webcit/auth.c

   1 /*
   2  * $Id$
   3  *
   4  * Handles authentication of users to a Citadel server.
   5  *
   6  */
   7
   8 #include "webcit.h"
   9
  10 char *axdefs[7];
  11
  12 void initialize_axdefs(void) {
  13         axdefs[0] = _("Deleted");
  14         axdefs[1] = _("New User");
  15         axdefs[2] = _("Problem User");
  16         axdefs[3] = _("Local User");
  17         axdefs[4] = _("Network User");
  18         axdefs[5] = _("Preferred User");
  19         axdefs[6] = _("Aide");
  20 }
  21
  22
  23
  24
  25 /*
  26  * Display the login screen
  27  */
  28 void display_login(char *mesg)
  29 {
  30         char buf[SIZ];
  31
  32         output_headers(1, 1, 2, 0, 0, 0);
  33         wprintf("<div style=\"position:absolute; top:20px; left:20px; right:20px\">\n");
  34
  35         if (mesg != NULL) if (strlen(mesg) > 0) {
  36                 stresc(buf, mesg, 0, 0);
  37                 svprintf("mesg", WCS_STRING, "%s", buf);
  38         }
  39
  40         svprintf("LOGIN_INSTRUCTIONS", WCS_STRING,
  41                 _("<ul>"
  42                 "<li><b>If you already have an account on %s</b>, "
  43                 "enter your user name and password and click &quot;Login.&quot; "
  44                 "<li><b>If you are a new user</b>, enter the name and password "
  45                 "you wish to use, "
  46                 "and click &quot;New User.&quot; "
  47                 "<li>Please log off properly when finished. "
  48                 "<li>You must use a browser that supports <i>frames</i> and "
  49                 "<i>cookies</i>. "
  50                 "<li>Also keep in mind that if your browser is "
  51                 "configured to block pop-up windows, you will not be able "
  52                 "to receive any instant messages.<br />"
  53                 "</ul>"),
  54                 serv_info.serv_humannode
  55         );
  56
  57         svprintf("USERNAME_BOX", WCS_STRING, "%s", _("User name:"));
  58         svprintf("PASSWORD_BOX", WCS_STRING, "%s", _("Password:"));
  59         svprintf("LANGUAGE_BOX", WCS_STRING, "%s", _("Language:"));
  60         svprintf("LOGIN_BUTTON", WCS_STRING, "%s", _("Login"));
  61         svprintf("NEWUSER_BUTTON", WCS_STRING, "%s", _("New User"));
  62         svprintf("EXIT_BUTTON", WCS_STRING, "%s", _("Exit"));
  63         svprintf("hello", WCS_SERVCMD, "MESG hello");
  64         svprintf("BOXTITLE", WCS_STRING, _("%s - powered by Citadel"),
  65                 serv_info.serv_humannode);
  66         svcallback("DO_LANGUAGE_BOX", offer_languages);
  67
  68         do_template("login");
  69
  70         wDumpContent(2);
  71 }
  72
  73
  74
  75
  76 /*
  77  * This function needs to get called whenever the session changes from
  78  * not-logged-in to logged-in, either by an explicit login by the user or
  79  * by a timed-out session automatically re-establishing with a little help
  80  * from the browser cookie.  Either way, we need to load access controls and
  81  * preferences from the server.
