webcit/auth.c

   1 /*
   2  * auth.c
   3  *
   4  * This file contains code which relates to authentication of users to Citadel.
   5  *
   6  * $Id$
   7  */
   8
   9 #include <stdlib.h>
  10 #ifdef HAVE_UNISTD_H
  11 #include <unistd.h>
  12 #endif
  13 #include <stdio.h>
  14 #include <ctype.h>
  15 #include <string.h>
  16 #include <errno.h>
  17 #include "webcit.h"
  18 #include "child.h"
  19
  20 char *axdefs[] =
  21 {
  22         "Deleted",
  23         "New User",
  24         "Problem User",
  25         "Local User",
  26         "Network User",
  27         "Preferred User",
  28         "Aide"
  29 };
  30
  31 /*
  32  * Display the login screen
  33  */
  34 void display_login(char *mesg)
  35 {
  36         char buf[256];
  37
  38         printf("HTTP/1.0 200 OK\n");
  39         output_headers(3);
  40
  41         /* Da banner */
  42         wprintf("<CENTER><TABLE border=0 width=100%><TR><TD>\n");
  43         wprintf("<IMG SRC=\"/image&name=hello\">");
  44         wprintf("</TD><TD><CENTER>\n");
  45
  46         if (mesg != NULL) {
  47                 wprintf("<font size=+1><b>%s</b></font>", mesg);
  48         } else {
  49                 serv_puts("MESG hello");
  50                 serv_gets(buf);
  51                 if (buf[0] == '1')
  52                         fmout(NULL);
  53         }
  54
  55         wprintf("</CENTER></TD></TR></TABLE></CENTER>\n");
  56         wprintf("<HR>\n");
  57
  58         /* Da login box */
  59         wprintf("<CENTER><FORM ACTION=\"/login\" METHOD=\"POST\">\n");
  60         wprintf("<TABLE border><TR>\n");
  61         wprintf("<TD>User Name:</TD>\n");
  62         wprintf("<TD><INPUT TYPE=\"text\" NAME=\"name\" MAXLENGTH=\"25\">\n");
  63         wprintf("</TD></TR><TR>\n");
  64         wprintf("<TD>Password:</TD>\n");
  65         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"pass\" MAXLENGTH=\"20\"></TD>\n");
  66         wprintf("</TR></TABLE>\n");
  67         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Login\">\n");
  68         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"New User\">\n");
  69         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Exit\">\n");
  70
  71         /* Da instructions */
  72         wprintf("<LI><EM>If you already have an account on %s,",
  73                 serv_info.serv_humannode);
  74         wprintf("</EM> enter your user name\n");
  75         wprintf("and password and click \"<TT>Login</TT>.\"<BR>\n");
  76         wprintf("<LI><EM>If you are a new user,</EM>\n");
  77         wprintf("enter the name and password you wish to use, and click\n");
  78         wprintf("\"New User.\"<BR><LI>");
  79         wprintf("<EM>Please log off properly when finished.</EM>");
  80         wprintf("<LI>You must use a browser that supports <i>cookies</i>.<BR>\n");
  81         wprintf("</EM></UL>\n");
  82
  83         wDumpContent(0);        /* No menu here; not logged in yet! */
  84 }
  85
  86
  87
  88
  89 /*
  90  * This function needs to get called whenever a PASS or NEWU succeeds.
