webcit/auth.c

   1 /*
   2  * auth.c
   3  *
   4  * This file contains code which relates to authentication of users to Citadel.
   5  *
   6  * $Id$
   7  */
   8
   9 #include <stdlib.h>
  10 #ifdef HAVE_UNISTD_H
  11 #include <unistd.h>
  12 #endif
  13 #include <stdio.h>
  14 #include <ctype.h>
  15 #include <string.h>
  16 #include <errno.h>
  17 #include "webcit.h"
  18 #include "child.h"
  19
  20 char *axdefs[] = {
  21         "Deleted",
  22         "New User",
  23         "Problem User",
  24         "Local User",
  25         "Network User",
  26         "Preferred User",
  27         "Aide"
  28         };
  29
  30 /*
  31  * Display the login screen
  32  */
  33 void display_login(char *mesg) {
  34         char buf[256];
  35
  36         printf("HTTP/1.0 200 OK\n");
  37         output_headers(1);
  38
  39         /* Da banner */
  40         wprintf("<CENTER><TABLE border=0 width=100%><TR><TD>\n");
  41         wprintf("<IMG SRC=\"/image&name=hello\">");
  42         wprintf("</TD><TD><CENTER>\n");
  43
  44         if (mesg != NULL) {
  45                 wprintf("<font size=+1><b>%s</b></font>", mesg);
  46                 }
  47         else {
  48                 serv_puts("MESG hello");
  49                 serv_gets(buf);
  50                 if (buf[0]=='1') fmout(NULL);
  51                 }
  52
  53         wprintf("</CENTER></TD></TR></TABLE></CENTER>\n");
  54         wprintf("<HR>\n");
  55
  56         /* Da login box */
  57         wprintf("<CENTER><FORM ACTION=\"/login\" METHOD=\"POST\">\n");
  58         wprintf("<TABLE border><TR>\n");
  59         wprintf("<TD>User Name:</TD>\n");
  60         wprintf("<TD><INPUT TYPE=\"text\" NAME=\"name\" MAXLENGTH=\"25\">\n");
  61         wprintf("</TD></TR><TR>\n");
  62         wprintf("<TD>Password:</TD>\n");
  63         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"pass\" MAXLENGTH=\"20\"></TD>\n");
  64         wprintf("</TR></TABLE>\n");
  65         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Login\">\n");
  66         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"New User\">\n");
  67         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Exit\">\n");
  68         wprintf("</FORM></CENTER>\n");
  69
  70         /* Da instructions */
  71         wprintf("<LI><EM>If you already have an account on %s,",
  72                 serv_info.serv_humannode);
  73         wprintf("</EM> enter your user name\n");
  74         wprintf("and password and click \"<TT>Login</TT>.\"<BR>\n");
  75         wprintf("<LI><EM>If you are a new user,</EM>\n");
  76         wprintf("enter the name and password you wish to use, and click\n");
  77         wprintf("\"New User.\"<BR><LI>");
  78         wprintf("<EM>Please log off properly when finished.</EM>");
  79         wprintf("<LI>You must use a browser that supports <i>frames</i> ");
  80         wprintf("and <i>cookies</i>.\n");
  81         wprintf("</EM></UL>\n");
  82
  83         wprintf("</BODY></HTML>\n");
  84         wDumpContent();
  85         }
  86
  87
  88
  89
  90 /*
  91  * This function needs to get called whenever a PASS or NEWU succeeds.
