webcit/auth.c

   1 /*
   2  * auth.c
   3  *
   4  * This file contains code which relates to authentication of users to Citadel.
   5  *
   6  * $Id$
   7  */
   8
   9
  10 #include <ctype.h>
  11 #include <stdlib.h>
  12 #include <unistd.h>
  13 #include <stdio.h>
  14 #include <fcntl.h>
  15 #include <signal.h>
  16 #include <sys/types.h>
  17 #include <sys/wait.h>
  18 #include <sys/socket.h>
  19 #include <sys/time.h>
  20 #include <limits.h>
  21 #include <netinet/in.h>
  22 #include <netdb.h>
  23 #include <string.h>
  24 #include <pwd.h>
  25 #include <errno.h>
  26 #include <stdarg.h>
  27 #include <pthread.h>
  28 #include <signal.h>
  29 #include "webcit.h"
  30
  31
  32 char *axdefs[] =
  33 {
  34         "Deleted",
  35         "New User",
  36         "Problem User",
  37         "Local User",
  38         "Network User",
  39         "Preferred User",
  40         "Aide"
  41 };
  42
  43 /*
  44  * Display the login screen
  45  */
  46 void display_login(char *mesg)
  47 {
  48         char buf[256];
  49
  50         output_headers(3);
  51
  52         /* Da banner */
  53         wprintf("<CENTER><TABLE border=0 width=100%><TR><TD>\n");
  54         wprintf("<IMG SRC=\"/image&name=hello\">");
  55         wprintf("</TD><TD><CENTER>\n");
  56
  57         if (mesg != NULL) {
  58                 wprintf("<font size=+1><b>%s</b></font>", mesg);
  59         } else {
  60                 serv_puts("MESG hello");
  61                 serv_gets(buf);
  62                 if (buf[0] == '1')
  63                         fmout(NULL);
  64         }
  65
  66         wprintf("</CENTER></TD></TR></TABLE></CENTER>\n");
  67         wprintf("<HR>\n");
  68
  69         /* Da login box */
  70         wprintf("<CENTER><FORM ACTION=\"/login\" METHOD=\"POST\">\n");
  71         wprintf("<TABLE border><TR>\n");
  72         wprintf("<TD>User Name:</TD>\n");
  73         wprintf("<TD><INPUT TYPE=\"text\" NAME=\"name\" MAXLENGTH=\"25\">\n");
  74         wprintf("</TD></TR><TR>\n");
  75         wprintf("<TD>Password:</TD>\n");
  76         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"pass\" MAXLENGTH=\"20\"></TD>\n");
  77         wprintf("</TR></TABLE>\n");
  78         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Login\">\n");
  79         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"New User\">\n");
  80         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Exit\">\n");
  81
  82         /* Da instructions */
  83         wprintf("<LI><EM>If you already have an account on %s,",
  84                 serv_info.serv_humannode);
  85         wprintf("</EM> enter your user name\n");
  86         wprintf("and password and click \"<TT>Login</TT>.\"<BR>\n");
  87         wprintf("<LI><EM>If you are a new user,</EM>\n");
  88         wprintf("enter the name and password you wish to use, and click\n");
  89         wprintf("\"New User.\"<BR><LI>");
  90         wprintf("<EM>Please log off properly when finished.</EM>");
  91         wprintf("<LI>You must use a browser that supports <i>cookies</i>.<BR>\n");
  92         wprintf("</EM></UL>\n");
  93
  94         wDumpContent(0);        /* No menu here; not logged in yet! */
  95 }
  96
  97
  98
  99
 100 /*
 101  * This function needs to get called whenever a PASS or NEWU succeeds.
