projects / citadel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Nearly all <FORM> blocks now contain a hidden input
[citadel.git] / webcit / auth.c
diff --git a/webcit/auth.c b/webcit/auth.c
index e48893bc059c1ca3dfd732bb12d7512a3d2b722d..748028f85a0a79228ba0cd374ce62fadba2f83d8 100644 (file)
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -1,439 +1,563 @@
 /*
- * auth.c
- *
- * This file contains code which relates to authentication of users to Citadel.
- *
  * $Id$
  */
+/**
+ *
+ * \defgroup WebcitAuth WebcitAuth; Handles authentication of users to a Citadel server.
+ * \ingroup CitadelConfig
+ */
 
-#include <stdlib.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <errno.h>
+/*@{*/
 #include "webcit.h"
-#include "child.h"
-
-char *axdefs[] = {
-       "Deleted",
-       "New User",
-       "Problem User",
-       "Local User",
-       "Network User",
-       "Preferred User",
-       "Aide"
-       };
 
-/*
- * Display the login screen
+
+
+/**
+ * \brief  user states
+ * the plain text states of a user. filled in at \ function TODO initialize_ax_defs()
+ * due to NLS
  */
-void display_login(char *mesg) {
-       char buf[256];
+char *axdefs[7]; 
 
-       printf("HTTP/1.0 200 OK\n");
-       output_headers(1);
+void initialize_axdefs(void) {
+       axdefs[0] = _("Deleted");       /*!0: an erased user */
+       axdefs[1] = _("New User");      /*!1: a new user */
+       axdefs[2] = _("Problem User");  /*!2: a trouble maker */
+       axdefs[3] = _("Local User");    /*!3: user with normal privileges */
+       axdefs[4] = _("Network User");  /*!4: a user that may access network resources */
+       axdefs[5] = _("Preferred User");/*!5: a moderator */
+       axdefs[6] = _("Aide");          /*!6: chief */
+}
 
-       /* Da banner */
-       wprintf("<CENTER><TABLE border=0 width=100%><TR><TD>\n");
-       wprintf("<IMG SRC=\"/image&name=hello\">");
-       wprintf("</TD><TD><CENTER>\n");
 
-       if (mesg != NULL) {
-               wprintf("<font size=+1><b>%s</b></font>", mesg);
-               }
-       else {
-               serv_puts("MESG hello");
-               serv_gets(buf);
-               if (buf[0]=='1') fmout(NULL);
-               }
 
-       wprintf("</CENTER></TD></TR></TABLE></CENTER>\n");
-       wprintf("<HR>\n");
-
-       /* Da login box */
-       wprintf("<CENTER><FORM ACTION=\"/login\" METHOD=\"POST\">\n");
-       wprintf("<TABLE border><TR>\n");
-       wprintf("<TD>User Name:</TD>\n");
-       wprintf("<TD><INPUT TYPE=\"text\" NAME=\"name\" MAXLENGTH=\"25\">\n");
-       wprintf("</TD></TR><TR>\n");
-       wprintf("<TD>Password:</TD>\n");
-       wprintf("<TD><INPUT TYPE=\"password\" NAME=\"pass\" MAXLENGTH=\"20\"></TD>\n");
-       wprintf("</TR></TABLE>\n");
-       wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Login\">\n");
-        wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"New User\">\n");
-        wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Exit\">\n");
-        wprintf("</FORM></CENTER>\n");
-
-       /* Da instructions */
-       wprintf("<LI><EM>If you already have an account on %s,",
-               serv_info.serv_humannode);
-       wprintf("</EM> enter your user name\n");
-       wprintf("and password and click \"<TT>Login</TT>.\"<BR>\n");
-       wprintf("<LI><EM>If you are a new user,</EM>\n");
-       wprintf("enter the name and password you wish to use, and click\n");
-       wprintf("\"New User.\"<BR><LI>");
-       wprintf("<EM>Please log off properly when finished.</EM>");
-       wprintf("<LI>You must use a browser that supports <i>frames</i> ");
-       wprintf("and <i>cookies</i>.\n");
-       wprintf("</EM></UL>\n");
 