  91  */
  92 void become_logged_in(char *user, char *pass, char *serv_response)
  93 {
  94         WC->logged_in = 1;
  95         extract(WC->wc_username, &serv_response[4], 0);
  96         strcpy(WC->wc_password, pass);
  97         WC->axlevel = extract_int(&serv_response[4], 1);
  98         if (WC->axlevel >= 6)
  99                 WC->is_aide = 1;
 100 }
 101
 102
 103 void do_login(void)
 104 {
 105         char buf[256];
 106         int need_regi = 0;
 107
 108
 109         if (!strcasecmp(bstr("action"), "Exit")) {
 110                 do_logout();
 111         }
 112         if (!strcasecmp(bstr("action"), "Login")) {
 113                 serv_printf("USER %s", bstr("name"));
 114                 serv_gets(buf);
 115                 if (buf[0] == '3') {
 116                         serv_printf("PASS %s", bstr("pass"));
 117                         serv_gets(buf);
 118                         if (buf[0] == '2') {
 119                                 become_logged_in(bstr("name"),
 120                                                  bstr("pass"), buf);
 121                         } else {
 122                                 display_login(&buf[4]);
 123                                 return;
 124                         }
 125                 } else {
 126                         display_login(&buf[4]);
 127                         return;
 128                 }
 129         }
 130         if (!strcasecmp(bstr("action"), "New User")) {
 131                 serv_printf("NEWU %s", bstr("name"));
 132                 serv_gets(buf);
 133                 if (buf[0] == '2') {
 134                         become_logged_in(bstr("name"), bstr("pass"), buf);
 135                         serv_printf("SETP %s", bstr("pass"));
 136                         serv_gets(buf);
 137                 } else {
 138                         display_login(&buf[4]);
 139                         return;
 140                 }
 141         }
 142         if (WC->logged_in) {
 143                 serv_puts("CHEK");
 144                 serv_gets(buf);
 145                 if (buf[0] == '2') {
 146                         WC->new_mail = extract_int(&buf[4], 0);
 147                         need_regi = extract_int(&buf[4], 1);
 148                         WC->need_vali = extract_int(&buf[4], 2);
 149                 }
 150                 if (need_regi) {
 151                         display_reg(1);
 152                 } else {
 153                         do_welcome();
 154                 }
 155         } else {
 156                 display_login("Your password was not accepted.");
 157         }
 158
 159 }
 160
 161 void do_welcome(void)
 162 {
 163         smart_goto("_BASEROOM_");
 164 }
 165
 166
 167 void do_logout(void)
 168 {
 169         char buf[256];
 170
 171         strcpy(WC->wc_username, "");
 172         strcpy(WC->wc_password, "");
 173         strcpy(WC->wc_roomname, "");
 174
 175         printf("HTTP/1.0 200 OK\n");
 176         output_headers(2);      /* note "2" causes cookies to be unset */
 177
 178         wprintf("<CENTER>");
 179         serv_puts("MESG goodbye");
 180         serv_gets(buf);
 181
 182         if (buf[0] == '1')
 183                 fmout(NULL);
 184         else
 185                 wprintf("Goodbye\n");
 186
 187         wprintf("<HR><A HREF=\"/\">Log in again</A></CENTER>\n");
 188         wDumpContent(2);
 189         serv_puts("QUIT");
 190         exit(0);
 191 }
 192
 193
 194
 195
 196
 197 /*
 198  * validate new users
 199  */
 200 void validate(void)
 201 {
 202         char cmd[256];
 203         char user[256];
 204         char buf[256];
 205         int a;
 206
 207         printf("HTTP/1.0 200 OK\n");
 208         output_headers(1);
 209
 210         strcpy(buf, bstr("user"));
 211         if (strlen(buf) > 0)
 212                 if (strlen(bstr("WC->axlevel")) > 0) {
 213                         serv_printf("VALI %s|%s", buf, bstr("WC->axlevel"));
 214                         serv_gets(buf);
 215                         if (buf[0] != '2') {
 216                                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
 217                         }
 218                 }
 219         serv_puts("GNUR");
 220         serv_gets(buf);
 221
 222         if (buf[0] != '3') {
 223                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
 224                 wDumpContent(1);
