projects / citadel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
* Templatized trailing HTML
[citadel.git] / webcit / auth.c
1 /*
2  * auth.c
3  *
4  * This file contains code which relates to authentication of users to Citadel.
5  *
6  * $Id$
7  */
8
9
10 #include <ctype.h>
11 #include <stdlib.h>
12 #include <unistd.h>
13 #include <stdio.h>
14 #include <fcntl.h>
15 #include <signal.h>
16 #include <sys/types.h>
17 #include <sys/wait.h>
18 #include <sys/socket.h>
19 #include <sys/time.h>
20 #include <limits.h>
21 #include <netinet/in.h>
22 #include <netdb.h>
23 #include <string.h>
24 #include <pwd.h>
25 #include <errno.h>
26 #include <stdarg.h>
27 #include <pthread.h>
28 #include <signal.h>
29 #include "webcit.h"
30
31 char *axdefs[] =
32 {
33         "Deleted",
34         "New User",
35         "Problem User",
36         "Local User",
37         "Network User",
38         "Preferred User",
39         "Aide"
40 };
41
42 /*
43  * Display the login screen
44  */
45 void display_login(char *mesg)
46 {
47         char buf[SIZ];
48
49         output_headers(3);
50
51         if (mesg != NULL) if (strlen(mesg) > 0) {
52                 stresc(buf, mesg, 0);
53                 svprintf("mesg", WCS_STRING, "%s", buf);
54         }
55
56         svprintf("hello", WCS_SERVCMD, "MESG hello");
57
58         do_template("login");
59
60         clear_local_substs();
61         wDumpContent(0);        /* No menu here; not logged in yet! */
62 }
63
64
65
66
67 /*
68  * This function needs to get called whenever the session changes from
69  * not-logged-in to logged-in, either by an explicit login by the user or
70  * by a timed-out session automatically re-establishing with a little help
71  * from the browser cookie.  Either way, we need to load access controls and
72  * preferences from the server.
73  */
74 void become_logged_in(char *user, char *pass, char *serv_response)
75 {
76         WC->logged_in = 1;
77         extract(WC->wc_username, &serv_response[4], 0);
78         strcpy(WC->wc_password, pass);
79         WC->axlevel = extract_int(&serv_response[4], 1);
80         if (WC->axlevel >= 6) {
81                 WC->is_aide = 1;
82         }
83         load_preferences();
84 }
85
86
87 void do_login(void)
88 {
89         char buf[SIZ];
90         int need_regi = 0;
91
92
93         if (!strcasecmp(bstr("action"), "Exit")) {
94                 do_logout();
95                 return;
96         }
97         if (!strcasecmp(bstr("action"), "Login")) {
98                 serv_printf("USER %s", bstr("name"));
99                 serv_gets(buf);
100                 if (buf[0] == '3') {
101                         serv_printf("PASS %s", bstr("pass"));
102                         serv_gets(buf);
103                         if (buf[0] == '2') {
104                                 become_logged_in(bstr("name"),
105                                                  bstr("pass"), buf);
106                         } else {
107                                 display_login(&buf[4]);
108                                 return;
109                         }
110                 } else {
111                         display_login(&buf[4]);
112                         return;
113                 }
114         }
115         if (!strcasecmp(bstr("action"), "New User")) {
116                 serv_printf("NEWU %s", bstr("name"));
117                 serv_gets(buf);
118                 if (buf[0] == '2') {
119                         become_logged_in(bstr("name"), bstr("pass"), buf);
120                         serv_printf("SETP %s", bstr("pass"));
121                         serv_gets(buf);
122                 } else {
123                         display_login(&buf[4]);
124                         return;
125                 }
126         }
127         if (WC->logged_in) {
128                 serv_puts("CHEK");
129                 serv_gets(buf);
130                 if (buf[0] == '2') {
131                         WC->new_mail = extract_int(&buf[4], 0);
132                         need_regi = extract_int(&buf[4], 1);
133                         WC->need_vali = extract_int(&buf[4], 2);
134                 }
135                 if (need_regi) {
136                         display_reg(1);
137                 } else {
138                         do_welcome();
139                 }
140         } else {
141                 display_login("Your password was not accepted.");
142         }
143
144 }
145
146 void do_welcome(void)
147 {
148         char startpage[SIZ];
149