-       wprintf("</BODY></HTML>\n");
-       wDumpContent();
+/** 
+ * \brief Display the login screen
+ * \param mesg The error message if last attempt failed.
+ */
+void display_login(char *mesg)
+{
+       char buf[SIZ];
+
+       output_headers(1, 1, 2, 0, 0, 0);
+       wprintf("<div id=\"login_screen\">\n");
+
+       if (mesg != NULL) if (strlen(mesg) > 0) {
+               stresc(buf, mesg, 0, 0);
+               svprintf("mesg", WCS_STRING, "%s", buf);
+       }
+
+       svprintf("LOGIN_INSTRUCTIONS", WCS_STRING,
+               _("<ul>"
+               "<li><b>If you already have an account on %s</b>, "
+               "enter your user name and password and click &quot;Login.&quot; "
+               "<li><b>If you are a new user</b>, enter the name and password "
+               "you wish to use, "
+               "and click &quot;New User.&quot; "
+               "<li>Please log off properly when finished. "
+               "<li>You must use a browser that supports <i>frames</i> and "
+               "<i>cookies</i>. "
+               "<li>Also keep in mind that if your browser is "
+               "configured to block pop-up windows, you will not be able "
+               "to receive any instant messages.<br />"
+               "</ul>"),
+               serv_info.serv_humannode
+       );
+
+       svprintf("USERNAME_BOX", WCS_STRING, "%s", _("User name:"));
+       svprintf("PASSWORD_BOX", WCS_STRING, "%s", _("Password:"));
+       svprintf("LANGUAGE_BOX", WCS_STRING, "%s", _("Language:"));
+       svprintf("LOGIN_BUTTON", WCS_STRING, "%s", _("Login"));
+       svprintf("NEWUSER_BUTTON", WCS_STRING, "%s", _("New User"));
+       svprintf("EXIT_BUTTON", WCS_STRING, "%s", _("Exit"));
+       svprintf("hello", WCS_SERVCMD, "MESG hello");
+       svprintf("BOXTITLE", WCS_STRING, _("%s - powered by <a href=\"http://www.citadel.org\">Citadel</a>"),
+               serv_info.serv_humannode);
+       svcallback("DO_LANGUAGE_BOX", offer_languages);
+       if (serv_info.serv_newuser_disabled) {
+               svprintf("NEWUSER_BUTTON_PRE", WCS_STRING, "<div style=\"display:none;\">");
+               svprintf("NEWUSER_BUTTON_POST", WCS_STRING, "</div>");
+       }
+       else {
+               svprintf("NEWUSER_BUTTON_PRE", WCS_STRING, "");
+               svprintf("NEWUSER_BUTTON_POST", WCS_STRING, "");
        }
 
+       do_template("login");
 
+       wDumpContent(2);
+}
 
 
-/*
- * This function needs to get called whenever a PASS or NEWU succeeds.
+
+
+/** \brief Initialize the session
+ * This function needs to get called whenever the session changes from
+ * not-logged-in to logged-in, either by an explicit login by the user or
+ * by a timed-out session automatically re-establishing with a little help
+ * from the browser cookie.  Either way, we need to load access controls and
+ * preferences from the server.
+ *
+ * \param user the username
+ * \param pass his password
+ * \param serv_response The parameters returned from a Citadel USER or NEWU command
  */
-void become_logged_in(char *user, char *pass, char *serv_response) {
-       logged_in = 1;
-       extract(wc_username, &serv_response[4], 0);
-       strcpy(wc_password, pass);
-       axlevel = extract_int(&serv_response[4], 1);
-       if (axlevel >=6) is_aide = 1;
+void become_logged_in(char *user, char *pass, char *serv_response)
+{
+       char buf[SIZ];
+
+       WC->logged_in = 1;
+       extract_token(WC->wc_fullname, &serv_response[4], 0, '|', sizeof WC->wc_fullname);
+       safestrncpy(WC->wc_username, user, sizeof WC->wc_username);
+       safestrncpy(WC->wc_password, pass, sizeof WC->wc_password);
+       WC->axlevel = extract_int(&serv_response[4], 1);
+       if (WC->axlevel >= 6) {
+               WC->is_aide = 1;
        }
 
+       load_preferences();
 
