webcit/auth.c

   1 /*
   2  * auth.c
   3  *
   4  * This file contains code which relates to authentication of users to Citadel.
   5  *
   6  * $Id$
   7  */
   8
   9 #include <stdlib.h>
  10 #ifdef HAVE_UNISTD_H
  11 #include <unistd.h>
  12 #endif
  13 #include <stdio.h>
  14 #include <ctype.h>
  15 #include <string.h>
  16 #include <errno.h>
  17 #include "webcit.h"
  18 #include "child.h"
  19
  20 char *axdefs[] =
  21 {
  22         "Deleted",
  23         "New User",
  24         "Problem User",
  25         "Local User",
  26         "Network User",
  27         "Preferred User",
  28         "Aide"
  29 };
  30
  31 /*
  32  * Display the login screen
  33  */
  34 void display_login(char *mesg)
  35 {
  36         char buf[256];
  37
  38         printf("HTTP/1.0 200 OK\n");
  39         output_headers(1, "_top");
  40
  41         /* Da banner */
  42         wprintf("<CENTER><TABLE border=0 width=100%><TR><TD>\n");
  43         wprintf("<IMG SRC=\"/image&name=hello\">");
  44         wprintf("</TD><TD><CENTER>\n");
  45
  46         if (mesg != NULL) {
  47                 wprintf("<font size=+1><b>%s</b></font>", mesg);
  48         } else {
  49                 serv_puts("MESG hello");
  50                 serv_gets(buf);
  51                 if (buf[0] == '1')
  52                         fmout(NULL);
  53         }
  54
  55         wprintf("</CENTER></TD></TR></TABLE></CENTER>\n");
  56         wprintf("<HR>\n");
  57
  58         /* Da login box */
  59         wprintf("<CENTER><FORM ACTION=\"/login\" METHOD=\"POST\">\n");
  60         wprintf("<TABLE border><TR>\n");
  61         wprintf("<TD>User Name:</TD>\n");
  62         wprintf("<TD><INPUT TYPE=\"text\" NAME=\"name\" MAXLENGTH=\"25\">\n");
  63         wprintf("</TD></TR><TR>\n");
  64         wprintf("<TD>Password:</TD>\n");
  65         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"pass\" MAXLENGTH=\"20\"></TD>\n");
  66         wprintf("</TR></TABLE>\n");
  67         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Login\">\n");
  68         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"New User\">\n");
  69         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Exit\">\n");
  70
  71         wprintf("<BR><INPUT TYPE=\"checkbox\" NAME=\"noframes\">");
  72         wprintf("<FONT SIZE=-1>&nbsp;Check here to disable frames</FONT>\n");
  73         wprintf("</FORM></CENTER>\n");
  74
  75         /* Da instructions */
  76         wprintf("<LI><EM>If you already have an account on %s,",
  77                 serv_info.serv_humannode);
  78         wprintf("</EM> enter your user name\n");
  79         wprintf("and password and click \"<TT>Login</TT>.\"<BR>\n");
  80         wprintf("<LI><EM>If you are a new user,</EM>\n");
  81         wprintf("enter the name and password you wish to use, and click\n");
  82         wprintf("\"New User.\"<BR><LI>");
  83         wprintf("<EM>Please log off properly when finished.</EM>");
  84         wprintf("<LI>You must use a browser that supports <i>cookies</i>.<BR>\n");
  85         wprintf("</EM></UL>\n");
  86
  87         wDumpContent(1);
  88 }
  89
  90
  91
  92
  93 /*
  94  * This function needs to get called whenever a PASS or NEWU succeeds.
