X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=webcit%2Fauth.c;h=af2f22e0c10af636be5f0654f5fd89ea943217d5;hb=7836de1a004d9353cadb71885e360715884d1601;hp=3588631fc222cb63a27efc7a8486ebc0e8e7af0f;hpb=05b7980adba4f517c3fc30d3ce97adb5c337c750;p=citadel.git diff --git a/webcit/auth.c b/webcit/auth.c index 3588631fc..af2f22e0c 100644 --- a/webcit/auth.c +++ b/webcit/auth.c @@ -1,23 +1,34 @@ /* - * auth.c + * $Id$ * - * This file contains code which relates to authentication of users to Citadel. + * Handles authentication of users to a Citadel server. * - * $Id$ */ + +#include #include -#ifdef HAVE_UNISTD_H #include -#endif #include -#include +#include +#include +#include +#include +#include +#include +#include +#include +#include #include +#include #include +#include +#include +#include #include "webcit.h" -#include "child.h" -char *axdefs[] = { +char *axdefs[] = +{ "Deleted", "New User", "Problem User", @@ -25,265 +36,259 @@ char *axdefs[] = { "Network User", "Preferred User", "Aide" - }; +}; /* * Display the login screen */ -void display_login(char *mesg) { - char buf[256]; - - printf("HTTP/1.0 200 OK\n"); - output_headers(1, "_top"); +void display_login(char *mesg) +{ + char buf[SIZ]; - /* Da banner */ - wprintf("
\n"); - wprintf(""); - wprintf("
\n"); + output_headers(1, 1, 2, 0, 0, 0, 0); + wprintf("
\n"); - if (mesg != NULL) { - wprintf("%s", mesg); - } - else { - serv_puts("MESG hello"); - serv_gets(buf); - if (buf[0]=='1') fmout(NULL); - } + if (mesg != NULL) if (strlen(mesg) > 0) { + stresc(buf, mesg, 0, 0); + svprintf("mesg", WCS_STRING, "%s", buf); + } - wprintf("
\n"); - wprintf("
\n"); - - /* Da login box */ - wprintf("
\n"); - wprintf("\n"); - wprintf("\n"); - wprintf("\n"); - wprintf("\n"); - wprintf("\n"); - wprintf("
User Name:\n"); - wprintf("
Password:
\n"); - wprintf("\n"); - wprintf("\n"); - wprintf("\n"); - - wprintf("
"); - wprintf(" Check here to disable frames\n"); - wprintf("
\n"); - - /* Da instructions */ - wprintf("
  • If you already have an account on %s,", + svprintf("hello", WCS_SERVCMD, "MESG hello"); + svprintf("BOXTITLE", WCS_STRING, "%s - powered by Citadel", serv_info.serv_humannode); - wprintf(" enter your user name\n"); - wprintf("and password and click \"Login.\"
    \n"); - wprintf("
  • If you are a new user,\n"); - wprintf("enter the name and password you wish to use, and click\n"); - wprintf("\"New User.\"
  • "); - wprintf("Please log off properly when finished."); - wprintf("
  • You must use a browser that supports cookies.
    \n"); - wprintf("
  • Your browser is: "); - escputs(browser); - wprintf("\n"); - wDumpContent(1); - } + do_template("login"); + + wDumpContent(2); +} /* - * This function needs to get called whenever a PASS or NEWU succeeds. + * This function needs to get called whenever the session changes from + * not-logged-in to logged-in, either by an explicit login by the user or + * by a timed-out session automatically re-establishing with a little help + * from the browser cookie. Either way, we need to load access controls and + * preferences from the server. */ -void become_logged_in(char *user, char *pass, char *serv_response) { - logged_in = 1; - extract(wc_username, &serv_response[4], 0); - strcpy(wc_password, pass); - axlevel = extract_int(&serv_response[4], 1); - if (axlevel >=6) is_aide = 1; +void become_logged_in(char *user, char *pass, char *serv_response) +{ + char buf[SIZ]; + + WC->logged_in = 1; + extract(WC->wc_username, &serv_response[4], 0); + strcpy(WC->wc_password, pass); + WC->axlevel = extract_int(&serv_response[4], 1); + if (WC->axlevel >= 6) { + WC->is_aide = 1; } + load_preferences(); -void do_login(void) { - char buf[256]; - int need_regi = 0; + serv_puts("CHEK"); + serv_gets(buf); + if (buf[0] == '2') { + WC->new_mail = extract_int(&buf[4], 0); + WC->need_regi = extract_int(&buf[4], 1); + WC->need_vali = extract_int(&buf[4], 2); + extract(WC->cs_inet_email, &buf[4], 3); + } +} - if (!strcasecmp(bstr("noframes"), "on")) - noframes = 1; - else - noframes = 0; +void do_login(void) +{ + char buf[SIZ]; if (!strcasecmp(bstr("action"), "Exit")) { do_logout(); - } - + return; + } if (!strcasecmp(bstr("action"), "Login")) { serv_printf("USER %s", bstr("name")); serv_gets(buf); - if (buf[0]=='3') { + if (buf[0] == '3') { serv_printf("PASS %s", bstr("pass")); serv_gets(buf); - if (buf[0]=='2') { + if (buf[0] == '2') { become_logged_in(bstr("name"), - bstr("pass"), buf); - } - else { + bstr("pass"), buf); + } else { display_login(&buf[4]); return; - } } - else { + } else { display_login(&buf[4]); return; - } } - + } if (!strcasecmp(bstr("action"), "New User")) { serv_printf("NEWU %s", bstr("name")); serv_gets(buf); - if (buf[0]=='2') { + if (buf[0] == '2') { become_logged_in(bstr("name"), bstr("pass"), buf); serv_printf("SETP %s", bstr("pass")); serv_gets(buf); - } - else { + } else { display_login(&buf[4]); return; - } } - - if (logged_in) { - serv_puts("CHEK"); - serv_gets(buf); - if (buf[0]=='2') { - need_regi = extract_int(&buf[4], 1); - /* FIX also check for new mail etc. here */ - } - if (need_regi) { + } + if (WC->logged_in) { + if (WC->need_regi) { display_reg(1); - } - else { + } else { do_welcome(); - } } - else { + } else { display_login("Your password was not accepted."); - } - } -void do_welcome(void) { +} - if (noframes) { - printf("HTTP/1.0 200 OK\n"); - output_headers(1, "_top"); - wprintf("