 225                 return;
 226         }
 227         strcpy(user, &buf[4]);
 228         serv_printf("GREG %s", user);
 229         serv_gets(cmd);
 230         if (cmd[0] == '1') {
 231                 a = 0;
 232                 do {
 233                         serv_gets(buf);
 234                         ++a;
 235                         if (a == 1)
 236                                 wprintf("User #%s<BR><H1>%s</H1>",
 237                                         buf, &cmd[4]);
 238                         if (a == 2)
 239                                 wprintf("PW: %s<BR>\n", buf);
 240                         if (a == 3)
 241                                 wprintf("%s<BR>\n", buf);
 242                         if (a == 4)
 243                                 wprintf("%s<BR>\n", buf);
 244                         if (a == 5)
 245                                 wprintf("%s, ", buf);
 246                         if (a == 6)
 247                                 wprintf("%s ", buf);
 248                         if (a == 7)
 249                                 wprintf("%s<BR>\n", buf);
 250                         if (a == 8)
 251                                 wprintf("%s<BR>\n", buf);
 252                         if (a == 9)
 253                                 wprintf("Current access level: %d (%s)\n",
 254                                         atoi(buf), axdefs[atoi(buf)]);
 255                 } while (strcmp(buf, "000"));
 256         } else {
 257                 wprintf("<H1>%s</H1>%s<BR>\n", user, &cmd[4]);
 258         }
 259
 260         wprintf("<CENTER><TABLE border><CAPTION>Select access level:");
 261         wprintf("</CAPTION><TR>");
 262         for (a = 0; a <= 6; ++a) {
 263                 wprintf(
 264                                "<TD><A HREF=\"/validate&user=%s&WC->axlevel=%d\">%s</A></TD>\n",
 265                                urlesc(user), a, axdefs[a]);
 266         }
 267         wprintf("</TR></TABLE><CENTER><BR>\n");
 268         wDumpContent(1);
 269 }
 270
 271
 272
 273
 274
 275
 276 /*
 277  * Display form for registration.
 278  * (Set during_login to 1 if this registration is being performed during
 279  * new user login and will require chaining to the proper screen.)
 280  */
 281 void display_reg(int during_login)
 282 {
 283         char buf[256];
 284         int a;
 285
 286         printf("HTTP/1.0 200 OK\n");
 287         output_headers(1);
 288
 289         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=007700><TR><TD>");
 290         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
 291         wprintf("<B>Enter registration info</B>\n");
 292         wprintf("</FONT></TD></TR></TABLE>\n");
 293
 294         wprintf("<CENTER>");
 295         serv_puts("MESG register");
 296         serv_gets(buf);
 297         if (buf[0] == '1')
 298                 fmout(NULL);
 299
 300         wprintf("<FORM ACTION=\"/register\" METHOD=\"POST\">\n");
 301         wprintf("<INPUT TYPE=\"hidden\" NAME=\"during_login\" VALUE=\"%d\">\n", during_login);
 302
 303         serv_puts("GREG _SELF_");
 304         serv_gets(buf);
 305         if (buf[0] != '1') {
 306                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
 307         } else {
 308
 309                 wprintf("<H1>%s</H1><TABLE border>\n", &buf[4]);
 310                 a = 0;
 311                 while (serv_gets(buf), strcmp(buf, "000")) {
 312                         ++a;
 313                         wprintf("<TR><TD>");
 314                         switch (a) {
 315                         case 3:
 316                                 wprintf("Real Name:</TD><TD><INPUT TYPE=\"text\" NAME=\"realname\" VALUE=\"%s\" MAXLENGTH=\"29\"><BR>\n", buf);
 317                                 break;
 318                         case 4:
 319                                 wprintf("Street Address:</TD><TD><INPUT TYPE=\"text\" NAME=\"address\" VALUE=\"%s\" MAXLENGTH=\"24\"><BR>\n", buf);
 320                                 break;
 321                         case 5:
 322                                 wprintf("City/town:</TD><TD><INPUT TYPE=\"text\" NAME=\"city\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n", buf);
 323                                 break;
 324                         case 6:
 325                                 wprintf("State/province:</TD><TD><INPUT TYPE=\"text\" NAME=\"state\" VALUE=\"%s\" MAXLENGTH=\"2\"><BR>\n", buf);