  92  */
  93 void become_logged_in(char *user, char *pass, char *serv_response) {
  94         logged_in = 1;
  95         extract(wc_username, &serv_response[4], 0);
  96         strcpy(wc_password, pass);
  97         axlevel = extract_int(&serv_response[4], 1);
  98         if (axlevel >=6) is_aide = 1;
  99         }
 100
 101
 102 void do_login(void) {
 103         char buf[256];
 104         int need_regi = 0;
 105
 106         if (!strcasecmp(bstr("action"), "Exit")) {
 107                 do_logout();
 108                 }
 109
 110         if (!strcasecmp(bstr("action"), "Login")) {
 111                 serv_printf("USER %s", bstr("name"));
 112                 serv_gets(buf);
 113                 if (buf[0]=='3') {
 114                         serv_printf("PASS %s", bstr("pass"));
 115                         serv_gets(buf);
 116                         if (buf[0]=='2') {
 117                                 become_logged_in(bstr("name"),
 118                                         bstr("pass"), buf);
 119                                 }
 120                         else {
 121                                 display_login(&buf[4]);
 122                                 return;
 123                                 }
 124                         }
 125                 else {
 126                         display_login(&buf[4]);
 127                         return;
 128                         }
 129                 }
 130
 131         if (!strcasecmp(bstr("action"), "New User")) {
 132                 serv_printf("NEWU %s", bstr("name"));
 133                 serv_gets(buf);
 134                 if (buf[0]=='2') {
 135                         become_logged_in(bstr("name"), bstr("pass"), buf);
 136                         serv_printf("SETP %s", bstr("pass"));
 137                         serv_gets(buf);
 138                         }
 139                 else {
 140                         display_login(&buf[4]);
 141                         return;
 142                         }
 143                 }
 144
 145         if (logged_in) {
 146                 serv_puts("CHEK");
 147                 serv_gets(buf);
 148                 if (buf[0]=='2') {
 149                         need_regi = extract_int(&buf[4], 1);
 150                         /* FIX also check for new mail etc. here */
 151                         }
 152                 if (need_regi) {
 153                         display_reg(1);
 154                         }
 155                 else {
 156                         output_static("frameset.html");
 157                         }
 158                 }
 159         else {
 160                 display_login("Your password was not accepted.");
 161                 }
 162
 163         }
 164
 165 void do_welcome(void) {
 166         printf("HTTP/1.0 200 OK\n");
 167         output_headers(1);
 168         wprintf("<CENTER><H1>");
 169         escputs(wc_username);
 170         wprintf("</H1>\n");
 171         /* FIX add user stats here */
 172
 173         wprintf("<HR>");
 174         /* FIX  ---  what should we put here?  the main menu,
 175          * or new messages in the lobby?
 176          */
 177         embed_main_menu();
 178
 179         wprintf("</BODY></HTML>\n");
 180         wDumpContent();
 181         }
 182
 183
 184 void do_logout(void) {
 185         char buf[256];
 186
 187         strcpy(wc_username, "");
 188         strcpy(wc_password, "");
 189         strcpy(wc_roomname, "");
 190         strcpy(wc_host, "");
 191         strcpy(wc_port, "");
 192
 193         printf("HTTP/1.0 200 OK\n");
 194         printf("X-WebCit-Session: close\n");
 195         output_headers(1);
 196
 197         wprintf("<CENTER>");
 198         serv_puts("MESG goodbye");
 199         serv_gets(buf);
 200
 201         if (buf[0]=='1') fmout(NULL);
 202         else wprintf("Goodbye\n");
 203
 204         wprintf("<HR><A HREF=\"/\">Log in again</A>\n");
 205         wprintf("</CENTER></BODY></HTML>\n");
 206         wDumpContent();
 207         serv_puts("QUIT");
 208         exit(0);
 209         }
 210
 211
 212
 213
 214
 215 /*
 216  * validate new users
 217  */
 218 void validate(void) {
 219         char cmd[256];
 220         char user[256];
 221         char buf[256];
 222         int a;
 223
 224         printf("HTTP/1.0 200 OK\n");
 225         output_headers(1);
 226
 227         strcpy(buf,bstr("user"));
