]> code.citadel.org Git - citadel.git/blob - webcit/auth.c
projects / citadel.git / blob
? search:


66ae1803d03ea6239048e3f342762415eec6bad2
[citadel.git] / webcit / auth.c
1 /*
2  * auth.c
3  *
4  * This file contains code which relates to authentication of users to Citadel.
5  *
6  * $Id$
7  */
8
9 #include <stdlib.h>
10 #ifdef HAVE_UNISTD_H
11 #include <unistd.h>
12 #endif
13 #include <stdio.h>
14 #include <ctype.h>
15 #include <string.h>
16 #include <errno.h>
17 #include "webcit.h"
18 #include "child.h"
19
20 char *axdefs[] = {
21         "Deleted",
22         "New User",
23         "Problem User",
24         "Local User",
25         "Network User",
26         "Preferred User",
27         "Aide"
28         };
29
30 /*
31  * Display the login screen
32  */
33 void display_login(char *mesg) {
34         char buf[256];
35
36         printf("HTTP/1.0 200 OK\n");
37         output_headers(1);
38
39         /* Da banner */
40         wprintf("<CENTER><TABLE border=0 width=100%><TR><TD>\n");
41         wprintf("<IMG SRC=\"/image&name=hello\">");
42         wprintf("</TD><TD><CENTER>\n");
43
44         if (mesg != NULL) {
45                 wprintf("<font size=+1><b>%s</b></font>", mesg);
46                 }
47         else {
48                 serv_puts("MESG hello");
49                 serv_gets(buf);
50                 if (buf[0]=='1') fmout(NULL);
51                 }
52
53         wprintf("</CENTER></TD></TR></TABLE></CENTER>\n");
54         wprintf("<HR>\n");
55
56         /* Da login box */
57         wprintf("<CENTER><FORM ACTION=\"/login\" METHOD=\"POST\">\n");
58         wprintf("<TABLE border><TR>\n");
59         wprintf("<TD>User Name:</TD>\n");
60         wprintf("<TD><INPUT TYPE=\"text\" NAME=\"name\" MAXLENGTH=\"25\">\n");
61         wprintf("</TD></TR><TR>\n");
62         wprintf("<TD>Password:</TD>\n");
63         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"pass\" MAXLENGTH=\"20\"></TD>\n");
64         wprintf("</TR></TABLE>\n");
65         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Login\">\n");
66         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"New User\">\n");
67         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Exit\">\n");
68         
69         wprintf("<BR><INPUT TYPE=\"checkbox\" NAME=\"noframes\">");
70         wprintf("<FONT SIZE=-1>Check here to disable frames</FONT>\n");
71         wprintf("</FORM></CENTER>\n");
72
73         /* Da instructions */
74         wprintf("<LI><EM>If you already have an account on %s,",
75                 serv_info.serv_humannode);
76         wprintf("</EM> enter your user name\n");
77         wprintf("and password and click \"<TT>Login</TT>.\"<BR>\n");
78         wprintf("<LI><EM>If you are a new user,</EM>\n");
79         wprintf("enter the name and password you wish to use, and click\n");
80         wprintf("\"New User.\"<BR><LI>");
81         wprintf("<EM>Please log off properly when finished.</EM>");
82         wprintf("<LI>You must use a browser that supports <i>frames</i> ");
83         wprintf("and <i>cookies</i>.\n");
84         wprintf("</EM></UL>\n");
85
86         wprintf("</BODY></HTML>\n");
87         wDumpContent();
88         }
89
90
91
92
93 /*
94  * This function needs to get called whenever a PASS or NEWU succeeds.