 102  */
 103 void become_logged_in(char *user, char *pass, char *serv_response)
 104 {
 105         WC->logged_in = 1;
 106         extract(WC->wc_username, &serv_response[4], 0);
 107         strcpy(WC->wc_password, pass);
 108         WC->axlevel = extract_int(&serv_response[4], 1);
 109         if (WC->axlevel >= 6)
 110                 WC->is_aide = 1;
 111 }
 112
 113
 114 void do_login(void)
 115 {
 116         char buf[256];
 117         int need_regi = 0;
 118
 119
 120         if (!strcasecmp(bstr("action"), "Exit")) {
 121                 do_logout();
 122                 return;
 123         }
 124         if (!strcasecmp(bstr("action"), "Login")) {
 125                 serv_printf("USER %s", bstr("name"));
 126                 serv_gets(buf);
 127                 if (buf[0] == '3') {
 128                         serv_printf("PASS %s", bstr("pass"));
 129                         serv_gets(buf);
 130                         if (buf[0] == '2') {
 131                                 become_logged_in(bstr("name"),
 132                                                  bstr("pass"), buf);
 133                         } else {
 134                                 display_login(&buf[4]);
 135                                 return;
 136                         }
 137                 } else {
 138                         display_login(&buf[4]);
 139                         return;
 140                 }
 141         }
 142         if (!strcasecmp(bstr("action"), "New User")) {
 143                 serv_printf("NEWU %s", bstr("name"));
 144                 serv_gets(buf);
 145                 if (buf[0] == '2') {
 146                         become_logged_in(bstr("name"), bstr("pass"), buf);
 147                         serv_printf("SETP %s", bstr("pass"));
 148                         serv_gets(buf);
 149                 } else {
 150                         display_login(&buf[4]);
 151                         return;
 152                 }
 153         }
 154         if (WC->logged_in) {
 155                 serv_puts("CHEK");
 156                 serv_gets(buf);
 157                 if (buf[0] == '2') {
 158                         WC->new_mail = extract_int(&buf[4], 0);
 159                         need_regi = extract_int(&buf[4], 1);
 160                         WC->need_vali = extract_int(&buf[4], 2);
 161                 }
 162                 if (need_regi) {
 163                         display_reg(1);
 164                 } else {
 165                         do_welcome();
 166                 }
 167         } else {
 168                 display_login("Your password was not accepted.");
 169         }
 170
 171 }
 172
 173 void do_welcome(void)
 174 {
 175         smart_goto("_BASEROOM_");
 176 }
 177
 178
 179 void do_logout(void)
 180 {
 181         char buf[256];
 182
 183         strcpy(WC->wc_username, "");
 184         strcpy(WC->wc_password, "");
 185         strcpy(WC->wc_roomname, "");
 186
 187         output_headers(2);      /* note "2" causes cookies to be unset */
 188
 189         wprintf("<CENTER>");
 190         serv_puts("MESG goodbye");
 191         serv_gets(buf);
 192
 193         if (buf[0] == '1')
 194                 fmout(NULL);
 195         else
 196                 wprintf("Goodbye\n");
 197
 198         wprintf("<HR><A HREF=\"/\">Log in again</A></CENTER>\n");
 199         wDumpContent(2);
 200         serv_puts("QUIT");
 201         close(WC->serv_sock);
 202         WC->serv_sock = (-1);
 203         WC->killthis = 1;
 204 }
 205
 206
 207
 208
 209
 210 /*
 211  * validate new users
 212  */
 213 void validate(void)
 214 {
 215         char cmd[256];
 216         char user[256];
 217         char buf[256];
 218         int a;
 219
 220         output_headers(1);
 221
 222         strcpy(buf, bstr("user"));
 223         if (strlen(buf) > 0)
 224                 if (strlen(bstr("WC->axlevel")) > 0) {
 225                         serv_printf("VALI %s|%s", buf, bstr("WC->axlevel"));
 226                         serv_gets(buf);
 227                         if (buf[0] != '2') {
 228                                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
 229                         }
 230                 }
 231         serv_puts("GNUR");
 232         serv_gets(buf);
 233
 234         if (buf[0] != '3') {
 235                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