  95  */
  96 void become_logged_in(char *user, char *pass, char *serv_response)
  97 {
  98         logged_in = 1;
  99         extract(wc_username, &serv_response[4], 0);
 100         strcpy(wc_password, pass);
 101         axlevel = extract_int(&serv_response[4], 1);
 102         if (axlevel >= 6)
 103                 is_aide = 1;
 104 }
 105
 106
 107 void do_login(void)
 108 {
 109         char buf[256];
 110         int need_regi = 0;
 111
 112
 113         if (!strcasecmp(bstr("noframes"), "on"))
 114                 noframes = 1;
 115         else
 116                 noframes = 0;
 117
 118         if (!strcasecmp(bstr("action"), "Exit")) {
 119                 do_logout();
 120         }
 121         if (!strcasecmp(bstr("action"), "Login")) {
 122                 serv_printf("USER %s", bstr("name"));
 123                 serv_gets(buf);
 124                 if (buf[0] == '3') {
 125                         serv_printf("PASS %s", bstr("pass"));
 126                         serv_gets(buf);
 127                         if (buf[0] == '2') {
 128                                 become_logged_in(bstr("name"),
 129                                                  bstr("pass"), buf);
 130                         } else {
 131                                 display_login(&buf[4]);
 132                                 return;
 133                         }
 134                 } else {
 135                         display_login(&buf[4]);
 136                         return;
 137                 }
 138         }
 139         if (!strcasecmp(bstr("action"), "New User")) {
 140                 serv_printf("NEWU %s", bstr("name"));
 141                 serv_gets(buf);
 142                 if (buf[0] == '2') {
 143                         become_logged_in(bstr("name"), bstr("pass"), buf);
 144                         serv_printf("SETP %s", bstr("pass"));
 145                         serv_gets(buf);
 146                 } else {
 147                         display_login(&buf[4]);
 148                         return;
 149                 }
 150         }
 151         if (logged_in) {
 152                 serv_puts("CHEK");
 153                 serv_gets(buf);
 154                 if (buf[0] == '2') {
 155                         need_regi = extract_int(&buf[4], 1);
 156                         /* FIX also check for new mail etc. here */
 157                 }
 158                 if (need_regi) {
 159                         display_reg(1);
 160                 } else {
 161                         do_welcome();
 162                 }
 163         } else {
 164                 display_login("Your password was not accepted.");
 165         }
 166
 167 }
 168
 169 void do_welcome(void)
 170 {
 171
 172         if (noframes) {
 173                 printf("HTTP/1.0 200 OK\n");
 174                 output_headers(1, "_top");
 175                 wprintf("<CENTER><H1>");
 176                 escputs(wc_username);
 177                 wprintf("</H1>\n");
 178                 /* FIX add user stats here */
 179                 wDumpContent(1);
 180         } else {
 181                 output_static("frameset.html");
 182         }
 183 }
 184
 185
 186 void do_logout(void)
 187 {
 188         char buf[256];
 189
 190         strcpy(wc_username, "");
 191         strcpy(wc_password, "");
 192         strcpy(wc_roomname, "");
 193
 194         printf("HTTP/1.0 200 OK\n");
 195         output_headers(2, "_top");      /* note "2" causes cookies to be unset */
 196
 197         wprintf("<CENTER>");
 198         serv_puts("MESG goodbye");
 199         serv_gets(buf);
 200
 201         if (buf[0] == '1')
 202                 fmout(NULL);
 203         else
 204                 wprintf("Goodbye\n");
 205
 206         wprintf("<HR><A HREF=\"/\">Log in again</A></CENTER>\n");
 207         wDumpContent(2);
 208         serv_puts("QUIT");
 209         exit(0);
 210 }
 211
 212
 213
 214
 215
 216 /*
 217  * validate new users
 218  */
 219 void validate(void)
 220 {
 221         char cmd[256];
 222         char user[256];
 223         char buf[256];
 224         int a;
 225
 226         printf("HTTP/1.0 200 OK\n");
 227         output_headers(1, "bottom");
 228
 229         strcpy(buf, bstr("user"));
 230         if (strlen(buf) > 0)
 231                 if (strlen(bstr("axlevel")) > 0) {
 232                         serv_printf("VALI %s|%s", buf, bstr("axlevel"));
 233                         serv_gets(buf);
 234                         if (buf[0] != '2') {
