rename wprintf to wc_printf; wchar.h also has a wprintf

[citadel.git] / webcit / auth.c
diff --git a/webcit/auth.c b/webcit/auth.c

index 5283afa1824e171d6da09f2520c8a8aa1d2e9caf..fc0da9507a8253d1857fa0198e2e20c4c683b795 100644 (file)
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -8,6 +8,7 @@
  #include "webserver.h"
  #include <ctype.h>
  
+extern uint32_t hashlittle( const void *key, size_t length, uint32_t initval);
  
  void display_reg(int during_login);
  
@@ -29,7 +30,6 @@ void initialize_axdefs(void) {
  
  
  
-
  /* 
   * Display the login screen
   * mesg = the error message if last attempt failed.
@@ -63,7 +63,7 @@ void display_openid_name_request(const StrBuf *claimed_id, const StrBuf *usernam
         StrBuf *Buf = NULL;
  
         output_headers(1, 1, 2, 0, 0, 0);
-       wprintf("<div id=\"login_screen\">\n");
+       wc_printf("<div id=\"login_screen\">\n");
  
         Buf = NewStrBufPlain(NULL, StrLength(claimed_id));
         StrEscAppend(Buf, claimed_id, NULL, 0, 0);
@@ -74,7 +74,7 @@ void display_openid_name_request(const StrBuf *claimed_id, const StrBuf *usernam
  
         if (StrLength(username) > 0) {
                         Buf = NewStrBufPlain(NULL, StrLength(username));
-                       StrEscAppend(Buf, claimed_id, NULL, 0, 0);
+                       StrEscAppend(Buf, username, NULL, 0, 0);
                         svprintf(HKEY("REASON"), WCS_STRING,
                                  _("However, the user name '%s' conflicts with an existing user."), 
                                  ChrPtr(Buf));
@@ -91,7 +91,7 @@ void display_openid_name_request(const StrBuf *claimed_id, const StrBuf *usernam
         svput("EXIT_BUTTON", WCS_STRING, _("Exit"));
  
         svprintf(HKEY("BOXTITLE"), WCS_STRING, _("%s - powered by <a href=\"http://www.citadel.org\">Citadel</a>"),
-                ChrPtr(serv_info.serv_humannode));
+                ChrPtr(WC->serv_info->serv_humannode));
  
         do_template("openid_manual_create", NULL);
         wDumpContent(2);
@@ -114,10 +114,10 @@ void display_openid_name_request(const StrBuf *claimed_id, const StrBuf *usernam
  void become_logged_in(const StrBuf *user, const StrBuf *pass, StrBuf *serv_response)
  {
         wcsession *WCC = WC;
-       char buf[SIZ];
+       StrBuf *Buf;
         StrBuf *FloorDiv;
  
-       WC->logged_in = 1;
+       WCC->logged_in = 1;
  
         if (WCC->wc_fullname == NULL)
                 WCC->wc_fullname = NewStrBufPlain(NULL, StrLength(serv_response));
@@ -145,17 +145,23 @@ void become_logged_in(const StrBuf *user, const StrBuf *pass, StrBuf *serv_respo
  
         load_preferences();
  
+       Buf = NewStrBuf();
         serv_puts("CHEK");
-       serv_getln(buf, sizeof buf);
-       if (buf[0] == '2') {
-               WC->new_mail = extract_int(&buf[4], 0);
-               WC->need_regi = extract_int(&buf[4], 1);
-               WC->need_vali = extract_int(&buf[4], 2);
-               extract_token(WC->cs_inet_email, &buf[4], 3, '|', sizeof WC->cs_inet_email);
+       StrBuf_ServGetln(Buf);
+       if (GetServerStatus(Buf, NULL) == 2) {
+               const char *pch;
+
+               pch = ChrPtr(Buf) + 4;
+               WCC->new_mail  = StrBufExtractNext_long(Buf, &pch, '|');
+               WCC->need_regi = StrBufExtractNext_long(Buf, &pch, '|');
+               WCC->need_vali = StrBufExtractNext_long(Buf, &pch, '|');
+               if (WCC->cs_inet_email == NULL)
+                       WCC->cs_inet_email  = NewStrBuf();
+               StrBufExtract_NextToken(WCC->cs_inet_email, Buf, &pch, '|');
         }
-
         get_preference("floordiv_expanded", &FloorDiv);
-       WC->floordiv_expanded = FloorDiv;
+       WCC->floordiv_expanded = FloorDiv;
+       FreeStrBuf(&Buf);
  }
  