95  */
96 void become_logged_in(char *user, char *pass, char *serv_response) {
97         logged_in = 1;
98         extract(wc_username, &serv_response[4], 0);
99         strcpy(wc_password, pass);
100         axlevel = extract_int(&serv_response[4], 1);
101         if (axlevel >=6) is_aide = 1;
102         }
103
104
105 void do_login(void) {
106         char buf[256];
107         int need_regi = 0;
108
109         if (!strcasecmp(bstr("action"), "Exit")) {
110                 do_logout();
111                 }
112
113         if (!strcasecmp(bstr("action"), "Login")) {
114                 serv_printf("USER %s", bstr("name"));
115                 serv_gets(buf);
116                 if (buf[0]=='3') {
117                         serv_printf("PASS %s", bstr("pass"));
118                         serv_gets(buf);
119                         if (buf[0]=='2') {
120                                 become_logged_in(bstr("name"),
121                                         bstr("pass"), buf);
122                                 }
123                         else {
124                                 display_login(&buf[4]);
125                                 return;
126                                 }
127                         }
128                 else {
129                         display_login(&buf[4]);
130                         return;
131                         }
132                 }
133
134         if (!strcasecmp(bstr("action"), "New User")) {
135                 serv_printf("NEWU %s", bstr("name"));
136                 serv_gets(buf);
137                 if (buf[0]=='2') {
138                         become_logged_in(bstr("name"), bstr("pass"), buf);
139                         serv_printf("SETP %s", bstr("pass"));
140                         serv_gets(buf);
141                         }
142                 else {
143                         display_login(&buf[4]);
144                         return;
145                         }
146                 }
147
148         if (logged_in) {
149                 serv_puts("CHEK");
150                 serv_gets(buf);
151                 if (buf[0]=='2') {
152                         need_regi = extract_int(&buf[4], 1);
153                         /* FIX also check for new mail etc. here */
154                         }
155                 if (need_regi) {
156                         display_reg(1);
157                         }
158                 else {
159                         output_static("frameset.html");
160                         }
161                 }
162         else {
163                 display_login("Your password was not accepted.");
164                 }
165
166         }
167
168 void do_welcome(void) {
169         printf("HTTP/1.0 200 OK\n");
170         output_headers(1);
171         wprintf("<CENTER><H1>");
172         escputs(wc_username);
173         wprintf("</H1>\n");
174         /* FIX add user stats here */
175
176         wprintf("<HR>");
177         /* FIX  ---  what should we put here?  the main menu,
178          * or new messages in the lobby?
179          */
180         embed_main_menu();
181
182         wprintf("</BODY></HTML>\n");
183         wDumpContent();
184         }
185
186
187 void do_logout(void) {
188         char buf[256];
189
190         strcpy(wc_username, "");
191         strcpy(wc_password, "");
192         strcpy(wc_roomname, "");
193
194         printf("HTTP/1.0 200 OK\n");
195         output_headers(2);      /* note the "2" which causes cookies to be unset */
196
197         wprintf("<CENTER>");    
198         serv_puts("MESG goodbye");
199         serv_gets(buf);
200
201         if (buf[0]=='1') fmout(NULL);
202         else wprintf("Goodbye\n");
203
204         wprintf("<HR><A HREF=\"/\">Log in again</A>\n");
205         wprintf("</CENTER></BODY></HTML>\n");
206         wDumpContent();
207         serv_puts("QUIT");
208         exit(0);
209         }
210
211
212
213
214
215 /* 
216  * validate new users
217  */
218 void validate(void) {
219         char cmd[256];
220         char user[256];
221         char buf[256];
222         int a;
223
224         printf("HTTP/1.0 200 OK\n");
225         output_headers(1);
226
227         strcpy(buf,bstr("user"));
228         if (strlen(buf)>0) if (strlen(bstr("axlevel"))>0) {
229                 serv_printf("VALI %s|%s",buf,bstr("axlevel"));