 236                 wDumpContent(1);
 237                 return;
 238         }
 239         strcpy(user, &buf[4]);
 240         serv_printf("GREG %s", user);
 241         serv_gets(cmd);
 242         if (cmd[0] == '1') {
 243                 a = 0;
 244                 do {
 245                         serv_gets(buf);
 246                         ++a;
 247                         if (a == 1)
 248                                 wprintf("User #%s<BR><H1>%s</H1>",
 249                                         buf, &cmd[4]);
 250                         if (a == 2)
 251                                 wprintf("PW: %s<BR>\n", buf);
 252                         if (a == 3)
 253                                 wprintf("%s<BR>\n", buf);
 254                         if (a == 4)
 255                                 wprintf("%s<BR>\n", buf);
 256                         if (a == 5)
 257                                 wprintf("%s, ", buf);
 258                         if (a == 6)
 259                                 wprintf("%s ", buf);
 260                         if (a == 7)
 261                                 wprintf("%s<BR>\n", buf);
 262                         if (a == 8)
 263                                 wprintf("%s<BR>\n", buf);
 264                         if (a == 9)
 265                                 wprintf("Current access level: %d (%s)\n",
 266                                         atoi(buf), axdefs[atoi(buf)]);
 267                 } while (strcmp(buf, "000"));
 268         } else {
 269                 wprintf("<H1>%s</H1>%s<BR>\n", user, &cmd[4]);
 270         }
 271
 272         wprintf("<CENTER><TABLE border><CAPTION>Select access level:");
 273         wprintf("</CAPTION><TR>");
 274         for (a = 0; a <= 6; ++a) {
 275                 wprintf(
 276                                "<TD><A HREF=\"/validate&user=%s&WC->axlevel=%d\">%s</A></TD>\n",
 277                                urlesc(user), a, axdefs[a]);
 278         }
 279         wprintf("</TR></TABLE><CENTER><BR>\n");
 280         wDumpContent(1);
 281 }
 282
 283
 284
 285
 286
 287
 288 /*
 289  * Display form for registration.
 290  * (Set during_login to 1 if this registration is being performed during
 291  * new user login and will require chaining to the proper screen.)
 292  */
 293 void display_reg(int during_login)
 294 {
 295         char buf[256];
 296         int a;
 297
 298         output_headers(1);
 299
 300         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=007700><TR><TD>");
 301         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
 302         wprintf("<B>Enter registration info</B>\n");
 303         wprintf("</FONT></TD></TR></TABLE>\n");
 304
 305         wprintf("<CENTER>");
 306         serv_puts("MESG register");
 307         serv_gets(buf);
 308         if (buf[0] == '1')
 309                 fmout(NULL);
 310
 311         wprintf("<FORM ACTION=\"/register\" METHOD=\"POST\">\n");
 312         wprintf("<INPUT TYPE=\"hidden\" NAME=\"during_login\" VALUE=\"%d\">\n", during_login);
 313
 314         serv_puts("GREG _SELF_");
 315         serv_gets(buf);
 316         if (buf[0] != '1') {
 317                 wprintf("<EM>%s</EM><BR>\n", &buf[4]);
 318         } else {
 319
 320                 wprintf("<H1>%s</H1><TABLE border>\n", &buf[4]);
 321                 a = 0;
 322                 while (serv_gets(buf), strcmp(buf, "000")) {
 323                         ++a;
 324                         wprintf("<TR><TD>");
 325                         switch (a) {
 326                         case 3:
 327                                 wprintf("Real Name:</TD><TD><INPUT TYPE=\"text\" NAME=\"realname\" VALUE=\"%s\" MAXLENGTH=\"29\"><BR>\n", buf);
 328                                 break;
 329                         case 4:
 330                                 wprintf("Street Address:</TD><TD><INPUT TYPE=\"text\" NAME=\"address\" VALUE=\"%s\" MAXLENGTH=\"24\"><BR>\n", buf);
 331                                 break;
 332                         case 5:
 333                                 wprintf("City/town:</TD><TD><INPUT TYPE=\"text\" NAME=\"city\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n", buf);
 334                                 break;
 335                         case 6:
 336                                 wprintf("State/province:</TD><TD><INPUT TYPE=\"text\" NAME=\"state\" VALUE=\"%s\" MAXLENGTH=\"2\"><BR>\n", buf);
 337                                 break;
 338                         case 7:
 339                                 wprintf("ZIP code:</TD><TD><INPUT TYPE=\"text\" NAME=\"zip\" VALUE=\"%s\" MAXLENGTH=\"10\"><BR>\n", buf);
 340                                 break;
 341                         case 8:
 342                                 wprintf("Telephone:</TD><TD><INPUT TYPE=\"text\" NAME=\"phone\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n", buf);
 343                                 break;
 344                         case 10:
 345                                 wprintf("E-Mail:</TD><TD><INPUT TYPE=\"text\" NAME=\"email\" VALUE=\"%s\" MAXLENGTH=\"31\"><BR>\n", buf);
 346                                 break;
 347                         }
 348                         wprintf("</TD></TR>\n");
 349                 }
 350                 wprintf("</TABLE><P>");
 351         }
 352         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Register\">\n");
 353         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
 354         wprintf("</CENTER>\n");
 355         wDumpContent(1);
 356 }
 357
 358 /*
 359  * register
 360  */
 361 void register_user(void)
 362 {
 363         char buf[256];
 364
 365         if (strcmp(bstr("action"), "Register")) {
 366                 display_error("Cancelled.  Registration was not saved.");
 367                 return;
 368         }
 369         serv_puts("REGI");
 370         serv_gets(buf);
 371         if (buf[0] != '4') {
 372                 display_error(&buf[4]);
 373         }
 374         serv_puts(bstr("realname"));
 375         serv_puts(bstr("address"));
 376         serv_puts(bstr("city"));
 377         serv_puts(bstr("state"));
 378         serv_puts(bstr("zip"));
 379         serv_puts(bstr("phone"));
 380         serv_puts(bstr("email"));
 381         serv_puts("000");
 382
 383         if (atoi(bstr("during_login"))) {
 384                 do_welcome();
 385         } else {
 386                 display_error("Registration information has been saved.");
 387         }
 388 }
 389
 390
 391
 392
 393
 394 /*
 395  * display form for changing your password
 396  */
 397 void display_changepw(void)
 398 {
 399         char buf[256];
 400
 401         output_headers(1);
 402
 403         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=770000><TR><TD>");
 404         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
 405         wprintf("<B>Change your password</B>\n");
 406         wprintf("</FONT></TD></TR></TABLE>\n");
 407
 408         wprintf("<CENTER>");
 409         serv_puts("MESG changepw");
 410         serv_gets(buf);
 411         if (buf[0] == '1')
 412                 fmout(NULL);
 413
 414         wprintf("<FORM ACTION=\"changepw\" METHOD=\"POST\">\n");
 415         wprintf("<CENTER><TABLE border><TR><TD>Enter new password:</TD>\n");
 416         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass1\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
 417         wprintf("<TR><TD>Enter it again to confirm:</TD>\n");
 418         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass2\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
 419         wprintf("</TABLE>\n");
 420         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Change\">\n");
 421         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
 422         wprintf("</CENTER>\n");
 423         wDumpContent(1);
 424 }
 425
 426 /*
 427  * change password
 428  */
 429 void changepw(void)
 430 {
 431         char buf[256];
 432         char newpass1[32], newpass2[32];
 433
 434         if (strcmp(bstr("action"), "Change")) {
 435                 display_error("Cancelled.  Password was not changed.");
 436                 return;
 437         }
 438         strcpy(newpass1, bstr("newpass1"));
 439         strcpy(newpass2, bstr("newpass2"));
 440
 441         if (strcasecmp(newpass1, newpass2)) {
 442                 display_error("They don't match.  Password was not changed.");
 443                 return;
 444         }
 445         serv_printf("SETP %s", newpass1);
 446         serv_gets(buf);
 447         if (buf[0] == '2')
 448                 display_success(&buf[4]);
 449         else
 450                 display_error(&buf[4]);
 451 }