-void do_login(void) {
-       char buf[256];
-       int need_regi = 0;
+       serv_puts("CHEK");
+       serv_getln(buf, sizeof buf);
+       if (buf[0] == '2') {
+               WC->new_mail = extract_int(&buf[4], 0);
+               WC->need_regi = extract_int(&buf[4], 1);
+               WC->need_vali = extract_int(&buf[4], 2);
+               extract_token(WC->cs_inet_email, &buf[4], 3, '|', sizeof WC->cs_inet_email);
+       }
 
-       if (!strcasecmp(bstr("action"), "Exit")) {
-               do_logout();
-               }
+       get_preference("current_iconbar", buf, sizeof buf);
+       WC->current_iconbar = atoi(buf);
+
+       get_preference("floordiv_expanded", WC->floordiv_expanded, sizeof WC->floordiv_expanded);
+}
 
-       if (!strcasecmp(bstr("action"), "Login")) {
+
+/** 
+ * \brief Login Checks
+ * the logics to detect invalid passwords not to get on citservers nerves
+ */
+void do_login(void)
+{
+       char buf[SIZ];
+
+       if (strlen(bstr("language")) > 0) {
+               set_selected_language(bstr("language"));
+               go_selected_language();
+       }
+
+       if (strlen(bstr("exit_action")) > 0) {
+               do_logout();
+               return;
+       }
+       if (strlen(bstr("login_action")) > 0) {
                serv_printf("USER %s", bstr("name"));
-               serv_gets(buf);
-               if (buf[0]=='3') {
+               serv_getln(buf, sizeof buf);
+               if (buf[0] == '3') {
                        serv_printf("PASS %s", bstr("pass"));
-                       serv_gets(buf);
-                       if (buf[0]=='2') {
+                       serv_getln(buf, sizeof buf);
+                       if (buf[0] == '2') {
                                become_logged_in(bstr("name"),
-                                       bstr("pass"), buf);
-                               }
-                       else {
+                                                bstr("pass"), buf);
+                       } else {
                                display_login(&buf[4]);
                                return;
-                               }
                        }
-               else {
+               else {
                        display_login(&buf[4]);
                        return;
-                       }
                }
-
-       if (!strcasecmp(bstr("action"), "New User")) {
+       }
+       if (strlen(bstr("newuser_action")) > 0) {
+               if (strlen(bstr("pass")) == 0) {
+                       display_login(_("Blank passwords are not allowed."));
+                       return;
+               }
                serv_printf("NEWU %s", bstr("name"));
-               serv_gets(buf);
-               if (buf[0]=='2') {
+               serv_getln(buf, sizeof buf);
+               if (buf[0] == '2') {
                        become_logged_in(bstr("name"), bstr("pass"), buf);
                        serv_printf("SETP %s", bstr("pass"));
-                       serv_gets(buf);
-                       }
-               else {
+                       serv_getln(buf, sizeof buf);
+               } else {
                        display_login(&buf[4]);
                        return;
-                       }
                }
-
-       if (logged_in) {
-               serv_puts("CHEK");
-               serv_gets(buf);
-               if (buf[0]=='2') {
-                       need_regi = extract_int(&buf[4], 1);
-                       /* FIX also check for new mail etc. here */
-                       }
-               if (need_regi) {
+       }
+       if (WC->logged_in) {
+               if (WC->need_regi) {
                        display_reg(1);
+               } else {
+                       do_welcome();
+               }
+       } else {
+               display_login(_("Your password was not accepted."));
+       }
+
+}
+
+/**
+ * \brief display the user a welcome screen. 
+ * if this is the first time login, and the web based setup is enabled, 
+ * lead the user through the setup routines
+ */
+void do_welcome(void)
+{
+       char buf[SIZ];
+#ifdef XXX_NOT_FINISHED_YET_XXX
+       FILE *fp;
+       int i;
+
+       /**
+        * See if we have to run the first-time setup wizard
+        */
+       if (WC->is_aide) {
+               if (!setup_wizard) {
+                       sprintf(wizard_filename, "setupwiz.%s.%s",
+                               ctdlhost, ctdlport);
+                       for (i=0; i<strlen(wizard_filename); ++i) {
+                               if (    (wizard_filename[i]==' ')
+                                       || (wizard_filename[i] == '/')
+                               ) {
+                                       wizard_filename[i] = '_';
+                               }
                        }
-               else {
-                       output_static("frameset.html");
+       
+                       fp = fopen(wizard_filename, "r");
+                       if (fp != NULL) {
+                               fgets(buf, sizeof buf, fp);
+                               buf[strlen(buf)-1] = 0;
+                               fclose(fp);
+                               if (atoi(buf) == serv_info.serv_rev_level) {
+                                       setup_wizard = 1; /**< already run */
+                               }
                        }
                }
-       else {
-               display_login("Your password was not accepted.");
-               }
 