230                 serv_gets(buf);
231                 if (buf[0]!='2') {
232                         wprintf("<EM>%s</EM><BR>\n", &buf[4]);
233                         }
234                 }
235         
236         serv_puts("GNUR");
237         serv_gets(buf);
238
239         if (buf[0]!='3') {
240                 wprintf("<EM>%s</EM><BR></BODY></HTML>\n", &buf[4]);
241                 wDumpContent();
242                 return;
243                 }
244
245         strcpy(user,&buf[4]);
246         serv_printf("GREG %s",user);
247         serv_gets(cmd);
248         if (cmd[0]=='1') {
249                 a = 0;
250                 do {
251                         serv_gets(buf);
252                         ++a;
253                         if (a==1) wprintf("User #%s<BR><H1>%s</H1>",
254                                 buf,&cmd[4]);
255                         if (a==2) wprintf("PW: %s<BR>\n",buf);
256                         if (a==3) wprintf("%s<BR>\n",buf);
257                         if (a==4) wprintf("%s<BR>\n",buf);
258                         if (a==5) wprintf("%s, ",buf);
259                         if (a==6) wprintf("%s ",buf);
260                         if (a==7) wprintf("%s<BR>\n",buf);
261                         if (a==8) wprintf("%s<BR>\n",buf);
262                         if (a==9) wprintf("Current access level: %d (%s)\n",
263                                 atoi(buf),axdefs[atoi(buf)]);
264                         } while(strcmp(buf,"000"));
265                 }
266         else {
267                 wprintf("<H1>%s</H1>%s<BR>\n",user,&cmd[4]);
268                 }
269
270         wprintf("<CENTER><TABLE border><CAPTION>Select access level:");
271         wprintf("</CAPTION><TR>");
272         for (a=0; a<=6; ++a) {
273                 wprintf(
274                 "<TD><A HREF=\"/validate&user=%s&axlevel=%d\">%s</A></TD>\n",
275                         urlesc(user), a, axdefs[a]);
276                 }
277         wprintf("</TR></TABLE><CENTER><BR>\n");
278         wDumpContent();
279         }
280
281
282
283
284
285
286 /* 
287  * Display form for registration.
288  * (Set during_login to 1 if this registration is being performed during
289  * new user login and will require chaining to the proper screen.)
290  */
291 void display_reg(int during_login) {
292         char buf[256];
293         int a;
294
295         printf("HTTP/1.0 200 OK\n");
296         output_headers(1);
297
298         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=007700><TR><TD>");
299         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
300         wprintf("<B>Enter registration info</B>\n");
301         wprintf("</FONT></TD></TR></TABLE>\n");
302
303         wprintf("<CENTER>");
304         serv_puts("MESG register");
305         serv_gets(buf);
306         if (buf[0]=='1') fmout(NULL);
307
308         wprintf("<FORM ACTION=\"/register\" METHOD=\"POST\">\n");
309         wprintf("<INPUT TYPE=\"hidden\" NAME=\"during_login\" VALUE=\"%d\">\n", during_login);
310
311         serv_puts("GREG _SELF_");
312         serv_gets(buf);
313         if (buf[0]!='1') {
314                 wprintf("<EM>%s</EM><BR>\n",&buf[4]);
315                 }
316         else {
317         
318                 wprintf("<H1>%s</H1><TABLE border>\n",&buf[4]);
319                 a = 0;
320                 while (serv_gets(buf), strcmp(buf,"000")) {
321                         ++a;
322                         wprintf("<TR><TD>");
323                         switch(a) {
324                                 case 3: wprintf("Real Name:</TD><TD><INPUT TYPE=\"text\" NAME=\"realname\" VALUE=\"%s\" MAXLENGTH=\"29\"><BR>\n",buf);
325                                         break;
326                                 case 4: wprintf("Street Address:</TD><TD><INPUT TYPE=\"text\" NAME=\"address\" VALUE=\"%s\" MAXLENGTH=\"24\"><BR>\n",buf);
327                                         break;
328                                 case 5: wprintf("City/town:</TD><TD><INPUT TYPE=\"text\" NAME=\"city\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n",buf);
329                                         break;
330                                 case 6: wprintf("State/province:</TD><TD><INPUT TYPE=\"text\" NAME=\"state\" VALUE=\"%s\" MAXLENGTH=\"2\"><BR>\n",buf);
