr("action"), "Exit")) { + if (havebstr("exit_action")) { do_logout(); return; } - if (!strcasecmp(bstr("action"), "Login")) { + if (havebstr("login_action")) { serv_printf("USER %s", bstr("name")); - serv_gets(buf); + serv_getln(buf, sizeof buf); if (buf[0] == '3') { serv_printf("PASS %s", bstr("pass")); - serv_gets(buf); + serv_getln(buf, sizeof buf); if (buf[0] == '2') { become_logged_in(bstr("name"), bstr("pass"), buf); @@ -112,51 +164,93 @@ void do_login(void) return; } } - if (!strcasecmp(bstr("action"), "New User")) { + if (havebstr("newuser_action")) { + if (!havebstr("pass")) { + display_login(_("Blank passwords are not allowed.")); + return; + } serv_printf("NEWU %s", bstr("name")); - serv_gets(buf); + serv_getln(buf, sizeof buf); if (buf[0] == '2') { become_logged_in(bstr("name"), bstr("pass"), buf); serv_printf("SETP %s", bstr("pass")); - serv_gets(buf); + serv_getln(buf, sizeof buf); } else { display_login(&buf[4]); return; } } if (WC->logged_in) { - serv_puts("CHEK"); - serv_gets(buf); - if (buf[0] == '2') { - WC->new_mail = extract_int(&buf[4], 0); - need_regi = extract_int(&buf[4], 1); - WC->need_vali = extract_int(&buf[4], 2); - } - if (need_regi) { + if (WC->need_regi) { display_reg(1); } else { do_welcome(); } } else { - display_login("Your password was not accepted."); + display_login(_("Your password was not accepted.")); } } +/* + * display the user a welcome screen. + * + * if this is the first time login, and the web based setup is enabled, + * lead the user through the setup routines + */ void do_welcome(void) { - char startpage[SIZ]; + char buf[SIZ]; +#ifdef XXX_NOT_FINISHED_YET_XXX + FILE *fp; + int i; + + /** + * See if we have to run the first-time setup wizard + */ + if (WC->is_aide) { + if (!setup_wizard) { + int len; + sprintf(wizard_filename, "setupwiz.%s.%s", + ctdlhost, ctdlport); + len = strlen(wizard_filename); + for (i=0; ilogged_in) { + sprintf(buf, "%d", WC->current_iconbar); + set_preference("current_iconbar", buf, 0); + set_preference("floordiv_expanded", WC->floordiv_expanded, 1); + } + serv_puts("QUIT"); WC->killthis = 1; /* close() of citadel socket will be done by do_housekeeping() */ } - +/* + * execute the logout + */ void do_logout(void) { char buf[SIZ]; - strcpy(WC->wc_username, ""); - strcpy(WC->wc_password, ""); - strcpy(WC->wc_roomname, ""); + safestrncpy(WC->wc_username, "", sizeof WC->wc_username); + safestrncpy(WC->wc_password, "", sizeof WC->wc_password); + safestrncpy(WC->wc_roomname, "", sizeof WC->wc_roomname); + safestrncpy(WC->wc_fullname, "", sizeof WC->wc_fullname); - output_headers(2); /* note "2" causes cookies to be unset */ + /** Calling output_headers() this way causes the cookies to be un-set */ + output_headers(1, 1, 0, 1, 0, 0); - wprintf("
"); + wprintf("
"); + wprintf("
"); + wprintf("
"); + wprintf(_("Log off")); + wprintf("
"); serv_puts("MESG goodbye"); - serv_gets(buf); + serv_getln(buf, sizeof buf); if (WC->serv_sock >= 0) { if (buf[0] == '1') { - fmout(NULL); + fmout("CENTER"); } else { wprintf("Goodbye\n"); } } else { - wprintf("This program was unable to connect or stay " + wprintf(_("This program was unable to connect or stay " "connected to the Citadel server. Please report " - "this problem to your system administrator." + "this problem to your system administrator.") ); + wprintf("%s", + _("Read More...")); } - wprintf("
Log in again   " - "Close window" - "
\n"); + wprintf("
" + ""); + wprintf(_("Log in again")); + wprintf("   " + ""); + wprintf(_("Close window")); + wprintf("
\n"); wDumpContent(2); end_webcit_session(); } - -/* +/* * validate new users */ void validate(void) @@ -217,240 +333,225 @@ void validate(void) char buf[SIZ]; int a; - output_headers(3); - - strcpy(buf, bstr("user")); - if (strlen(buf) > 0) - if (strlen(bstr("WC->axlevel")) > 0) { - serv_printf("VALI %s|%s", buf, bstr("WC->axlevel")); - serv_gets(buf); + output_headers(1, 1, 2, 0, 0, 0); + wprintf("
\n"); + wprintf("