  
@@ -231,7 +237,6 @@ void do_login(void)
                 }
         }
         if (WCC->logged_in) {
-               set_preference("language", NewStrBufPlain(bstr("language"), -1), 1);
                 if (WCC->need_regi) {
                         display_reg(1);
                 } else if (WCC->need_vali) {
@@ -315,8 +320,8 @@ void do_openid_login(void)
                 snprintf(buf, sizeof buf,
                         "OIDS %s|%s://%s/finalize_openid_login|%s://%s",
                         bstr("openid_url"),
-                        (is_https ? "https" : "http"), ChrPtr(WCC->http_host),
-                        (is_https ? "https" : "http"), ChrPtr(WCC->http_host)
+                        (is_https ? "https" : "http"), ChrPtr(WCC->Hdr->HR.http_host),
+                        (is_https ? "https" : "http"), ChrPtr(WCC->Hdr->HR.http_host)
                 );
  
                 serv_puts(buf);
@@ -352,9 +357,7 @@ void finalize_openid_login(void)
         StrBuf *logged_in_response = NULL;
         StrBuf *claimed_id = NULL;
  
-       lprintf(9, "finalize_openid_login() started\n");
         if (havebstr("openid.mode")) {
-               lprintf(9, "finalize_openid_login() openid.mode = %s\n", bstr("openid.mode"));
                 if (!strcasecmp(bstr("openid.mode"), "id_res")) {
                         Buf = NewStrBuf();
                         serv_puts("OIDF");
@@ -366,8 +369,8 @@ void finalize_openid_login(void)
                                 const char *HKey;
                                 HashPos *Cursor;
                                 
-                               Cursor = GetNewHashPos (WCC->urlstrings, 0);
-                               while (GetNextHashPos(WCC->urlstrings, Cursor, &HKLen, &HKey, &U)) {
+                               Cursor = GetNewHashPos (WCC->Hdr->urlstrings, 0);
+                               while (GetNextHashPos(WCC->Hdr->urlstrings, Cursor, &HKLen, &HKey, &U)) {
                                         u = (urlcontent*) U;
                                         if (!strncasecmp(u->url_key, "openid.", 7)) {
                                                 serv_printf("%s|%s", &u->url_key[7], ChrPtr(u->url_data));
@@ -377,9 +380,7 @@ void finalize_openid_login(void)
                                 serv_puts("000");
  
                                 linecount = 0;
-                               while (StrBuf_ServGetln(Buf), 
-                                      (StrLength(Buf)==3) && 
-                                      !strcmp(ChrPtr(Buf), "000")) 
+                               while (StrBuf_ServGetln(Buf), strcmp(ChrPtr(Buf), "000")) 
                                 {
                                         if (linecount == 0) result = NewStrBufDup(Buf);
                                         if (!strcasecmp(ChrPtr(result), "authenticate")) {
@@ -423,7 +424,6 @@ void finalize_openid_login(void)
          * auto-creating one using Simple Registration Extension, we're already on our way.
          */
         if (!strcasecmp(ChrPtr(result), "authenticate")) {
-               lprintf(9, "finalize_openid_login() attempting to become_logged_in()\n");
                 become_logged_in(username, password, logged_in_response);
         }
  
@@ -506,14 +506,16 @@ void do_welcome(void)
          */
         if (!get_preference("startpage", &Buf)) {
                 Buf = NewStrBuf ();
-               StrBufPrintf(Buf, "dotskip&room=_BASEROOM_");
+               StrBufPrintf(Buf, "dotskip?room=_BASEROOM_");
                 set_preference("startpage", Buf, 1);
         }
         if (ChrPtr(Buf)[0] == '/') {
                 StrBufCutLeft(Buf, 1);
         }
-       if (StrLength(Buf) == 0)
+       if (StrLength(Buf) == 0) {
                 StrBufAppendBufPlain(Buf, "dotgoto?room=_BASEROOM_", -1, 0);
+       }
+       lprintf(9, "Redirecting to user's start page: %s\n", ChrPtr(Buf));
         http_redirect(ChrPtr(Buf));
  }
  
@@ -533,52 +535,61 @@ void end_webcit_session(void) {
   */
  void do_logout(void)
  {
+       wcsession *WCC = WC;
         char buf[SIZ];
  