331                                         break;
332                                 case 7: wprintf("ZIP code:</TD><TD><INPUT TYPE=\"text\" NAME=\"zip\" VALUE=\"%s\" MAXLENGTH=\"10\"><BR>\n",buf);
333                                         break;
334                                 case 8: wprintf("Telephone:</TD><TD><INPUT TYPE=\"text\" NAME=\"phone\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n",buf);
335                                         break;
336                                 case 9: wprintf("E-Mail:</TD><TD><INPUT TYPE=\"text\" NAME=\"email\" VALUE=\"%s\" MAXLENGTH=\"31\"><BR>\n",buf);
337                                         break;
338                                 }
339                         wprintf("</TD></TR>\n");
340                         }
341                 wprintf("</TABLE><P>");
342                 }
343         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Register\">\n");
344         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
345         wprintf("</CENTER></BODY></HTML>\n");
346         wDumpContent();
347         }
348
349 /*
350  * register
351  */
352 void register_user(void) {
353         char buf[256];
354         
355         if (strcmp(bstr("action"),"Register")) {
356                 display_error("Cancelled.  Registration was not saved.");
357                 return;
358                 }
359
360         serv_puts("REGI");
361         serv_gets(buf);
362         if (buf[0]!='4') {
363                 display_error(&buf[4]);
364                 }
365
366         serv_puts(bstr("realname"));
367         serv_puts(bstr("address"));
368         serv_puts(bstr("city"));
369         serv_puts(bstr("state"));
370         serv_puts(bstr("zip"));
371         serv_puts(bstr("phone"));
372         serv_puts(bstr("email"));
373         serv_puts("000");
374         
375         if (atoi(bstr("during_login"))) {
376                 output_static("frameset.html");
377                 }
378         else {
379                 display_error("Registration information has been saved.");
380                 }
381         }
382
383
384
385
386
387 /* 
388  * display form for changing your password
389  */
390 void display_changepw(void) {
391         char buf[256];
392
393         printf("HTTP/1.0 200 OK\n");
394         output_headers(1);
395
396         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=770000><TR><TD>");
397         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
398         wprintf("<B>Change your password</B>\n");
399         wprintf("</FONT></TD></TR></TABLE>\n");
400
401         wprintf("<CENTER>");
402         serv_puts("MESG changepw");
403         serv_gets(buf);
404         if (buf[0]=='1') fmout(NULL);
405
406         wprintf("<FORM ACTION=\"changepw\" METHOD=\"POST\">\n");
407         wprintf("<CENTER><TABLE border><TR><TD>Enter new password:</TD>\n");
408         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass1\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
409         wprintf("<TR><TD>Enter it again to confirm:</TD>\n");
410         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass2\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
411         wprintf("</TABLE>\n");  
412         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Change\">\n");
413         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
414         wprintf("</CENTER></BODY></HTML>\n");
415         wDumpContent();
416         }
417
418 /*
419  * change password
420  */
421 void changepw(void) {
422         char buf[256];
423         char newpass1[32], newpass2[32];
424         
425         if (strcmp(bstr("action"),"Change")) {
426                 display_error("Cancelled.  Password was not changed.");
427                 return;
428                 }
429
430         strcpy(newpass1, bstr("newpass1"));
431         strcpy(newpass2, bstr("newpass2"));
432
433         if (strcasecmp(newpass1, newpass2)) {
434                 display_error("They don't match.  Password was not changed.");
435                 return;
436                 }
437
438         serv_printf("SETP %s", newpass1);
439         serv_gets(buf);
440         if (buf[0]=='2') display_success(&buf[4]);
441         else display_error(&buf[4]);
442         }
Citadel server, clients, utilities