"); + wprintf(_("Validate new users")); + wprintf("

"); + wprintf("
\n"); + + wprintf("
\n"); + + /* If the user just submitted a validation, process it... */ + safestrncpy(buf, bstr("user"), sizeof buf); + if (!IsEmptyStr(buf)) { + if (havebstr("axlevel")) { + serv_printf("VALI %s|%s", buf, bstr("axlevel")); + serv_getln(buf, sizeof buf); if (buf[0] != '2') { - wprintf("%s
\n", &buf[4]); + wprintf("%s
\n", &buf[4]); } } - serv_puts("GNUR"); - serv_gets(buf); + } + /* Now see if any more users require validation. */ + serv_puts("GNUR"); + serv_getln(buf, sizeof buf); + if (buf[0] == '2') { + wprintf(""); + wprintf(_("No users require validation at this time.")); + wprintf("
\n"); + wDumpContent(1); + return; + } if (buf[0] != '3') { - wprintf("%s
\n", &buf[4]); + wprintf("%s
\n", &buf[4]); wDumpContent(1); return; } - strcpy(user, &buf[4]); + + wprintf("
" + "
\n"); + wprintf("
"); + + safestrncpy(user, &buf[4], sizeof user); serv_printf("GREG %s", user); - serv_gets(cmd); + serv_getln(cmd, sizeof cmd); if (cmd[0] == '1') { a = 0; do { - serv_gets(buf); + serv_getln(buf, sizeof buf); ++a; if (a == 1) - wprintf("User #%s

%s

", + wprintf("#%s

%s

", buf, &cmd[4]); if (a == 2) - wprintf("PW: %s
\n", buf); + wprintf("PW: %s
\n", buf); if (a == 3) - wprintf("%s
\n", buf); + wprintf("%s
\n", buf); if (a == 4) - wprintf("%s
\n", buf); + wprintf("%s
\n", buf); if (a == 5) wprintf("%s, ", buf); if (a == 6) wprintf("%s ", buf); if (a == 7) - wprintf("%s
\n", buf); + wprintf("%s
\n", buf); if (a == 8) - wprintf("%s
\n", buf); + wprintf("%s
\n", buf); if (a == 9) - wprintf("Current access level: %d (%s)\n", + wprintf(_("Current access level: %d (%s)\n"), atoi(buf), axdefs[atoi(buf)]); } while (strcmp(buf, "000")); } else { - wprintf("

%s

%s
\n", user, &cmd[4]); + wprintf("

%s

%s
\n", user, &cmd[4]); } - wprintf("
"); + wprintf("
"); + wprintf(_("Select access level for this user:")); + wprintf("
\n"); for (a = 0; a <= 6; ++a) { - wprintf("\n", + wprintf("&axlevel=%d\">%s   \n", a, axdefs[a]); } - wprintf("
Select access level:"); - wprintf("
nonce); urlescputs(user); - wprintf("&WC->axlevel=%d\">%s

\n"); + wprintf("
\n"); + + wprintf("
\n"); + wprintf("
\n"); wDumpContent(1); } - - - -/* +/* * Display form for registration. + * * (Set during_login to 1 if this registration is being performed during * new user login and will require chaining to the proper screen.) */ void display_reg(int during_login) { - char buf[SIZ]; - int a; - - output_headers(3); - - wprintf("
"); - wprintf("Enter registration info\n"); - wprintf("
\n"); - - wprintf("
"); - serv_puts("MESG register"); - serv_gets(buf); - if (buf[0] == '1') - fmout(NULL); - - wprintf("
\n"); - wprintf("\n", during_login); - - serv_puts("GREG _SELF_"); - serv_gets(buf); - if (buf[0] != '1') { - wprintf("%s
\n", &buf[4]); - } else { + long vcard_msgnum; - wprintf("

%s

\n", &buf[4]); - a = 0; - while (serv_gets(buf), strcmp(buf, "000")) { - ++a; - wprintf("\n"); - } - wprintf("
"); - switch (a) { - case 3: - wprintf("Real Name:
\n", buf); - break; - case 4: - wprintf("Street Address:
\n", buf); - break; - case 5: - wprintf("City/town:
\n", buf); - break; - case 6: - wprintf("State/province:
\n", buf); - break; - case 7: - wprintf("ZIP/postal code:
\n", buf); - break; - case 8: - wprintf("Telephone:
\n", buf); - break; - case 10: - wprintf("E-Mail:
\n", buf); - break; - case 11: - wprintf("Country:
\n", buf); - break; - } - wprintf("