  82  */
  83 void become_logged_in(char *user, char *pass, char *serv_response)
  84 {
  85         char buf[SIZ];
  86
  87         WC->logged_in = 1;
  88         extract_token(WC->wc_fullname, &serv_response[4], 0, '|', sizeof WC->wc_fullname);
  89         safestrncpy(WC->wc_username, user, sizeof WC->wc_username);
  90         safestrncpy(WC->wc_password, pass, sizeof WC->wc_password);
  91         WC->axlevel = extract_int(&serv_response[4], 1);
  92         if (WC->axlevel >= 6) {
  93                 WC->is_aide = 1;
  94         }
  95
  96         load_preferences();
  97
  98         serv_puts("CHEK");
  99         serv_getln(buf, sizeof buf);
 100         if (buf[0] == '2') {
 101                 WC->new_mail = extract_int(&buf[4], 0);
 102                 WC->need_regi = extract_int(&buf[4], 1);
 103                 WC->need_vali = extract_int(&buf[4], 2);
 104                 extract_token(WC->cs_inet_email, &buf[4], 3, '|', sizeof WC->cs_inet_email);
 105         }
 106
 107         get_preference("current_iconbar", buf, sizeof buf);
 108         WC->current_iconbar = atoi(buf);
 109
 110         get_preference("floordiv_expanded", WC->floordiv_expanded, sizeof WC->floordiv_expanded);
 111 }
 112
 113
 114 void do_login(void)
 115 {
 116         char buf[SIZ];
 117
 118         if (strlen(bstr("language")) > 0) {
 119                 set_selected_language(bstr("language"));
 120                 go_selected_language();
 121         }
 122
 123         if (strlen(bstr("exit_action")) > 0) {
 124                 do_logout();
 125                 return;
 126         }
 127         if (strlen(bstr("login_action")) > 0) {
 128                 serv_printf("USER %s", bstr("name"));
 129                 serv_getln(buf, sizeof buf);
 130                 if (buf[0] == '3') {
 131                         serv_printf("PASS %s", bstr("pass"));
 132                         serv_getln(buf, sizeof buf);
 133                         if (buf[0] == '2') {
 134                                 become_logged_in(bstr("name"),
 135                                                  bstr("pass"), buf);
 136                         } else {
 137                                 display_login(&buf[4]);
 138                                 return;
 139                         }
 140                 } else {
 141                         display_login(&buf[4]);
 142                         return;
 143                 }
 144         }
 145         if (strlen(bstr("newuser_action")) > 0) {
 146                 if (strlen(bstr("pass")) == 0) {
 147                         display_login(_("Blank passwords are not allowed."));
 148                         return;
 149                 }
 150                 serv_printf("NEWU %s", bstr("name"));
 151                 serv_getln(buf, sizeof buf);
 152                 if (buf[0] == '2') {
 153                         become_logged_in(bstr("name"), bstr("pass"), buf);
 154                         serv_printf("SETP %s", bstr("pass"));
 155                         serv_getln(buf, sizeof buf);
 156                 } else {
 157                         display_login(&buf[4]);
 158                         return;
 159                 }
 160         }
 161         if (WC->logged_in) {
 162                 if (WC->need_regi) {
 163                         display_reg(1);
 164                 } else {
 165                         do_welcome();
 166                 }
 167         } else {
 168                 display_login(_("Your password was not accepted."));
 169         }
 170
 171 }
 172
 173 void do_welcome(void)
 174 {
 175         char buf[SIZ];
 176 #ifdef XXX_NOT_FINISHED_YET_XXX
 177         FILE *fp;
 178         int i;
 179
 180         /*
 181          * See if we have to run the first-time setup wizard
 182          */
 183         if (WC->is_aide) {
 184                 if (!setup_wizard) {
 185                         sprintf(wizard_filename, "setupwiz.%s.%s",