150         get_preference("startpage", startpage);
151         if (strlen(startpage)==0) {
152                 strcpy(startpage, "/dotskip&room=_BASEROOM_");
153                 set_preference("startpage", startpage);
154         }
155
156         svprintf("STARTPAGE", WCS_STRING, startpage);
157
158         do_template("mainframeset");
159         clear_local_substs();
160 }
161
162
163 /*
164  * Disconnect from the Citadel server, and end this WebCit session
165  */
166 void end_webcit_session(void) {
167         serv_puts("QUIT");
168         WC->killthis = 1;
169         /* close() of citadel socket will be done by do_housekeeping() */
170 }
171
172
173 void do_logout(void)
174 {
175         char buf[SIZ];
176
177         strcpy(WC->wc_username, "");
178         strcpy(WC->wc_password, "");
179         strcpy(WC->wc_roomname, "");
180
181         output_headers(2);      /* note "2" causes cookies to be unset */
182
183         wprintf("<CENTER>");
184         serv_puts("MESG goodbye");
185         serv_gets(buf);
186
187         if (buf[0] == '1')
188                 fmout(NULL);
189         else
190                 wprintf("Goodbye\n");
191
192         wprintf("<HR><A HREF=\"/\">Log in again</A>&nbsp;&nbsp;&nbsp;"
193                 "<A HREF=\"javascript:window.close();\">Close window</A>"
194                 "</CENTER>\n");
195         wDumpContent(2);
196         end_webcit_session();
197 }
198
199
200
201 /* 
202  * validate new users
203  */
204 void validate(void)
205 {
206         char cmd[SIZ];
207         char user[SIZ];
208         char buf[SIZ];
209         int a;
210
211         output_headers(3);
212
213         strcpy(buf, bstr("user"));
214         if (strlen(buf) > 0)
215                 if (strlen(bstr("WC->axlevel")) > 0) {
216                         serv_printf("VALI %s|%s", buf, bstr("WC->axlevel"));
217                         serv_gets(buf);
218                         if (buf[0] != '2') {
219                                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
220                         }
221                 }
222         serv_puts("GNUR");
223         serv_gets(buf);
224
225         if (buf[0] != '3') {
226                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
227                 wDumpContent(1);
228                 return;
229         }
230         strcpy(user, &buf[4]);
231         serv_printf("GREG %s", user);
232         serv_gets(cmd);
233         if (cmd[0] == '1') {
234                 a = 0;
235                 do {
236                         serv_gets(buf);
237                         ++a;
238                         if (a == 1)
239                                 wprintf("User #%s<BR><H1>%s</H1>",
240                                         buf, &cmd[4]);
241                         if (a == 2)
242                                 wprintf("PW: %s<BR>\n", buf);
243                         if (a == 3)
244                                 wprintf("%s<BR>\n", buf);
245                         if (a == 4)
246                                 wprintf("%s<BR>\n", buf);
247                         if (a == 5)
248                                 wprintf("%s, ", buf);
249                         if (a == 6)
250                                 wprintf("%s ", buf);
251                         if (a == 7)
252                                 wprintf("%s<BR>\n", buf);
253                         if (a == 8)
254                                 wprintf("%s<BR>\n", buf);
255                         if (a == 9)
256                                 wprintf("Current access level: %d (%s)\n",
257                                         atoi(buf), axdefs[atoi(buf)]);
258                 } while (strcmp(buf, "000"));
259         } else {
260                 wprintf("<H1>%s</H1>%s<BR>\n", user, &cmd[4]);
261         }
262
263         wprintf("<CENTER><TABLE border><CAPTION>Select access level:");
264         wprintf("</CAPTION><TR>");
265         for (a = 0; a <= 6; ++a) {
266                 wprintf("<TD><A HREF=\"/validate&user=");
267                 urlescputs(user);
268                 wprintf("&WC->axlevel=%d\">%s</A></TD>\n",
269                         a, axdefs[a]);
270         }
271         wprintf("</TR></TABLE><CENTER><BR>\n");
272         wDumpContent(1);
273 }
274
275
276
277
278
279
280 /* 
281  * Display form for registration.
282  * (Set during_login to 1 if this registration is being performed during
283  * new user login and will require chaining to the proper screen.)