    "); - escputs(wc_username); - wprintf("

    \n"); - /* FIX add user stats here */ - wDumpContent(1); - } +void do_welcome(void) +{ + char startpage[SIZ]; - else { - output_static("frameset.html"); - } + get_preference("startpage", startpage); + if (strlen(startpage)==0) { + strcpy(startpage, "/dotskip&room=_BASEROOM_"); + set_preference("startpage", startpage); } + http_redirect(startpage); +} -void do_logout(void) { - char buf[256]; - strcpy(wc_username, ""); - strcpy(wc_password, ""); - strcpy(wc_roomname, ""); +/* + * Disconnect from the Citadel server, and end this WebCit session + */ +void end_webcit_session(void) { + serv_puts("QUIT"); + WC->killthis = 1; + /* close() of citadel socket will be done by do_housekeeping() */ +} - printf("HTTP/1.0 200 OK\n"); - output_headers(2, "_top"); /* note "2" causes cookies to be unset */ - wprintf("
    "); - serv_puts("MESG goodbye"); - serv_gets(buf); +void do_logout(void) +{ + char buf[SIZ]; - if (buf[0]=='1') fmout(NULL); - else wprintf("Goodbye\n"); + strcpy(WC->wc_username, ""); + strcpy(WC->wc_password, ""); + strcpy(WC->wc_roomname, ""); - wprintf("
    Log in again
    \n"); - wDumpContent(2); - serv_puts("QUIT"); - exit(0); - } + /* Calling output_headers() this way causes the cookies to be un-set */ + output_headers(1, 1, 0, 1, 0, 0, 0); + wprintf("
    "); + serv_puts("MESG goodbye"); + serv_gets(buf); + if (WC->serv_sock >= 0) { + if (buf[0] == '1') { + fmout(NULL, "CENTER"); + } else { + wprintf("Goodbye\n"); + } + } + else { + wprintf("This program was unable to connect or stay " + "connected to the Citadel server. Please report " + "this problem to your system administrator." + ); + } + wprintf("
    Log in again   " + "Close window" + "
    \n"); + wDumpContent(2); + end_webcit_session(); +} /* * validate new users */ -void validate(void) { - char cmd[256]; - char user[256]; - char buf[256]; +void validate(void) +{ + char cmd[SIZ]; + char user[SIZ]; + char buf[SIZ]; int a; - printf("HTTP/1.0 200 OK\n"); - output_headers(1, "bottom"); + output_headers(1, 1, 0, 0, 0, 0, 0); - strcpy(buf,bstr("user")); - if (strlen(buf)>0) if (strlen(bstr("axlevel"))>0) { - serv_printf("VALI %s|%s",buf,bstr("axlevel")); - serv_gets(buf); - if (buf[0]!='2') { - wprintf("%s
    \n", &buf[4]); + strcpy(buf, bstr("user")); + if (strlen(buf) > 0) + if (strlen(bstr("axlevel")) > 0) { + serv_printf("VALI %s|%s", buf, bstr("axlevel")); + serv_gets(buf); + if (buf[0] != '2') { + wprintf("%s
    \n", &buf[4]); } } - serv_puts("GNUR"); serv_gets(buf); - if (buf[0]!='3') { - wprintf("%s
    \n", &buf[4]); + if (buf[0] != '3') { + wprintf("%s
    \n", &buf[4]); wDumpContent(1); return; - } + } - strcpy(user,&buf[4]); - serv_printf("GREG %s",user); + wprintf("
    "); + do_template("beginbox_nt"); + wprintf("
    "); + + strcpy(user, &buf[4]); + serv_printf("GREG %s", user); serv_gets(cmd); - if (cmd[0]=='1') { + if (cmd[0] == '1') { a = 0; do { serv_gets(buf); ++a; - if (a==1) wprintf("User #%s