-       FlushStrBuf(WC->wc_username);
-       FlushStrBuf(WC->wc_password);
-       FlushStrBuf(WC->wc_roomname);
-       FlushStrBuf(WC->wc_fullname);
+       FlushStrBuf(WCC->wc_username);
+       FlushStrBuf(WCC->wc_password);
+       FlushStrBuf(WCC->wc_roomname);
+       FlushStrBuf(WCC->wc_fullname);
  
         /* FIXME: this is to suppress the iconbar displaying, because we aren't
            actually logged out yet */
-       WC->logged_in = 0;
+       WCC->logged_in = 0;
         
         /** Calling output_headers() this way causes the cookies to be un-set */
         output_headers(1, 1, 0, 1, 0, 0);
  
-       wprintf("<div id=\"logout_screen\">");
-        wprintf("<div class=\"box\">");
-        wprintf("<div class=\"boxlabel\">");
-       wprintf(_("Log off"));
-        wprintf("</div><div class=\"boxcontent\">");   
+       wc_printf("<div id=\"logout_screen\">");
+        wc_printf("<div class=\"box\">");
+        wc_printf("<div class=\"boxlabel\">");
+       wc_printf(_("Log off"));
+        wc_printf("</div><div class=\"boxcontent\">"); 
         serv_puts("MESG goodbye");
         serv_getln(buf, sizeof buf);
  
-       if (WC->serv_sock >= 0) {
+       if (WCC->serv_sock >= 0) {
                 if (buf[0] == '1') {
                         fmout("CENTER");
                 } else {
-                       wprintf("Goodbye\n");
+                       wc_printf("Goodbye\n");
                 }
         }
         else {
-               wprintf(_("This program was unable to connect or stay "
+               wc_printf(_("This program was unable to connect or stay "
                         "connected to the Citadel server.  Please report "
                         "this problem to your system administrator.")
                 );
-               wprintf("<a href=\"http://www.citadel.org/doku.php/"
+               wc_printf("<a href=\"http://www.citadel.org/doku.php/"
                         "faq:mastering_your_os:net#netstat\">%s</a>", 
                         _("Read More..."));
         }
  
-       wprintf("<hr /><div class=\"buttons\"> "
+       wc_printf("<hr /><div class=\"buttons\"> "
                 "<span class=\"button_link\"><a href=\".\">");
-       wprintf(_("Log in again"));
-       wprintf("</a></span>&nbsp;&nbsp;&nbsp;<span class=\"button_link\">"
+       wc_printf(_("Log in again"));
+       wc_printf("</a></span>");
+
+       /* The "close window" link is commented out because some browsers don't
+        * allow it to work.
+        *
+       wc_printf("&nbsp;&nbsp;&nbsp;<span class=\"button_link\">"
                 "<a href=\"javascript:window.close();\">");
-       wprintf(_("Close window"));
-       wprintf("</a></span></div></div></div></div>\n");
+       wc_printf(_("Close window"));
+       wc_printf("</a></span>");
+        */
+
+       wc_printf("</div></div></div></div>\n");
         wDumpContent(2);
         end_webcit_session();
  }
@@ -595,13 +606,13 @@ void validate(void)
         int a;
  
         output_headers(1, 1, 2, 0, 0, 0);
-       wprintf("<div id=\"banner\">\n");
-       wprintf("<h1>");
-       wprintf(_("Validate new users"));
-       wprintf("</h1>");
-       wprintf("</div>\n");
+       wc_printf("<div id=\"banner\">\n");
+       wc_printf("<h1>");
+       wc_printf(_("Validate new users"));
+       wc_printf("</h1>");
+       wc_printf("</div>\n");
  
-       wprintf("<div id=\"content\" class=\"service\">\n");
+       wc_printf("<div id=\"content\" class=\"service\">\n");
  
         /* If the user just submitted a validation, process it... */
         safestrncpy(buf, bstr("user"), sizeof buf);
@@ -610,7 +621,7 @@ void validate(void)
                         serv_printf("VALI %s|%s", buf, bstr("axlevel"));
                         serv_getln(buf, sizeof buf);
                         if (buf[0] != '2') {
-                               wprintf("<b>%s</b><br>\n", &buf[4]);
+                               wc_printf("<b>%s</b><br>\n", &buf[4]);
                         }
                 }
         }
@@ -619,21 +630,21 @@ void validate(void)
         serv_puts("GNUR");
         serv_getln(buf, sizeof buf);
         if (buf[0] == '2') {
-               wprintf("<b>");
-               wprintf(_("No users require validation at this time."));
-               wprintf("</b><br>\n");
+               wc_printf("<b>");
+               wc_printf(_("No users require validation at this time."));
+               wc_printf("</b><br>\n");
                 wDumpContent(1);
                 return;
         }
         if (buf[0] != '3') {
-               wprintf("<b>%s</b><br>\n", &buf[4]);
+               wc_printf("<b>%s</b><br>\n", &buf[4]);
                 wDumpContent(1);
                 return;
         }
  