284  */
285 void display_reg(int during_login)
286 {
287         char buf[SIZ];
288         int a;
289
290         output_headers(3);
291
292         wprintf("<TABLE WIDTH=100%% BORDER=0 BGCOLOR=007700><TR><TD>");
293         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
294         wprintf("<B>Enter registration info</B>\n");
295         wprintf("</FONT></TD></TR></TABLE>\n");
296
297         wprintf("<CENTER>");
298         serv_puts("MESG register");
299         serv_gets(buf);
300         if (buf[0] == '1')
301                 fmout(NULL);
302
303         wprintf("<FORM ACTION=\"/register\" METHOD=\"POST\">\n");
304         wprintf("<INPUT TYPE=\"hidden\" NAME=\"during_login\" VALUE=\"%d\">\n", during_login);
305
306         serv_puts("GREG _SELF_");
307         serv_gets(buf);
308         if (buf[0] != '1') {
309                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
310         } else {
311
312                 wprintf("<H1>%s</H1><TABLE border>\n", &buf[4]);
313                 a = 0;
314                 while (serv_gets(buf), strcmp(buf, "000")) {
315                         ++a;
316                         wprintf("<TR><TD>");
317                         switch (a) {
318                         case 3:
319                                 wprintf("Real Name:</TD><TD><INPUT TYPE=\"text\" NAME=\"realname\" VALUE=\"%s\" MAXLENGTH=\"29\"><BR>\n", buf);
320                                 break;
321                         case 4:
322                                 wprintf("Street Address:</TD><TD><INPUT TYPE=\"text\" NAME=\"address\" VALUE=\"%s\" MAXLENGTH=\"24\"><BR>\n", buf);
323                                 break;
324                         case 5:
325                                 wprintf("City/town:</TD><TD><INPUT TYPE=\"text\" NAME=\"city\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n", buf);
326                                 break;
327                         case 6:
328                                 wprintf("State/province:</TD><TD><INPUT TYPE=\"text\" NAME=\"state\" VALUE=\"%s\" MAXLENGTH=\"2\"><BR>\n", buf);
329                                 break;
330                         case 7:
331                                 wprintf("ZIP/postal code:</TD><TD><INPUT TYPE=\"text\" NAME=\"zip\" VALUE=\"%s\" MAXLENGTH=\"10\"><BR>\n", buf);
332                                 break;
333                         case 8:
334                                 wprintf("Telephone:</TD><TD><INPUT TYPE=\"text\" NAME=\"phone\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n", buf);
335                                 break;
336                         case 10:
337                                 wprintf("E-Mail:</TD><TD><INPUT TYPE=\"text\" NAME=\"email\" VALUE=\"%s\" MAXLENGTH=\"31\"><BR>\n", buf);
338                                 break;
339                         case 11:
340                                 wprintf("Country:</TD><TD><INPUT TYPE=\"text\" NAME=\"country\" VALUE=\"%s\" MAXLENGTH=\"31\"><BR>\n", buf);
341                                 break;
342                         }
343                         wprintf("</TD></TR>\n");
344                 }
345                 wprintf("</TABLE><P>");
346         }
347         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Register\">\n");
348         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
349         wprintf("</CENTER>\n");
350         wDumpContent(1);
351 }
352
353 /*
354  * register
355  */
356 void register_user(void)
357 {
358         char buf[SIZ];
359
360         if (strcmp(bstr("action"), "Register")) {
361                 display_error("Cancelled.  Registration was not saved.");
362                 return;
363         }
364         serv_puts("REGI");
365         serv_gets(buf);
366         if (buf[0] != '4') {
367                 display_error(&buf[4]);
368         }
369         serv_puts(bstr("realname"));
370         serv_puts(bstr("address"));
371         serv_puts(bstr("city"));
372         serv_puts(bstr("state"));
373         serv_puts(bstr("zip"));
374         serv_puts(bstr("phone"));
375         serv_puts(bstr("email"));
376         serv_puts(bstr("country"));
377         serv_puts("000");
378
379         if (atoi(bstr("during_login"))) {
380                 do_welcome();
381         } else {
382                 display_success("Registration information has been saved.");
383         }
384 }
385
386
387
388
389
390 /* 
391  * display form for changing your password
392  */
393 void display_changepw(void)
394 {
395         char buf[SIZ];
396
397         output_headers(3);
398
399         wprintf("<TABLE WIDTH=100%% BORDER=0 BGCOLOR=770000><TR><TD>");
400         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
401         wprintf("<B>Change your password</B>\n");
402         wprintf("</FONT></TD></TR></TABLE>\n");
403
404         wprintf("<CENTER>");
405         serv_puts("MESG changepw");
406         serv_gets(buf);
407         if (buf[0] == '1')
408                 fmout(NULL);
409
410         wprintf("<FORM ACTION=\"changepw\" METHOD=\"POST\">\n");
411         wprintf("<CENTER><TABLE border><TR><TD>Enter new password:</TD>\n");
412         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass1\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
413         wprintf("<TR><TD>Enter it again to confirm:</TD>\n");
414         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass2\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
415         wprintf("</TABLE>\n");
416         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Change\">\n");
417         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
418         wprintf("</CENTER>\n");
419         wDumpContent(1);
420 }
421
422 /*
423  * change password
424  */
425 void changepw(void)
426 {
427         char buf[SIZ];
428         char newpass1[32], newpass2[32];
429
430         if (strcmp(bstr("action"), "Change")) {
431                 display_error("Cancelled.  Password was not changed.");
432                 return;
433         }
434         strcpy(newpass1, bstr("newpass1"));
435         strcpy(newpass2, bstr("newpass2"));
436
437         if (strcasecmp(newpass1, newpass2)) {
438                 display_error("They don't match.  Password was not changed.");
439                 return;
440         }
441         serv_printf("SETP %s", newpass1);
442         serv_gets(buf);
443         if (buf[0] == '2')
444                 display_success(&buf[4]);
445         else
446                 display_error(&buf[4]);
447 }
Citadel server, clients, utilities