Nearly all <FORM> blocks now contain a hidden input

[citadel.git] / webcit / auth.c

diff --git a/webcit/auth.c b/webcit/auth.c
index 5c800aa3b423e0e1e600bf755e477435ed5b1f4c..748028f85a0a79228ba0cd374ce62fadba2f83d8 100644 (file)
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -4,7 +4,7 @@
 /**
  *
  * \defgroup WebcitAuth WebcitAuth; Handles authentication of users to a Citadel server.
- *
+ * \ingroup CitadelConfig
  */
 
 /*@{*/
@@ -41,7 +41,7 @@ void display_login(char *mesg)
        char buf[SIZ];
 
        output_headers(1, 1, 2, 0, 0, 0);
-       wprintf("<div style=\"position:absolute; top:20px; left:20px; right:20px\">\n");
+       wprintf("<div id=\"login_screen\">\n");
 
        if (mesg != NULL) if (strlen(mesg) > 0) {
                stresc(buf, mesg, 0, 0);
@@ -72,9 +72,17 @@ void display_login(char *mesg)
        svprintf("NEWUSER_BUTTON", WCS_STRING, "%s", _("New User"));
        svprintf("EXIT_BUTTON", WCS_STRING, "%s", _("Exit"));
        svprintf("hello", WCS_SERVCMD, "MESG hello");
-       svprintf("BOXTITLE", WCS_STRING, _("%s - powered by Citadel"),
+       svprintf("BOXTITLE", WCS_STRING, _("%s - powered by <a href=\"http://www.citadel.org\">Citadel</a>"),
                serv_info.serv_humannode);
        svcallback("DO_LANGUAGE_BOX", offer_languages);
+       if (serv_info.serv_newuser_disabled) {
+               svprintf("NEWUSER_BUTTON_PRE", WCS_STRING, "<div style=\"display:none;\">");
+               svprintf("NEWUSER_BUTTON_POST", WCS_STRING, "</div>");
+       }
+       else {
+               svprintf("NEWUSER_BUTTON_PRE", WCS_STRING, "");
+               svprintf("NEWUSER_BUTTON_POST", WCS_STRING, "");
+       }
 
        do_template("login");
 
@@ -321,7 +329,7 @@ void validate(void)
 
        output_headers(1, 1, 2, 0, 0, 0);
        wprintf("<div id=\"banner\">\n"
-               "<TABLE WIDTH=100%% BORDER=0 BGCOLOR=\"#444455\"><TR><TD>"
+               "<TABLE class=\"auth_banner\"><TR><TD>"
                "<SPAN CLASS=\"titlebar\">");
        wprintf(_("Validate new users"));
        wprintf("</SPAN></TD></TR></TABLE>\n</div>\n<div id=\"content\">\n");
@@ -355,7 +363,7 @@ void validate(void)
        }
 
        wprintf("<div class=\"fix_scrollbar_bug\">"
-               "<table border=0 width=100%% bgcolor=\"#ffffff\"><tr><td>\n");
+               "<table class=\"auth_validate\"><tr><td>\n");
        wprintf("<center>");
 
        safestrncpy(user, &buf[4], sizeof user);
@@ -395,7 +403,7 @@ void validate(void)
        wprintf(_("Select access level for this user:"));
        wprintf("<br />\n");
        for (a = 0; a <= 6; ++a) {
-               wprintf("<a href=\"validate&user=");
+               wprintf("<a href=\"validate?nonce=%ld?user=", WC->nonce);
                urlescputs(user);
                wprintf("&axlevel=%d\">%s</A>&nbsp;&nbsp;&nbsp;\n",
                        a, axdefs[a]);
@@ -453,7 +461,7 @@ void display_changepw(void)
 
        output_headers(1, 1, 2, 0, 0, 0);
        wprintf("<div id=\"banner\">\n"
-               "<TABLE WIDTH=100%% BORDER=0 BGCOLOR=\"#444455\"><TR><TD>"
+               "<TABLE class=\"auth_banner\"><TR><TD>"
                "<SPAN CLASS=\"titlebar\">");
        wprintf(_("Change your password"));
        wprintf("</SPAN>"
@@ -470,7 +478,7 @@ void display_changepw(void)
        }
 
        wprintf("<div class=\"fix_scrollbar_bug\">"
-               "<table border=0 width=100%% bgcolor=\"#ffffff\"><tr><td>\n");
+               "<table class=\"auth_validate\"><tr><td>\n");
 
        wprintf("<CENTER><br />");
        serv_puts("MESG changepw");
@@ -480,6 +488,7 @@ void display_changepw(void)
        }
 
        wprintf("<form name=\"changepwform\" action=\"changepw\" method=\"post\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
        wprintf("<CENTER>"
                "<table border=\"0\" cellspacing=\"5\" cellpadding=\"5\" "
                "BGCOLOR=\"#EEEEEE\">"