-       wprintf("<div class=\"fix_scrollbar_bug\">"
+       wc_printf("<div class=\"fix_scrollbar_bug\">"
                 "<table class=\"auth_validate\"><tr><td>\n");
-       wprintf("<div id=\"validate\">");
+       wc_printf("<div id=\"validate\">");
  
         safestrncpy(user, &buf[4], sizeof user);
         serv_printf("GREG %s", user);
@@ -644,7 +655,7 @@ void validate(void)
                         serv_getln(buf, sizeof buf);
                         ++a;
                         if (a == 1)
-                               wprintf("#%s<br><H1>%s</H1>",
+                               wc_printf("#%s<br><H1>%s</H1>",
                                         buf, &cmd[4]);
                         if (a == 2) {
                                 char *pch;
@@ -681,41 +692,41 @@ void validate(void)
                                         pch = _("strong");
                                 }
  
-                               wprintf("PW: %s<br>\n", pch);
+                               wc_printf("PW: %s<br>\n", pch);
                         }
                         if (a == 3)
-                               wprintf("%s<br>\n", buf);
+                               wc_printf("%s<br>\n", buf);
                         if (a == 4)
-                               wprintf("%s<br>\n", buf);
+                               wc_printf("%s<br>\n", buf);
                         if (a == 5)
-                               wprintf("%s, ", buf);
+                               wc_printf("%s, ", buf);
                         if (a == 6)
-                               wprintf("%s ", buf);
+                               wc_printf("%s ", buf);
                         if (a == 7)
-                               wprintf("%s<br>\n", buf);
+                               wc_printf("%s<br>\n", buf);
                         if (a == 8)
-                               wprintf("%s<br>\n", buf);
+                               wc_printf("%s<br>\n", buf);
                         if (a == 9)
-                               wprintf(_("Current access level: %d (%s)\n"),
+                               wc_printf(_("Current access level: %d (%s)\n"),
                                         atoi(buf), axdefs[atoi(buf)]);
                 } while (strcmp(buf, "000"));
         } else {
-               wprintf("<H1>%s</H1>%s<br />\n", user, &cmd[4]);
+               wc_printf("<H1>%s</H1>%s<br />\n", user, &cmd[4]);
         }
  
-       wprintf("<hr />");
-       wprintf(_("Select access level for this user:"));
-       wprintf("<br />\n");
+       wc_printf("<hr />");
+       wc_printf(_("Select access level for this user:"));
+       wc_printf("<br />\n");
         for (a = 0; a <= 6; ++a) {
-               wprintf("<a href=\"validate?nonce=%d?user=", WC->nonce);
+               wc_printf("<a href=\"validate?nonce=%d?user=", WC->nonce);
                 urlescputs(user);
-               wprintf("&axlevel=%d\">%s</A>&nbsp;&nbsp;&nbsp;\n",
+               wc_printf("&axlevel=%d\">%s</A>&nbsp;&nbsp;&nbsp;\n",
                         a, axdefs[a]);
         }
-       wprintf("<br />\n");
+       wc_printf("<br />\n");
  
-       wprintf("</div>\n");
-       wprintf("</td></tr></table></div>\n");
+       wc_printf("</div>\n");
+       wc_printf("</td></tr></table></div>\n");
         wDumpContent(1);
  }
  
@@ -729,28 +740,49 @@ void validate(void)
   */
  void display_reg(int during_login)
  {
+       StrBuf *Buf;
+       message_summary *VCMsg = NULL;
+       wc_mime_attachment *VCAtt = NULL;
         long vcard_msgnum;
  
-       if (goto_config_room() != 0) {
-               if (during_login) do_welcome();
-               else display_main_menu();
+       Buf = NewStrBuf();
+       if (goto_config_room(Buf) != 0) {
+               lprintf(9, "display_reg() exiting because goto_config_room() failed\n");
+               if (during_login) {
+                       do_welcome();
+               }
+               else {
+                       display_main_menu();
+               }
+               FreeStrBuf(&Buf);
                 return;
         }
  