 228         if (strlen(buf)>0) if (strlen(bstr("axlevel"))>0) {
 229                 serv_printf("VALI %s|%s",buf,bstr("axlevel"));
 230                 serv_gets(buf);
 231                 if (buf[0]!='2') {
 232                         wprintf("<EM>%s</EM><BR>\n", &buf[4]);
 233                         }
 234                 }
 235
 236         serv_puts("GNUR");
 237         serv_gets(buf);
 238
 239         if (buf[0]!='3') {
 240                 wprintf("<EM>%s</EM><BR></BODY></HTML>\n", &buf[4]);
 241                 wDumpContent();
 242                 return;
 243                 }
 244
 245         strcpy(user,&buf[4]);
 246         serv_printf("GREG %s",user);
 247         serv_gets(cmd);
 248         if (cmd[0]=='1') {
 249                 a = 0;
 250                 do {
 251                         serv_gets(buf);
 252                         ++a;
 253                         if (a==1) wprintf("User #%s<BR><H1>%s</H1>",
 254                                 buf,&cmd[4]);
 255                         if (a==2) wprintf("PW: %s<BR>\n",buf);
 256                         if (a==3) wprintf("%s<BR>\n",buf);
 257                         if (a==4) wprintf("%s<BR>\n",buf);
 258                         if (a==5) wprintf("%s, ",buf);
 259                         if (a==6) wprintf("%s ",buf);
 260                         if (a==7) wprintf("%s<BR>\n",buf);
 261                         if (a==8) wprintf("%s<BR>\n",buf);
 262                         if (a==9) wprintf("Current access level: %d (%s)\n",
 263                                 atoi(buf),axdefs[atoi(buf)]);
 264                         } while(strcmp(buf,"000"));
 265                 }
 266         else {
 267                 wprintf("<H1>%s</H1>%s<BR>\n",user,&cmd[4]);
 268                 }
 269
 270         wprintf("<CENTER><TABLE border><CAPTION>Select access level:");
 271         wprintf("</CAPTION><TR>");
 272         for (a=0; a<=6; ++a) {
 273                 wprintf(
 274                 "<TD><A HREF=\"/validate&user=%s&axlevel=%d\">%s</A></TD>\n",
 275                         urlesc(user), a, axdefs[a]);
 276                 }
 277         wprintf("</TR></TABLE><CENTER><BR>\n");
 278         wDumpContent();
 279         }
 280
 281
 282
 283
 284
 285
 286 /*
 287  * Display form for registration.
 288  * (Set during_login to 1 if this registration is being performed during
 289  * new user login and will require chaining to the proper screen.)
 290  */
 291 void display_reg(int during_login) {
 292         char buf[256];
 293         int a;
 294
 295         printf("HTTP/1.0 200 OK\n");
 296         output_headers(1);
 297
 298         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=007700><TR><TD>");
 299         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
 300         wprintf("<B>Enter registration info</B>\n");
 301         wprintf("</FONT></TD></TR></TABLE>\n");
 302
 303         wprintf("<CENTER>");
 304         serv_puts("MESG register");
 305         serv_gets(buf);
 306         if (buf[0]=='1') fmout(NULL);
 307
 308         wprintf("<FORM ACTION=\"/register\" METHOD=\"POST\">\n");
 309         wprintf("<INPUT TYPE=\"hidden\" NAME=\"during_login\" VALUE=\"%d\">\n", during_login);
 310
 311         serv_puts("GREG _SELF_");
 312         serv_gets(buf);
 313         if (buf[0]!='1') {
 314                 wprintf("<EM>%s</EM><BR>\n",&buf[4]);
 315                 }
 316         else {
 317
 318                 wprintf("<H1>%s</H1><TABLE border>\n",&buf[4]);
 319                 a = 0;
 320                 while (serv_gets(buf), strcmp(buf,"000")) {
 321                         ++a;
 322                         wprintf("<TR><TD>");
 323                         switch(a) {
 324                                 case 3: wprintf("Real Name:</TD><TD><INPUT TYPE=\"text\" NAME=\"realname\" VALUE=\"%s\" MAXLENGTH=\"29\"><BR>\n",buf);
 325                                         break;
 326                                 case 4: wprintf("Street Address:</TD><TD><INPUT TYPE=\"text\" NAME=\"address\" VALUE=\"%s\" MAXLENGTH=\"24\"><BR>\n",buf);
 327                                         break;
 328                                 case 5: wprintf("City/town:</TD><TD><INPUT TYPE=\"text\" NAME=\"city\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n",buf);
 329                                         break;
 330                                 case 6: wprintf("State/province:</TD><TD><INPUT TYPE=\"text\" NAME=\"state\" VALUE=\"%s\" MAXLENGTH=\"2\"><BR>\n",buf);