"); + if (goto_config_room() != 0) { + if (during_login) do_welcome(); + else display_main_menu(); + return; } - wprintf("\n"); - wprintf("\n"); - wprintf("

\n"); - wDumpContent(1); -} - -/* - * register - */ -void register_user(void) -{ - char buf[SIZ]; - if (strcmp(bstr("action"), "Register")) { - display_error("Cancelled. Registration was not saved."); + vcard_msgnum = locate_user_vcard(WC->wc_fullname, -1); + if (vcard_msgnum < 0L) { + if (during_login) do_welcome(); + else display_main_menu(); return; } - serv_puts("REGI"); - serv_gets(buf); - if (buf[0] != '4') { - display_error(&buf[4]); - } - serv_puts(bstr("realname")); - serv_puts(bstr("address")); - serv_puts(bstr("city")); - serv_puts(bstr("state")); - serv_puts(bstr("zip")); - serv_puts(bstr("phone")); - serv_puts(bstr("email")); - serv_puts(bstr("country")); - serv_puts("000"); - - if (atoi(bstr("during_login"))) { - do_welcome(); - } else { - display_success("Registration information has been saved."); + + if (during_login) { + do_edit_vcard(vcard_msgnum, "1", "do_welcome", USERCONFIGROOM); + } + else { + do_edit_vcard(vcard_msgnum, "1", "display_main_menu", USERCONFIGROOM); } -} +} -/* +/* * display form for changing your password */ void display_changepw(void) { char buf[SIZ]; - output_headers(3); + output_headers(1, 1, 1, 0, 0, 0); + + svprintf("BOXTITLE", WCS_STRING, _("Change your password")); + do_template("beginbox"); - wprintf("
"); - wprintf("Change your password\n"); - wprintf("
\n"); + if (!IsEmptyStr(WC->ImportantMessage)) { + wprintf("" + "%s
\n", WC->ImportantMessage); + safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage); + } - wprintf("
"); serv_puts("MESG changepw"); - serv_gets(buf); - if (buf[0] == '1') - fmout(NULL); - - wprintf("\n"); - wprintf("
\n"); - wprintf("\n"); - wprintf("\n"); - wprintf("\n"); - wprintf("
Enter new password:
Enter it again to confirm:
\n"); - wprintf("\n"); - wprintf("\n"); - wprintf("
\n"); + serv_getln(buf, sizeof buf); + if (buf[0] == '1') { + fmout("CENTER"); + } + + wprintf("\n"); + wprintf("\n", WC->nonce); + wprintf("\n"); + wprintf("\n"); + wprintf("
"); + wprintf(_("Enter new password:")); + wprintf(""); + wprintf("
"); + wprintf(_("Enter it again to confirm:")); + wprintf(""); + wprintf("
\n"); + + wprintf("
\n"); + wprintf("", _("Change password")); + wprintf(" "); + wprintf("\n", _("Cancel")); + wprintf("
\n"); + wprintf("\n"); + + do_template("endbox"); wDumpContent(1); } /* * change password + * if passwords match, propagate it to citserver. */ void changepw(void) { char buf[SIZ]; char newpass1[32], newpass2[32]; - if (strcmp(bstr("action"), "Change")) { - display_error("Cancelled. Password was not changed."); + if (!havebstr("change_action")) { + safestrncpy(WC->ImportantMessage, + _("Cancelled. Password was not changed."), + sizeof WC->ImportantMessage); + display_main_menu(); return; } - strcpy(newpass1, bstr("newpass1")); - strcpy(newpass2, bstr("newpass2")); + + safestrncpy(newpass1, bstr("newpass1"), sizeof newpass1); + safestrncpy(newpass2, bstr("newpass2"), sizeof newpass2); if (strcasecmp(newpass1, newpass2)) { - display_error("They don't match. Password was not changed."); + safestrncpy(WC->ImportantMessage, + _("They don't match. Password was not changed."), + sizeof WC->ImportantMessage); + display_changepw(); return; } + + if (IsEmptyStr(newpass1)) { + safestrncpy(WC->ImportantMessage, + _("Blank passwords are not allowed."), + sizeof WC->ImportantMessage); + display_changepw(); + return; + } + serv_printf("SETP %s", newpass1); - serv_gets(buf); - if (buf[0] == '2') - display_success(&buf[4]); - else - display_error(&buf[4]); + serv_getln(buf, sizeof buf); + sprintf(WC->ImportantMessage, "%s", &buf[4]); + if (buf[0] == '2') { + safestrncpy(WC->wc_password, buf, sizeof WC->wc_password); + display_main_menu(); + } + else { + display_changepw(); + } }