+               if (!setup_wizard) {
+                       http_redirect("setup_wizard");
+               }
        }
+#endif
 
-void do_welcome(void) {
-       printf("HTTP/1.0 200 OK\n");
-       output_headers(1);
-       wprintf("<CENTER><H1>");
-       escputs(wc_username);
-       wprintf("</H1>\n");
-       /* FIX add user stats here */
-
-       wprintf("<HR>");
-       /* FIX  ---  what should we put here?  the main menu,
-        * or new messages in the lobby?
+       /**
+        * Go to the user's preferred start page
         */
-       embed_main_menu();
-
-       wprintf("</BODY></HTML>\n");
-       wDumpContent();
+       get_preference("startpage", buf, sizeof buf);
+       if (strlen(buf)==0) {
+               safestrncpy(buf, "dotskip&room=_BASEROOM_", sizeof buf);
+               set_preference("startpage", buf, 1);
+       }
+       if (buf[0] == '/') {
+               strcpy(buf, &buf[1]);
        }
+       http_redirect(buf);
+}
 
 
-void do_logout(void) {
+/**
+ * Disconnect from the Citadel server, and end this WebCit session
+ */
+void end_webcit_session(void) {
        char buf[256];
 
-       strcpy(wc_username, "");
-       strcpy(wc_password, "");
-       strcpy(wc_roomname, "");
+       if (WC->logged_in) {
+               sprintf(buf, "%d", WC->current_iconbar);
+               set_preference("current_iconbar", buf, 0);
+               set_preference("floordiv_expanded", WC->floordiv_expanded, 1);
+       }
 
-       printf("HTTP/1.0 200 OK\n");
-       output_headers(2);      /* note the "2" which causes cookies to be unset */
+       serv_puts("QUIT");
+       WC->killthis = 1;
+       /* close() of citadel socket will be done by do_housekeeping() */
+}
 
-       wprintf("<CENTER>");    
-       serv_puts("MESG goodbye");
-       serv_gets(buf);
+/** 
+ * execute the logout
+ */
+void do_logout(void)
+{
+       char buf[SIZ];
 
-       if (buf[0]=='1') fmout(NULL);
-       else wprintf("Goodbye\n");
+       safestrncpy(WC->wc_username, "", sizeof WC->wc_username);
+       safestrncpy(WC->wc_password, "", sizeof WC->wc_password);
+       safestrncpy(WC->wc_roomname, "", sizeof WC->wc_roomname);
+       safestrncpy(WC->wc_fullname, "", sizeof WC->wc_fullname);
 
-       wprintf("<HR><A HREF=\"/\">Log in again</A>\n");
-       wprintf("</CENTER></BODY></HTML>\n");
-       wDumpContent();
-       serv_puts("QUIT");
-       exit(0);
-       }
+       /** Calling output_headers() this way causes the cookies to be un-set */
+       output_headers(1, 1, 0, 1, 0, 0);
 
+       wprintf("<center>");
+       serv_puts("MESG goodbye");
+       serv_getln(buf, sizeof buf);
 
+       if (WC->serv_sock >= 0) {
+               if (buf[0] == '1') {
+                       fmout("CENTER");
+               } else {
+                       wprintf("Goodbye\n");
+               }
+       }
+       else {
+               wprintf(_("This program was unable to connect or stay "
+                       "connected to the Citadel server.  Please report "
+                       "this problem to your system administrator.")
+               );
+       }
 