 186                                 ctdlhost, ctdlport);
 187                         for (i=0; i<strlen(wizard_filename); ++i) {
 188                                 if (    (wizard_filename[i]==' ')
 189                                         || (wizard_filename[i] == '/')
 190                                 ) {
 191                                         wizard_filename[i] = '_';
 192                                 }
 193                         }
 194
 195                         fp = fopen(wizard_filename, "r");
 196                         if (fp != NULL) {
 197                                 fgets(buf, sizeof buf, fp);
 198                                 buf[strlen(buf)-1] = 0;
 199                                 fclose(fp);
 200                                 if (atoi(buf) == serv_info.serv_rev_level) {
 201                                         setup_wizard = 1; /* already run */
 202                                 }
 203                         }
 204                 }
 205
 206                 if (!setup_wizard) {
 207                         http_redirect("setup_wizard");
 208                 }
 209         }
 210 #endif
 211
 212         /*
 213          * Go to the user's preferred start page
 214          */
 215         get_preference("startpage", buf, sizeof buf);
 216         if (strlen(buf)==0) {
 217                 safestrncpy(buf, "dotskip&room=_BASEROOM_", sizeof buf);
 218                 set_preference("startpage", buf, 1);
 219         }
 220         if (buf[0] == '/') {
 221                 strcpy(buf, &buf[1]);
 222         }
 223         http_redirect(buf);
 224 }
 225
 226
 227 /*
 228  * Disconnect from the Citadel server, and end this WebCit session
 229  */
 230 void end_webcit_session(void) {
 231         char buf[256];
 232
 233         if (WC->logged_in) {
 234                 sprintf(buf, "%d", WC->current_iconbar);
 235                 set_preference("current_iconbar", buf, 0);
 236                 set_preference("floordiv_expanded", WC->floordiv_expanded, 1);
 237         }
 238
 239         serv_puts("QUIT");
 240         WC->killthis = 1;
 241         /* close() of citadel socket will be done by do_housekeeping() */
 242 }
 243
 244
 245 void do_logout(void)
 246 {
 247         char buf[SIZ];
 248
 249         safestrncpy(WC->wc_username, "", sizeof WC->wc_username);
 250         safestrncpy(WC->wc_password, "", sizeof WC->wc_password);
 251         safestrncpy(WC->wc_roomname, "", sizeof WC->wc_roomname);
 252         safestrncpy(WC->wc_fullname, "", sizeof WC->wc_fullname);
 253
 254         /* Calling output_headers() this way causes the cookies to be un-set */
 255         output_headers(1, 1, 0, 1, 0, 0);
 256
 257         wprintf("<center>");
 258         serv_puts("MESG goodbye");
 259         serv_getln(buf, sizeof buf);
 260
 261         if (WC->serv_sock >= 0) {
 262                 if (buf[0] == '1') {
 263                         fmout("CENTER");
 264                 } else {
 265                         wprintf("Goodbye\n");
 266                 }
 267         }
 268         else {
 269                 wprintf(_("This program was unable to connect or stay "
 270                         "connected to the Citadel server.  Please report "
 271                         "this problem to your system administrator.")
 272                 );
 273         }
 274
 275         wprintf("<hr /><a href=\".\">");
 276         wprintf(_("Log in again"));
 277         wprintf("</A>&nbsp;&nbsp;&nbsp;"
 278                 "<a href=\"javascript:window.close();\">");
 279         wprintf(_("Close window"));
 280         wprintf("</a></center>\n");
 281         wDumpContent(2);
 282         end_webcit_session();
 283 }
 284
 285
 286 /*
 287  * validate new users
 288  */
 289 void validate(void)
 290 {
 291         char cmd[SIZ];
 292         char user[SIZ];
 293         char buf[SIZ];
 294         int a;
 295
 296         output_headers(1, 1, 2, 0, 0, 0);
 297         wprintf("<div id=\"banner\">\n"