    %s

    ", - buf,&cmd[4]); - if (a==2) wprintf("PW: %s
    \n",buf); - if (a==3) wprintf("%s
    \n",buf); - if (a==4) wprintf("%s
    \n",buf); - if (a==5) wprintf("%s, ",buf); - if (a==6) wprintf("%s ",buf); - if (a==7) wprintf("%s
    \n",buf); - if (a==8) wprintf("%s
    \n",buf); - if (a==9) wprintf("Current access level: %d (%s)\n", - atoi(buf),axdefs[atoi(buf)]); - } while(strcmp(buf,"000")); - } - else { - wprintf("

    %s

    %s
    \n",user,&cmd[4]); - } - - wprintf("
    "); - for (a=0; a<=6; ++a) { - wprintf( - "\n", - urlesc(user), a, axdefs[a]); - } - wprintf("
    Select access level:"); - wprintf("
    %s

    \n"); - wDumpContent(1); + if (a == 1) + wprintf("User #%s

    %s

    ", + buf, &cmd[4]); + if (a == 2) + wprintf("PW: %s
    \n", buf); + if (a == 3) + wprintf("%s
    \n", buf); + if (a == 4) + wprintf("%s
    \n", buf); + if (a == 5) + wprintf("%s, ", buf); + if (a == 6) + wprintf("%s ", buf); + if (a == 7) + wprintf("%s
    \n", buf); + if (a == 8) + wprintf("%s
    \n", buf); + if (a == 9) + wprintf("Current access level: %d (%s)\n", + atoi(buf), axdefs[atoi(buf)]); + } while (strcmp(buf, "000")); + } else { + wprintf("

    %s

    %s
    \n", user, &cmd[4]); } + wprintf("
    Select access level for this user:
    \n"); + for (a = 0; a <= 6; ++a) { + wprintf("%s   \n", + a, axdefs[a]); + } + wprintf("
    \n"); - + wprintf("
    \n"); + do_template("endbox"); + wprintf("
    \n"); + wDumpContent(1); +} @@ -292,98 +297,31 @@ void validate(void) { * (Set during_login to 1 if this registration is being performed during * new user login and will require chaining to the proper screen.) */ -void display_reg(int during_login) { - char buf[256]; - int a; - - printf("HTTP/1.0 200 OK\n"); - output_headers(1, "bottom"); - - wprintf("
    "); - wprintf("Enter registration info\n"); - wprintf("
    \n"); - - wprintf("
    "); - serv_puts("MESG register"); - serv_gets(buf); - if (buf[0]=='1') fmout(NULL); +void display_reg(int during_login) +{ + long vcard_msgnum; - wprintf("
    \n"); - wprintf("\n", during_login); - - serv_puts("GREG _SELF_"); - serv_gets(buf); - if (buf[0]!='1') { - wprintf("%s
    \n",&buf[4]); - } - else { - - wprintf("