+       wprintf("<hr /><a href=\".\">");
+       wprintf(_("Log in again"));
+       wprintf("</A>&nbsp;&nbsp;&nbsp;"
+               "<a href=\"javascript:window.close();\">");
+       wprintf(_("Close window"));
+       wprintf("</a></center>\n");
+       wDumpContent(2);
+       end_webcit_session();
+}
 
 
-/* 
+/* *
  * validate new users
  */
-void validate(void) {
-       char cmd[256];
-       char user[256];
-       char buf[256];
+void validate(void)
+{
+       char cmd[SIZ];
+       char user[SIZ];
+       char buf[SIZ];
        int a;
 
-       printf("HTTP/1.0 200 OK\n");
-       output_headers(1);
-
-       strcpy(buf,bstr("user"));
-       if (strlen(buf)>0) if (strlen(bstr("axlevel"))>0) {
-               serv_printf("VALI %s|%s",buf,bstr("axlevel"));
-               serv_gets(buf);
-               if (buf[0]!='2') {
-                       wprintf("<EM>%s</EM><BR>\n", &buf[4]);
+       output_headers(1, 1, 2, 0, 0, 0);
+       wprintf("<div id=\"banner\">\n"
+               "<TABLE class=\"auth_banner\"><TR><TD>"
+               "<SPAN CLASS=\"titlebar\">");
+       wprintf(_("Validate new users"));
+       wprintf("</SPAN></TD></TR></TABLE>\n</div>\n<div id=\"content\">\n");
+
+       /** If the user just submitted a validation, process it... */
+       safestrncpy(buf, bstr("user"), sizeof buf);
+       if (strlen(buf) > 0) {
+               if (strlen(bstr("axlevel")) > 0) {
+                       serv_printf("VALI %s|%s", buf, bstr("axlevel"));
+                       serv_getln(buf, sizeof buf);
+                       if (buf[0] != '2') {
+                               wprintf("<b>%s</b><br />\n", &buf[4]);
                        }
                }
-       
-       serv_puts("GNUR");
-       serv_gets(buf);
+       }
 
-       if (buf[0]!='3') {
-               wprintf("<EM>%s</EM><BR></BODY></HTML>\n", &buf[4]);
-               wDumpContent();
+       /** Now see if any more users require validation. */
+       serv_puts("GNUR");
+       serv_getln(buf, sizeof buf);
+       if (buf[0] == '2') {
+               wprintf("<b>");
+               wprintf(_("No users require validation at this time."));
+               wprintf("</b><br />\n");
+               wDumpContent(1);
                return;
-               }
+       }
+       if (buf[0] != '3') {
+               wprintf("<b>%s</b><br />\n", &buf[4]);
+               wDumpContent(1);
+               return;
+       }
 
-       strcpy(user,&buf[4]);
-       serv_printf("GREG %s",user);
-       serv_gets(cmd);
-       if (cmd[0]=='1') {
+       wprintf("<div class=\"fix_scrollbar_bug\">"
+               "<table class=\"auth_validate\"><tr><td>\n");
+       wprintf("<center>");
+
+       safestrncpy(user, &buf[4], sizeof user);
+       serv_printf("GREG %s", user);
+       serv_getln(cmd, sizeof cmd);
+       if (cmd[0] == '1') {
                a = 0;
                do {
-                       serv_gets(buf);
+                       serv_getln(buf, sizeof buf);
                        ++a;
-                       if (a==1) wprintf("User #%s<BR><H1>%s</H1>",
-                               buf,&cmd[4]);
-                       if (a==2) wprintf("PW: %s<BR>\n",buf);
-                       if (a==3) wprintf("%s<BR>\n",buf);
-                       if (a==4) wprintf("%s<BR>\n",buf);
-                       if (a==5) wprintf("%s, ",buf);
-                       if (a==6) wprintf("%s ",buf);
-                       if (a==7) wprintf("%s<BR>\n",buf);
-                       if (a==8) wprintf("%s<BR>\n",buf);
-                       if (a==9) wprintf("Current access level: %d (%s)\n",
-                               atoi(buf),axdefs[atoi(buf)]);
-                       } while(strcmp(buf,"000"));
-               }
-       else {
-               wprintf("<H1>%s</H1>%s<BR>\n",user,&cmd[4]);
-               }
-
-       wprintf("<CENTER><TABLE border><CAPTION>Select access level:");
-       wprintf("</CAPTION><TR>");
-       for (a=0; a<=6; ++a) {
-               wprintf(
-               "<TD><A HREF=\"/validate&user=%s&axlevel=%d\">%s</A></TD>\n",
-                       urlesc(user), a, axdefs[a]);
-               }
-       wprintf("</TR></TABLE><CENTER><BR>\n");
-       wDumpContent();
+                       if (a == 1)
+                               wprintf("#%s<br /><H1>%s</H1>",
+                                       buf, &cmd[4]);
+                       if (a == 2)
+                               wprintf("PW: %s<br />\n", buf);
+                       if (a == 3)
+                               wprintf("%s<br />\n", buf);
+                       if (a == 4)
+                               wprintf("%s<br />\n", buf);
+                       if (a == 5)
+                               wprintf("%s, ", buf);
+                       if (a == 6)
+                               wprintf("%s ", buf);
+                       if (a == 7)
+                               wprintf("%s<br />\n", buf);
+                       if (a == 8)
+                               wprintf("%s<br />\n", buf);
+                       if (a == 9)
+                               wprintf(_("Current access level: %d (%s)\n"),
+                                       atoi(buf), axdefs[atoi(buf)]);
+               } while (strcmp(buf, "000"));
+       } else {
+               wprintf("<H1>%s</H1>%s<br />\n", user, &cmd[4]);
        }
 