 298                 "<TABLE WIDTH=100%% BORDER=0 BGCOLOR=\"#444455\"><TR><TD>"
 299                 "<SPAN CLASS=\"titlebar\">");
 300         wprintf(_("Validate new users"));
 301         wprintf("</SPAN></TD></TR></TABLE>\n</div>\n<div id=\"content\">\n");
 302
 303         /* If the user just submitted a validation, process it... */
 304         safestrncpy(buf, bstr("user"), sizeof buf);
 305         if (strlen(buf) > 0) {
 306                 if (strlen(bstr("axlevel")) > 0) {
 307                         serv_printf("VALI %s|%s", buf, bstr("axlevel"));
 308                         serv_getln(buf, sizeof buf);
 309                         if (buf[0] != '2') {
 310                                 wprintf("<b>%s</b><br />\n", &buf[4]);
 311                         }
 312                 }
 313         }
 314
 315         /* Now see if any more users require validation. */
 316         serv_puts("GNUR");
 317         serv_getln(buf, sizeof buf);
 318         if (buf[0] == '2') {
 319                 wprintf("<b>");
 320                 wprintf(_("No users require validation at this time."));
 321                 wprintf("</b><br />\n");
 322                 wDumpContent(1);
 323                 return;
 324         }
 325         if (buf[0] != '3') {
 326                 wprintf("<b>%s</b><br />\n", &buf[4]);
 327                 wDumpContent(1);
 328                 return;
 329         }
 330
 331         wprintf("<div class=\"fix_scrollbar_bug\">"
 332                 "<table border=0 width=100%% bgcolor=\"#ffffff\"><tr><td>\n");
 333         wprintf("<center>");
 334
 335         safestrncpy(user, &buf[4], sizeof user);
 336         serv_printf("GREG %s", user);
 337         serv_getln(cmd, sizeof cmd);
 338         if (cmd[0] == '1') {
 339                 a = 0;
 340                 do {
 341                         serv_getln(buf, sizeof buf);
 342                         ++a;
 343                         if (a == 1)
 344                                 wprintf("#%s<br /><H1>%s</H1>",
 345                                         buf, &cmd[4]);
 346                         if (a == 2)
 347                                 wprintf("PW: %s<br />\n", buf);
 348                         if (a == 3)
 349                                 wprintf("%s<br />\n", buf);
 350                         if (a == 4)
 351                                 wprintf("%s<br />\n", buf);
 352                         if (a == 5)
 353                                 wprintf("%s, ", buf);
 354                         if (a == 6)
 355                                 wprintf("%s ", buf);
 356                         if (a == 7)
 357                                 wprintf("%s<br />\n", buf);
 358                         if (a == 8)
 359                                 wprintf("%s<br />\n", buf);
 360                         if (a == 9)
 361                                 wprintf(_("Current access level: %d (%s)\n"),
 362                                         atoi(buf), axdefs[atoi(buf)]);
 363                 } while (strcmp(buf, "000"));
 364         } else {
 365                 wprintf("<H1>%s</H1>%s<br />\n", user, &cmd[4]);
 366         }
 367
 368         wprintf("<hr />");
 369         wprintf(_("Select access level for this user:"));
 370         wprintf("<br />\n");
 371         for (a = 0; a <= 6; ++a) {
 372                 wprintf("<a href=\"validate&user=");
 373                 urlescputs(user);
 374                 wprintf("&axlevel=%d\">%s</A>&nbsp;&nbsp;&nbsp;\n",
 375                         a, axdefs[a]);
 376         }
 377         wprintf("<br />\n");
 378
 379         wprintf("</CENTER>\n");
 380         wprintf("</td></tr></table></div>\n");
 381         wDumpContent(1);
 382 }
 383
 384
 385
 386 /*
 387  * Display form for registration.
 388  * (Set during_login to 1 if this registration is being performed during
 389  * new user login and will require chaining to the proper screen.)