-       vcard_msgnum = locate_user_vcard_in_this_room();
+       FreeStrBuf(&Buf);
+       vcard_msgnum = locate_user_vcard_in_this_room(&VCMsg, &VCAtt);
         if (vcard_msgnum < 0L) {
-               if (during_login) do_welcome();
-               else display_main_menu();
+               lprintf(9, "display_reg() exiting because locate_user_vcard_in_this_room() failed\n");
+               if (during_login) {
+                       do_welcome();
+               }
+               else {
+                       display_main_menu();
+               }
                 return;
         }
  
         if (during_login) {
-               do_edit_vcard(vcard_msgnum, "1", "do_welcome", USERCONFIGROOM);
+               do_edit_vcard(vcard_msgnum, "1", VCMsg, VCAtt, "do_welcome", USERCONFIGROOM);
         }
         else {
-               do_edit_vcard(vcard_msgnum, "1", "display_main_menu", USERCONFIGROOM);
+               StrBuf *ReturnTo;
+               ReturnTo = NewStrBufPlain(HKEY("display_main_menu?gotofirst="));
+               StrBufAppendBuf(ReturnTo, WC->wc_roomname, 0);
+               do_edit_vcard(vcard_msgnum, "1", VCMsg, VCAtt, ChrPtr(ReturnTo), USERCONFIGROOM);
+               FreeStrBuf(&ReturnTo);
         }
  
+       /* FIXME - don't we have to free VCMsg and VCAtt ?? */
  }
  
  
@@ -775,7 +807,7 @@ void display_changepw(void)
         FreeStrBuf(&Buf);
  
         if (!IsEmptyStr(WC->ImportantMessage)) {
-               wprintf("<span class=\"errormsg\">"
+               wc_printf("<span class=\"errormsg\">"
                         "%s</span><br />\n", WC->ImportantMessage);
                 safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage);
         }
@@ -786,25 +818,25 @@ void display_changepw(void)
                 fmout("CENTER");
         }
  
-       wprintf("<form name=\"changepwform\" action=\"changepw\" method=\"post\">\n");
-       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%d\">\n", WC->nonce);
-       wprintf("<table class=\"altern\" ");
-       wprintf("<tr class=\"even\"><td>");
-       wprintf(_("Enter new password:"));
-       wprintf("</td><td>");
-       wprintf("<input type=\"password\" name=\"newpass1\" value=\"\" maxlength=\"20\"></td></tr>\n");
-       wprintf("<tr class=\"odd\"><td>");
-       wprintf(_("Enter it again to confirm:"));
-       wprintf("</td><td>");
-       wprintf("<input type=\"password\" name=\"newpass2\" value=\"\" maxlength=\"20\"></td></tr>\n");
-       wprintf("</table>\n");
-
-       wprintf("<div class=\"buttons\">\n");
-       wprintf("<input type=\"submit\" name=\"change_action\" value=\"%s\">", _("Change password"));
-       wprintf("&nbsp;");
-       wprintf("<input type=\"submit\" name=\"cancel_action\" value=\"%s\">\n", _("Cancel"));
-       wprintf("</div>\n");
-       wprintf("</form>\n");
+       wc_printf("<form name=\"changepwform\" action=\"changepw\" method=\"post\">\n");
+       wc_printf("<input type=\"hidden\" name=\"nonce\" value=\"%d\">\n", WC->nonce);
+       wc_printf("<table class=\"altern\" ");
+       wc_printf("<tr class=\"even\"><td>");
+       wc_printf(_("Enter new password:"));
+       wc_printf("</td><td>");
+       wc_printf("<input type=\"password\" name=\"newpass1\" value=\"\" maxlength=\"20\"></td></tr>\n");
+       wc_printf("<tr class=\"odd\"><td>");
+       wc_printf(_("Enter it again to confirm:"));
+       wc_printf("</td><td>");
+       wc_printf("<input type=\"password\" name=\"newpass2\" value=\"\" maxlength=\"20\"></td></tr>\n");
+       wc_printf("</table>\n");
+
+       wc_printf("<div class=\"buttons\">\n");
+       wc_printf("<input type=\"submit\" name=\"change_action\" value=\"%s\">", _("Change password"));
+       wc_printf("&nbsp;");
+       wc_printf("<input type=\"submit\" name=\"cancel_action\" value=\"%s\">\n", _("Cancel"));
+       wc_printf("</div>\n");
+       wc_printf("</form>\n");
  
         do_template("endbox", NULL);
         wDumpContent(1);
@@ -865,45 +897,158 @@ void changepw(void)
  
  int ConditionalAide(StrBuf *Target, WCTemplputParams *TP)
  {
-       return (WC->is_aide == 0);
+       wcsession *WCC = WC;
+       return (WCC != NULL)? (WC->is_aide == 0) : 0;
  }
  
  int ConditionalRoomAide(StrBuf *Target, WCTemplputParams *TP)
  {
-       return (WC->is_room_aide == 0);
+       wcsession *WCC = WC;
+       return (WCC != NULL)? (WCC->is_room_aide == 0) : 0;
  }
  