+       wprintf("<hr />");
+       wprintf(_("Select access level for this user:"));
+       wprintf("<br />\n");
+       for (a = 0; a <= 6; ++a) {
+               wprintf("<a href=\"validate?nonce=%ld?user=", WC->nonce);
+               urlescputs(user);
+               wprintf("&axlevel=%d\">%s</A>&nbsp;&nbsp;&nbsp;\n",
+                       a, axdefs[a]);
+       }
+       wprintf("<br />\n");
 
+       wprintf("</CENTER>\n");
+       wprintf("</td></tr></table></div>\n");
+       wDumpContent(1);
+}
 
 
 
-
-/* 
- * Display form for registration.
+/** 
+ * \brief Display form for registration.
  * (Set during_login to 1 if this registration is being performed during
  * new user login and will require chaining to the proper screen.)
+ * \param during_login are we just in the login phase?
  */
-void display_reg(int during_login) {
-       char buf[256];
-       int a;
-
-       printf("HTTP/1.0 200 OK\n");
-       output_headers(1);
+void display_reg(int during_login)
+{
+       long vcard_msgnum;
 
-        wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=007700><TR><TD>");
-        wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
-        wprintf("<B>Enter registration info</B>\n");
-        wprintf("</FONT></TD></TR></TABLE>\n");
-
-       wprintf("<CENTER>");
-       serv_puts("MESG register");
-       serv_gets(buf);
-       if (buf[0]=='1') fmout(NULL);
-
-       wprintf("<FORM ACTION=\"/register\" METHOD=\"POST\">\n");
-       wprintf("<INPUT TYPE=\"hidden\" NAME=\"during_login\" VALUE=\"%d\">\n", during_login);
-
-       serv_puts("GREG _SELF_");
-       serv_gets(buf);
-       if (buf[0]!='1') {
-               wprintf("<EM>%s</EM><BR>\n",&buf[4]);
-               }
-       else {
-       
-               wprintf("<H1>%s</H1><TABLE border>\n",&buf[4]);
-               a = 0;
-               while (serv_gets(buf), strcmp(buf,"000")) {
-                       ++a;
-                       wprintf("<TR><TD>");
-                       switch(a) {
-                               case 3: wprintf("Real Name:</TD><TD><INPUT TYPE=\"text\" NAME=\"realname\" VALUE=\"%s\" MAXLENGTH=\"29\"><BR>\n",buf);
-                                       break;
-                               case 4: wprintf("Street Address:</TD><TD><INPUT TYPE=\"text\" NAME=\"address\" VALUE=\"%s\" MAXLENGTH=\"24\"><BR>\n",buf);
-                                       break;
-                               case 5: wprintf("City/town:</TD><TD><INPUT TYPE=\"text\" NAME=\"city\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n",buf);
-                                       break;
-                               case 6: wprintf("State/province:</TD><TD><INPUT TYPE=\"text\" NAME=\"state\" VALUE=\"%s\" MAXLENGTH=\"2\"><BR>\n",buf);
-                                       break;
-                               case 7: wprintf("ZIP code:</TD><TD><INPUT TYPE=\"text\" NAME=\"zip\" VALUE=\"%s\" MAXLENGTH=\"10\"><BR>\n",buf);
-                                       break;
-                               case 8: wprintf("Telephone:</TD><TD><INPUT TYPE=\"text\" NAME=\"phone\" VALUE=\"%s\" MAXLENGTH=\"14\"><BR>\n",buf);
-                                       break;
-                               case 9: wprintf("E-Mail:</TD><TD><INPUT TYPE=\"text\" NAME=\"email\" VALUE=\"%s\" MAXLENGTH=\"31\"><BR>\n",buf);
-                                       break;
-                               }
-                       wprintf("</TD></TR>\n");
-                       }
-               wprintf("</TABLE><P>");
-               }
-       wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Register\">\n");
-       wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
-       wprintf("</CENTER></BODY></HTML>\n");
-       wDumpContent();
+       if (goto_config_room() != 0) {
+               if (during_login) do_welcome();
+               else display_main_menu();
+               return;
        }
 