 390  */
 391 void display_reg(int during_login)
 392 {
 393         long vcard_msgnum;
 394
 395         if (goto_config_room() != 0) {
 396                 if (during_login) do_welcome();
 397                 else display_main_menu();
 398                 return;
 399         }
 400
 401         vcard_msgnum = locate_user_vcard(WC->wc_fullname, -1);
 402         if (vcard_msgnum < 0L) {
 403                 if (during_login) do_welcome();
 404                 else display_main_menu();
 405                 return;
 406         }
 407
 408         if (during_login) {
 409                 do_edit_vcard(vcard_msgnum, "1", "do_welcome");
 410         }
 411         else {
 412                 do_edit_vcard(vcard_msgnum, "1", "display_main_menu");
 413         }
 414
 415 }
 416
 417
 418
 419
 420 /*
 421  * display form for changing your password
 422  */
 423 void display_changepw(void)
 424 {
 425         char buf[SIZ];
 426
 427         output_headers(1, 1, 2, 0, 0, 0);
 428         wprintf("<div id=\"banner\">\n"
 429                 "<TABLE WIDTH=100%% BORDER=0 BGCOLOR=\"#444455\"><TR><TD>"
 430                 "<SPAN CLASS=\"titlebar\">");
 431         wprintf(_("Change your password"));
 432         wprintf("</SPAN>"
 433                 "</TD></TR></TABLE>\n"
 434                 "</div>\n<div id=\"content\">\n"
 435         );
 436
 437         if (strlen(WC->ImportantMessage) > 0) {
 438                 do_template("beginbox_nt");
 439                 wprintf("<SPAN CLASS=\"errormsg\">"
 440                         "%s</SPAN><br />\n", WC->ImportantMessage);
 441                 do_template("endbox");
 442                 safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage);
 443         }
 444
 445         wprintf("<div class=\"fix_scrollbar_bug\">"
 446                 "<table border=0 width=100%% bgcolor=\"#ffffff\"><tr><td>\n");
 447
 448         wprintf("<CENTER><br />");
 449         serv_puts("MESG changepw");
 450         serv_getln(buf, sizeof buf);
 451         if (buf[0] == '1') {
 452                 fmout("CENTER");
 453         }
 454
 455         wprintf("<form name=\"changepwform\" action=\"changepw\" method=\"post\">\n");
 456         wprintf("<CENTER>"
 457                 "<table border=\"0\" cellspacing=\"5\" cellpadding=\"5\" "
 458                 "BGCOLOR=\"#EEEEEE\">"
 459                 "<TR><TD>");
 460         wprintf(_("Enter new password:"));
 461         wprintf("</TD>\n");
 462         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass1\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
 463         wprintf("<TR><TD>");
 464         wprintf(_("Enter it again to confirm:"));
 465         wprintf("</TD>\n");
 466         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass2\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
 467
 468         wprintf("</TABLE><br />\n");
 469         wprintf("<INPUT type=\"submit\" name=\"change_action\" value=\"%s\">", _("Change password"));
 470         wprintf("&nbsp;");
 471         wprintf("<INPUT type=\"submit\" name=\"cancel_action\" value=\"%s\">\n", _("Cancel"));
 472         wprintf("</form></center>\n");
 473         wprintf("</td></tr></table></div>\n");
 474         wDumpContent(1);
 475 }
 476
 477 /*
 478  * change password
 479  */
 480 void changepw(void)
 481 {
 482         char buf[SIZ];
 483         char newpass1[32], newpass2[32];
 484
 485         if (strlen(bstr("change_action")) == 0) {
 486                 safestrncpy(WC->ImportantMessage,
 487                         _("Cancelled.  Password was not changed."),
 488                         sizeof WC->ImportantMessage);
 489                 display_main_menu();
 490                 return;
 491         }
 492
 493         safestrncpy(newpass1, bstr("newpass1"), sizeof newpass1);
 494         safestrncpy(newpass2, bstr("newpass2"), sizeof newpass2);
 495
 496         if (strcasecmp(newpass1, newpass2)) {
 497                 safestrncpy(WC->ImportantMessage,
 498                         _("They don't match.  Password was not changed."),
 499                         sizeof WC->ImportantMessage);
 500                 display_changepw();
 501                 return;
 502         }
 503
 504         if (strlen(newpass1) == 0) {
 505                 safestrncpy(WC->ImportantMessage,
 506                         _("Blank passwords are not allowed."),
 507                         sizeof WC->ImportantMessage);
 508                 display_changepw();
 509                 return;
 510         }
 511
 512         serv_printf("SETP %s", newpass1);
 513         serv_getln(buf, sizeof buf);
 514         sprintf(WC->ImportantMessage, "%s", &buf[4]);
 515         if (buf[0] == '2') {
 516                 safestrncpy(WC->wc_password, buf, sizeof WC->wc_password);
 517                 display_main_menu();
 518         }
 519         else {
 520                 display_changepw();
 521         }
 522 }