 326                                 break;
 327                         case 7:
 328                                 wprintf("ZIP code:</TD><TD><INPUT TYPE=\"text\" NAME=\"zip\" VALUE=\"%s\" MAXLENGTH=\"10\"><BR>\n", buf);
 329                                 break;
 330                         case 8:
 331                                 wprintf("Telephone:</TD><TD><INPUT TYPE=\"text\" NAME=\"phone\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n", buf);
 332                                 break;
 333                         case 10:
 334                                 wprintf("E-Mail:</TD><TD><INPUT TYPE=\"text\" NAME=\"email\" VALUE=\"%s\" MAXLENGTH=\"31\"><BR>\n", buf);
 335                                 break;
 336                         }
 337                         wprintf("</TD></TR>\n");
 338                 }
 339                 wprintf("</TABLE><P>");
 340         }
 341         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Register\">\n");
 342         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
 343         wprintf("</CENTER>\n");
 344         wDumpContent(1);
 345 }
 346
 347 /*
 348  * register
 349  */
 350 void register_user(void)
 351 {
 352         char buf[256];
 353
 354         if (strcmp(bstr("action"), "Register")) {
 355                 display_error("Cancelled.  Registration was not saved.");
 356                 return;
 357         }
 358         serv_puts("REGI");
 359         serv_gets(buf);
 360         if (buf[0] != '4') {
 361                 display_error(&buf[4]);
 362         }
 363         serv_puts(bstr("realname"));
 364         serv_puts(bstr("address"));
 365         serv_puts(bstr("city"));
 366         serv_puts(bstr("state"));
 367         serv_puts(bstr("zip"));
 368         serv_puts(bstr("phone"));
 369         serv_puts(bstr("email"));
 370         serv_puts("000");
 371
 372         if (atoi(bstr("during_login"))) {
 373                 do_welcome();
 374         } else {
 375                 display_error("Registration information has been saved.");
 376         }
 377 }
 378
 379
 380
 381
 382
 383 /*
 384  * display form for changing your password
 385  */
 386 void display_changepw(void)
 387 {
 388         char buf[256];
 389
 390         printf("HTTP/1.0 200 OK\n");
 391         output_headers(1);
 392
 393         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=770000><TR><TD>");
 394         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
 395         wprintf("<B>Change your password</B>\n");
 396         wprintf("</FONT></TD></TR></TABLE>\n");
 397
 398         wprintf("<CENTER>");
 399         serv_puts("MESG changepw");
 400         serv_gets(buf);
 401         if (buf[0] == '1')
 402                 fmout(NULL);
 403
 404         wprintf("<FORM ACTION=\"changepw\" METHOD=\"POST\">\n");
 405         wprintf("<CENTER><TABLE border><TR><TD>Enter new password:</TD>\n");
 406         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass1\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
 407         wprintf("<TR><TD>Enter it again to confirm:</TD>\n");
 408         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass2\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
 409         wprintf("</TABLE>\n");
 410         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Change\">\n");
 411         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
 412         wprintf("</CENTER>\n");
 413         wDumpContent(1);
 414 }
 415
 416 /*
 417  * change password
 418  */
 419 void changepw(void)
 420 {
 421         char buf[256];
 422         char newpass1[32], newpass2[32];
 423
 424         if (strcmp(bstr("action"), "Change")) {
 425                 display_error("Cancelled.  Password was not changed.");
 426                 return;
 427         }
 428         strcpy(newpass1, bstr("newpass1"));
 429         strcpy(newpass2, bstr("newpass2"));
 430
 431         if (strcasecmp(newpass1, newpass2)) {
 432                 display_error("They don't match.  Password was not changed.");
 433                 return;
 434         }
 435         serv_printf("SETP %s", newpass1);
 436         serv_gets(buf);
 437         if (buf[0] == '2')
 438                 display_success(&buf[4]);
 439         else
 440                 display_error(&buf[4]);
 441 }