 235                                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
 236                         }
 237                 }
 238         serv_puts("GNUR");
 239         serv_gets(buf);
 240
 241         if (buf[0] != '3') {
 242                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
 243                 wDumpContent(1);
 244                 return;
 245         }
 246         strcpy(user, &buf[4]);
 247         serv_printf("GREG %s", user);
 248         serv_gets(cmd);
 249         if (cmd[0] == '1') {
 250                 a = 0;
 251                 do {
 252                         serv_gets(buf);
 253                         ++a;
 254                         if (a == 1)
 255                                 wprintf("User #%s<BR><H1>%s</H1>",
 256                                         buf, &cmd[4]);
 257                         if (a == 2)
 258                                 wprintf("PW: %s<BR>\n", buf);
 259                         if (a == 3)
 260                                 wprintf("%s<BR>\n", buf);
 261                         if (a == 4)
 262                                 wprintf("%s<BR>\n", buf);
 263                         if (a == 5)
 264                                 wprintf("%s, ", buf);
 265                         if (a == 6)
 266                                 wprintf("%s ", buf);
 267                         if (a == 7)
 268                                 wprintf("%s<BR>\n", buf);
 269                         if (a == 8)
 270                                 wprintf("%s<BR>\n", buf);
 271                         if (a == 9)
 272                                 wprintf("Current access level: %d (%s)\n",
 273                                         atoi(buf), axdefs[atoi(buf)]);
 274                 } while (strcmp(buf, "000"));
 275         } else {
 276                 wprintf("<H1>%s</H1>%s<BR>\n", user, &cmd[4]);
 277         }
 278
 279         wprintf("<CENTER><TABLE border><CAPTION>Select access level:");
 280         wprintf("</CAPTION><TR>");
 281         for (a = 0; a <= 6; ++a) {
 282                 wprintf(
 283                                "<TD><A HREF=\"/validate&user=%s&axlevel=%d\">%s</A></TD>\n",
 284                                urlesc(user), a, axdefs[a]);
 285         }
 286         wprintf("</TR></TABLE><CENTER><BR>\n");
 287         wDumpContent(1);
 288 }
 289
 290
 291
 292
 293
 294
 295 /*
 296  * Display form for registration.
 297  * (Set during_login to 1 if this registration is being performed during
 298  * new user login and will require chaining to the proper screen.)
 299  */
 300 void display_reg(int during_login)
 301 {
 302         char buf[256];
 303         int a;
 304
 305         printf("HTTP/1.0 200 OK\n");
 306         output_headers(1, "bottom");
 307
 308         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=007700><TR><TD>");
 309         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
 310         wprintf("<B>Enter registration info</B>\n");
 311         wprintf("</FONT></TD></TR></TABLE>\n");
 312
 313         wprintf("<CENTER>");
 314         serv_puts("MESG register");
 315         serv_gets(buf);
 316         if (buf[0] == '1')
 317                 fmout(NULL);
 318
 319         wprintf("<FORM ACTION=\"/register\" METHOD=\"POST\">\n");
 320         wprintf("<INPUT TYPE=\"hidden\" NAME=\"during_login\" VALUE=\"%d\">\n", during_login);
 321
 322         serv_puts("GREG _SELF_");
 323         serv_gets(buf);
 324         if (buf[0] != '1') {
 325                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
 326         } else {
 327
 328                 wprintf("<H1>%s</H1><TABLE border>\n", &buf[4]);
 329                 a = 0;
 330                 while (serv_gets(buf), strcmp(buf, "000")) {
 331                         ++a;
 332                         wprintf("<TR><TD>");
 333                         switch (a) {
 334                         case 3:
 335                                 wprintf("Real Name:</TD><TD><INPUT TYPE=\"text\" NAME=\"realname\" VALUE=\"%s\" MAXLENGTH=\"29\"><BR>\n", buf);
 336                                 break;
 337                         case 4:
 338                                 wprintf("Street Address:</TD><TD><INPUT TYPE=\"text\" NAME=\"address\" VALUE=\"%s\" MAXLENGTH=\"24\"><BR>\n", buf);
 339                                 break;
 340                         case 5:
 341                                 wprintf("City/town:</TD><TD><INPUT TYPE=\"text\" NAME=\"city\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n", buf);