-/*
- * register
- */
-void register_user(void) {
-       char buf[256];
-       
-       if (strcmp(bstr("action"),"Register")) {
-               display_error("Cancelled.  Registration was not saved.");
+       vcard_msgnum = locate_user_vcard(WC->wc_fullname, -1);
+       if (vcard_msgnum < 0L) {
+               if (during_login) do_welcome();
+               else display_main_menu();
                return;
-               }
-
-       serv_puts("REGI");
-       serv_gets(buf);
-       if (buf[0]!='4') {
-               display_error(&buf[4]);
-               }
+       }
 
-       serv_puts(bstr("realname"));
-       serv_puts(bstr("address"));
-       serv_puts(bstr("city"));
-       serv_puts(bstr("state"));
-       serv_puts(bstr("zip"));
-       serv_puts(bstr("phone"));
-       serv_puts(bstr("email"));
-       serv_puts("000");
-       
-       if (atoi(bstr("during_login"))) {
-               output_static("frameset.html");
-               }
+       if (during_login) {
+               do_edit_vcard(vcard_msgnum, "1", "do_welcome");
+       }
        else {
-               display_error("Registration information has been saved.");
-               }
+               do_edit_vcard(vcard_msgnum, "1", "display_main_menu");
        }
 
+}
 
 
 
 
-/* 
+/** 
  * display form for changing your password
  */
-void display_changepw(void) {
-       char buf[256];
-
-       printf("HTTP/1.0 200 OK\n");
-       output_headers(1);
+void display_changepw(void)
+{
+       char buf[SIZ];
+
+       output_headers(1, 1, 2, 0, 0, 0);
+       wprintf("<div id=\"banner\">\n"
+               "<TABLE class=\"auth_banner\"><TR><TD>"
+               "<SPAN CLASS=\"titlebar\">");
+       wprintf(_("Change your password"));
+       wprintf("</SPAN>"
+               "</TD></TR></TABLE>\n"
+               "</div>\n<div id=\"content\">\n"
+       );
+
+       if (strlen(WC->ImportantMessage) > 0) {
+               do_template("beginbox_nt");
+               wprintf("<SPAN CLASS=\"errormsg\">"
+                       "%s</SPAN><br />\n", WC->ImportantMessage);
+               do_template("endbox");
+               safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage);
+       }
 
-        wprintf("<TABLE WIDTH=100% BORDER=0 BGCOLOR=770000><TR><TD>");
-        wprintf("<FONT SIZE=+1 COLOR=\"FFFFFF\"");
-        wprintf("<B>Change your password</B>\n");
-        wprintf("</FONT></TD></TR></TABLE>\n");
+       wprintf("<div class=\"fix_scrollbar_bug\">"
+               "<table class=\"auth_validate\"><tr><td>\n");
 