 331                                         break;
 332                                 case 7: wprintf("ZIP code:</TD><TD><INPUT TYPE=\"text\" NAME=\"zip\" VALUE=\"%s\" MAXLENGTH=\"10\"><BR>\n",buf);
 333                                         break;
 334                                 case 8: wprintf("Telephone:</TD><TD><INPUT TYPE=\"text\" NAME=\"phone\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n",buf);
 335                                         break;
 336                                 case 9: wprintf("E-Mail:</TD><TD><INPUT TYPE=\"text\" NAME=\"email\" VALUE=\"%s\" MAXLENGTH=\"31\"><BR>\n",buf);
 337                                         break;
 338                                 }
 339                         wprintf("</TD></TR>\n");
 340                         }
 341                 wprintf("</TABLE><P>");
 342                 }
 343         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Register\">\n");
 344         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
 345         wprintf("</CENTER></BODY></HTML>\n");
 346         wDumpContent();
 347         }
 348
 349 /*
 350  * register
 351  */
 352 void register_user(void) {
 353         char buf[256];
 354
 355         if (strcmp(bstr("action"),"Register")) {
 356                 display_error("Cancelled.  Registration was not saved.");
 357                 return;
 358                 }
 359
 360         serv_puts("REGI");
 361         serv_gets(buf);
 362         if (buf[0]!='4') {
 363                 display_error(&buf[4]);
 364                 }
 365
 366         serv_puts(bstr("realname"));
 367         serv_puts(bstr("address"));
 368         serv_puts(bstr("city"));
 369         serv_puts(bstr("state"));
 370         serv_puts(bstr("zip"));
 371         serv_puts(bstr("phone"));
 372         serv_puts(bstr("email"));
 373         serv_puts("000");
 374
 375         if (atoi(bstr("during_login"))) {
 376                 output_static("frameset.html");
 377                 }
 378         else {
 379                 display_error("Registration information has been saved.");
 380                 }
 381         }
 382
 383
 384
 385
 386
 387 /*
 388  * display form for changing your password
 389  */
 390 void display_changepw(void) {
 391         char buf[256];
 392
 393         printf("HTTP/1.0 200 OK\n");
 394         output_headers(1);
 395
 396         wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=770000><TR><TD>");
 397         wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
 398         wprintf("<B>Change your password</B>\n");
 399         wprintf("</FONT></TD></TR></TABLE>\n");
 400
 401         wprintf("<CENTER>");
 402         serv_puts("MESG changepw");
 403         serv_gets(buf);
 404         if (buf[0]=='1') fmout(NULL);
 405
 406         wprintf("<FORM ACTION=\"changepw\" METHOD=\"POST\">\n");
 407         wprintf("<CENTER><TABLE border><TR><TD>Enter new password:</TD>\n");
 408         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass1\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
 409         wprintf("<TR><TD>Enter it again to confirm:</TD>\n");
 410         wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass2\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
 411         wprintf("</TABLE>\n");
 412         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Change\">\n");
 413         wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
 414         wprintf("</CENTER></BODY></HTML>\n");
 415         wDumpContent();
 416         }
 417
 418 /*
 419  * change password
 420  */
 421 void changepw(void) {
 422         char buf[256];
 423         char newpass1[32], newpass2[32];
 424
 425         if (strcmp(bstr("action"),"Change")) {
 426                 display_error("Cancelled.  Password was not changed.");
 427                 return;
 428                 }
 429
 430         strcpy(newpass1, bstr("newpass1"));
 431         strcpy(newpass2, bstr("newpass2"));
 432
 433         if (strcasecmp(newpass1, newpass2)) {
 434                 display_error("They don't match.  Password was not changed.");
 435                 return;
 436                 }
 437
 438         serv_printf("SETP %s", newpass1);
 439         serv_gets(buf);
 440         if (buf[0]=='2') display_success(&buf[4]);
 441         else display_error(&buf[4]);
 442         }