 342                                 break;
 343                         case 6:
 344                                 wprintf("State/province:</TD><TD><INPUT TYPE=\"text\" NAME=\"state\" VALUE=\"%s\" MAXLENGTH=\"2\"><BR>\n", buf);
 345                                 break;
 346                         case 7:
 347                                 wprintf("ZIP code:</TD><TD><INPUT TYPE=\"text\" NAME=\"zip\" VALUE=\"%s\" MAXLENGTH=\"10\"><BR>\n", buf);
 348                                 break;
 349                         case 8:
 350                                 wprintf("Telephone:</TD><TD><INPUT TYPE=\"text\" NAME=\"phone\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n", buf);
 351                                 break;
 352                         case 9:
 353                                 wprintf("E-Mail:</TD><TD><INPUT TYPE=\"text\" NAME=\"email\" VALUE=\"%s\" MAXLENGTH=\"31\"><BR>\n", buf);
 354                                 break;
 355                         }
 356                         wprintf("</TD></TR>\n");
 357                 }
 358                 wprintf("</TABLE><P>");
 359         }
 360         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Register\">\n");
 361         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
 362         wprintf("</CENTER>\n");
 363         wDumpContent(1);
 364 }
 365
 366 /*
 367  * register
 368  */
 369 void register_user(void)
 370 {
 371         char buf[256];
 372
 373         if (strcmp(bstr("action"), "Register")) {
 374                 display_error("Cancelled.  Registration was not saved.");
 375                 return;
 376         }
 377         serv_puts("REGI");
 378         serv_gets(buf);
 379         if (buf[0] != '4') {
 380                 display_error(&buf[4]);
 381         }
 382         serv_puts(bstr("realname"));
 383         serv_puts(bstr("address"));
 384         serv_puts(bstr("city"));
 385         serv_puts(bstr("state"));
 386         serv_puts(bstr("zip"));
 387         serv_puts(bstr("phone"));
 388         serv_puts(bstr("email"));
 389         serv_puts("000");
 390
 391         if (atoi(bstr("during_login"))) {
 392                 do_welcome();
 393         } else {
 394                 display_error("Registration information has been saved.");
 395         }
 396 }
 397
 398
 399
 400
 401
 402 /*
 403  * display form for changing your password
 404  */
 405 void display_changepw(void)
 406 {
 407         char buf[256];
 408
 409         printf("HTTP/1.0 200 OK\n");
 410         output_headers(1, "bottom");
 411
 412         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=770000><TR><TD>");
 413         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
 414         wprintf("<B>Change your password</B>\n");
 415         wprintf("</FONT></TD></TR></TABLE>\n");
 416
 417         wprintf("<CENTER>");
 418         serv_puts("MESG changepw");
 419         serv_gets(buf);
 420         if (buf[0] == '1')
 421                 fmout(NULL);
 422
 423         wprintf("<FORM ACTION=\"changepw\" METHOD=\"POST\">\n");
 424         wprintf("<CENTER><TABLE border><TR><TD>Enter new password:</TD>\n");
 425         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass1\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
 426         wprintf("<TR><TD>Enter it again to confirm:</TD>\n");
 427         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass2\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
 428         wprintf("</TABLE>\n");
 429         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Change\">\n");
 430         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
 431         wprintf("</CENTER>\n");
 432         wDumpContent(1);
 433 }
 434
 435 /*
 436  * change password
 437  */
 438 void changepw(void)
 439 {
 440         char buf[256];
 441         char newpass1[32], newpass2[32];
 442
 443         if (strcmp(bstr("action"), "Change")) {
 444                 display_error("Cancelled.  Password was not changed.");
 445                 return;
 446         }
 447         strcpy(newpass1, bstr("newpass1"));
 448         strcpy(newpass2, bstr("newpass2"));
 449
 450         if (strcasecmp(newpass1, newpass2)) {
 451                 display_error("They don't match.  Password was not changed.");
 452                 return;
 453         }
 454         serv_printf("SETP %s", newpass1);
 455         serv_gets(buf);
 456         if (buf[0] == '2')
 457                 display_success(&buf[4]);
 458         else
 459                 display_error(&buf[4]);
 460 }