-       wprintf("<CENTER>");
+       wprintf("<CENTER><br />");
        serv_puts("MESG changepw");
-       serv_gets(buf);
-       if (buf[0]=='1') fmout(NULL);
+       serv_getln(buf, sizeof buf);
+       if (buf[0] == '1') {
+               fmout("CENTER");
+       }
 
-       wprintf("<FORM ACTION=\"changepw\" METHOD=\"POST\">\n");
-       wprintf("<CENTER><TABLE border><TR><TD>Enter new password:</TD>\n");
+       wprintf("<form name=\"changepwform\" action=\"changepw\" method=\"post\">\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
+       wprintf("<CENTER>"
+               "<table border=\"0\" cellspacing=\"5\" cellpadding=\"5\" "
+               "BGCOLOR=\"#EEEEEE\">"
+               "<TR><TD>");
+       wprintf(_("Enter new password:"));
+       wprintf("</TD>\n");
        wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass1\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
-       wprintf("<TR><TD>Enter it again to confirm:</TD>\n");
+       wprintf("<TR><TD>");
+       wprintf(_("Enter it again to confirm:"));
+       wprintf("</TD>\n");
        wprintf("<TD><INPUT TYPE=\"password\" NAME=\"newpass2\" VALUE=\"\" MAXLENGTH=\"20\"></TD></TR>\n");
-       wprintf("</TABLE>\n");  
-       wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Change\">\n");
-       wprintf("<INPUT type=\"submit\" NAME=\"action\" VALUE=\"Cancel\">\n");
-       wprintf("</CENTER></BODY></HTML>\n");
-       wDumpContent();
-       }
 
-/*
- * change password
+       wprintf("</TABLE><br />\n");
+       wprintf("<INPUT type=\"submit\" name=\"change_action\" value=\"%s\">", _("Change password"));
+       wprintf("&nbsp;");
+       wprintf("<INPUT type=\"submit\" name=\"cancel_action\" value=\"%s\">\n", _("Cancel"));
+       wprintf("</form></center>\n");
+       wprintf("</td></tr></table></div>\n");
+       wDumpContent(1);
+}
+
+/**
+ * \brief change password
+ * if passwords match, propagate it to citserver.
  */
-void changepw(void) {
-       char buf[256];
+void changepw(void)
+{
+       char buf[SIZ];
        char newpass1[32], newpass2[32];
-       
-       if (strcmp(bstr("action"),"Change")) {
-               display_error("Cancelled.  Password was not changed.");
+
+       if (strlen(bstr("change_action")) == 0) {
+               safestrncpy(WC->ImportantMessage, 
+                       _("Cancelled.  Password was not changed."),
+                       sizeof WC->ImportantMessage);
+               display_main_menu();
                return;
-               }
+       }
 
-       strcpy(newpass1, bstr("newpass1"));
-       strcpy(newpass2, bstr("newpass2"));
+       safestrncpy(newpass1, bstr("newpass1"), sizeof newpass1);
+       safestrncpy(newpass2, bstr("newpass2"), sizeof newpass2);
 
        if (strcasecmp(newpass1, newpass2)) {
-               display_error("They don't match.  Password was not changed.");
+               safestrncpy(WC->ImportantMessage, 
+                       _("They don't match.  Password was not changed."),
+                       sizeof WC->ImportantMessage);
+               display_changepw();
                return;
-               }
+       }
+
+       if (strlen(newpass1) == 0) {
+               safestrncpy(WC->ImportantMessage, 
+                       _("Blank passwords are not allowed."),
+                       sizeof WC->ImportantMessage);
+               display_changepw();
+               return;
+       }
 
        serv_printf("SETP %s", newpass1);
-       serv_gets(buf);
-       if (buf[0]=='2') display_success(&buf[4]);
-       else display_error(&buf[4]);
+       serv_getln(buf, sizeof buf);
+       sprintf(WC->ImportantMessage, "%s", &buf[4]);
+       if (buf[0] == '2') {
+               safestrncpy(WC->wc_password, buf, sizeof WC->wc_password);
+               display_main_menu();
        }
+       else {
+               display_changepw();
+       }
+}
+
+
+
+/** @} */
Citadel server, clients, utilities