    %s

    \n",&buf[4]); - a = 0; - while (serv_gets(buf), strcmp(buf,"000")) { - ++a; - wprintf("\n"); - } - wprintf("
    "); - switch(a) { - case 3: wprintf("Real Name:
    \n",buf); - break; - case 4: wprintf("Street Address:
    \n",buf); - break; - case 5: wprintf("City/town:
    \n",buf); - break; - case 6: wprintf("State/province:
    \n",buf); - break; - case 7: wprintf("ZIP code:
    \n",buf); - break; - case 8: wprintf("Telephone:
    \n",buf); - break; - case 9: wprintf("E-Mail:
    \n",buf); - break; - } - wprintf("

    "); - } - wprintf("\n"); - wprintf("\n"); - wprintf("

    \n"); - wDumpContent(1); + if (goto_config_room() != 0) { + if (during_login) do_welcome(); + else display_main_menu(); + return; } -/* - * register - */ -void register_user(void) { - char buf[256]; - - if (strcmp(bstr("action"),"Register")) { - display_error("Cancelled. Registration was not saved."); + vcard_msgnum = locate_user_vcard(WC->wc_username, -1); + if (vcard_msgnum < 0L) { + if (during_login) do_welcome(); + else display_main_menu(); return; - } - - serv_puts("REGI"); - serv_gets(buf); - if (buf[0]!='4') { - display_error(&buf[4]); - } + } - serv_puts(bstr("realname")); - serv_puts(bstr("address")); - serv_puts(bstr("city")); - serv_puts(bstr("state")); - serv_puts(bstr("zip")); - serv_puts(bstr("phone")); - serv_puts(bstr("email")); - serv_puts("000"); - - if (atoi(bstr("during_login"))) { - do_welcome(); - } + if (during_login) { + do_edit_vcard(vcard_msgnum, "1", "/do_welcome"); + } else { - display_error("Registration information has been saved."); - } + do_edit_vcard(vcard_msgnum, "1", "/display_main_menu"); } +} @@ -391,56 +329,63 @@ void register_user(void) { /* * display form for changing your password */ -void display_changepw(void) { - char buf[256]; +void display_changepw(void) +{ + char buf[SIZ]; - printf("HTTP/1.0 200 OK\n"); - output_headers(1, "bottom"); + output_headers(1, 1, 0, 0, 0, 0, 0); - wprintf("
    "); - wprintf("Change your password\n"); - wprintf("
    \n"); - - wprintf("
    "); + svprintf("BOXTITLE", WCS_STRING, "Change your password"); + do_template("beginbox"); + wprintf("

    "); serv_puts("MESG changepw"); serv_gets(buf); - if (buf[0]=='1') fmout(NULL); + if (buf[0] == '1') { + fmout(NULL, "CENTER"); + } wprintf("\n"); - wprintf("
    \n"); + wprintf("
    " + "
    Enter new password:
    " + "\n"); wprintf("\n"); wprintf("\n"); wprintf("\n"); - wprintf("
    Enter new password:
    Enter it again to confirm:
    \n"); - wprintf("\n"); - wprintf("\n"); + wprintf("
    \n"); + wprintf("\n" + " " + "\n"); wprintf("
    \n"); + do_template("endbox"); wDumpContent(1); - } +} /* * change password */ -void changepw(void) { - char buf[256]; +void changepw(void) +{ + char buf[SIZ]; char newpass1[32], newpass2[32]; - - if (strcmp(bstr("action"),"Change")) { - display_error("Cancelled. Password was not changed."); - return; - } + if (strcmp(bstr("action"), "Change")) { + strcpy(WC->ImportantMessage, + "Cancelled. Password was not changed."); + display_main_menu(); + return; + } strcpy(newpass1, bstr("newpass1")); strcpy(newpass2, bstr("newpass2")); if (strcasecmp(newpass1, newpass2)) { - display_error("They don't match. Password was not changed."); + strcpy(WC->ImportantMessage, + "They don't match. Password was not changed."); + display_main_menu(); return; - } - + } serv_printf("SETP %s", newpass1); serv_gets(buf); - if (buf[0]=='2') display_success(&buf[4]); - else display_error(&buf[4]); - } + strcpy(WC->ImportantMessage, &buf[4]); + display_main_menu(); +}