-int ConditionalIsLoggedIn(StrBuf *Target, WCTemplputParams *TP) {
-  return (WC->logged_in == 0);
+
+int ConditionalIsLoggedIn(StrBuf *Target, WCTemplputParams *TP) 
+{
+       wcsession *WCC = WC;
+       return (WCC != NULL)? (WCC->logged_in == 0) : 0;
  }
+
+
  int ConditionalRoomAcessDelete(StrBuf *Target, WCTemplputParams *TP)
  {
         wcsession *WCC = WC;
-       return ( (WCC->is_room_aide) || (WCC->is_mailbox) || (WCC->room_flags2 & QR2_COLLABDEL) );
+       return (WCC != NULL)? ( (WCC->is_room_aide) || (WCC->is_mailbox) || (WCC->room_flags2 & QR2_COLLABDEL) ) : 0;
  }
  
  
+void _display_openid_login(void) {
+       display_openid_login(NULL);
+}
  
-void _display_openid_login(void) {display_openid_login(NULL);}
-void _display_reg(void) {display_reg(0);}
+
+void _display_reg(void) {
+       display_reg(0);
+}
  
  
+void Header_HandleAuth(StrBuf *Line, ParsedHttpHdrs *hdr)
+{
+       if (hdr->HR.got_auth == NO_AUTH) /* don't override cookie auth... */
+       {
+               if (strncasecmp(ChrPtr(Line), "Basic", 5) == 0) {
+                       StrBufCutLeft(Line, 6);
+                       StrBufDecodeBase64(Line);
+                       hdr->HR.plainauth = Line;
+                       hdr->HR.got_auth = AUTH_BASIC;
+               }
+               else 
+                       lprintf(1, "Authentication scheme not supported! [%s]\n", ChrPtr(Line));
+       }
+}
+
+void CheckAuthBasic(ParsedHttpHdrs *hdr)
+{
+/*
+  todo: enable this if we can have other sessions than authenticated ones.
+       if (hdr->DontNeedAuth)
+               return;
+*/
+       StrBufAppendBufPlain(hdr->HR.plainauth, HKEY(":"), 0);
+       StrBufAppendBuf(hdr->HR.plainauth, hdr->HR.user_agent, 0);
+       hdr->HR.SessionKey = hashlittle(SKEY(hdr->HR.plainauth), 89479832);
+/*
+       lprintf(1, "CheckAuthBasic: calculated sessionkey %ld\n", 
+               hdr->HR.SessionKey);
+*/
+}
+
+void GetAuthBasic(ParsedHttpHdrs *hdr)
+{
+       const char *Pos = NULL;
+       if (hdr->c_username == NULL)
+               hdr->c_username = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER));
+       if (hdr->c_password == NULL)
+               hdr->c_password = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_PASS));
+       StrBufExtract_NextToken(hdr->c_username, hdr->HR.plainauth, &Pos, ':');
+       StrBufExtract_NextToken(hdr->c_password, hdr->HR.plainauth, &Pos, ':');
+}
+
+void Header_HandleCookie(StrBuf *Line, ParsedHttpHdrs *hdr)
+{
+       const char *pch;
+/*
+  todo: enable this if we can have other sessions than authenticated ones.
+       if (hdr->DontNeedAuth)
+               return;
+*/
+       pch = strstr(ChrPtr(Line), "webcit=");
+       if (pch == NULL) {
+               return;
+       }
+
+       hdr->HR.RawCookie = Line;
+       StrBufCutLeft(hdr->HR.RawCookie, (pch - ChrPtr(hdr->HR.RawCookie)) + 7);
+       StrBufDecodeHex(hdr->HR.RawCookie);
+
+       cookie_to_stuff(Line, &hdr->HR.desired_session,
+                       hdr->c_username,
+                       hdr->c_password,
+                       hdr->c_roomname,
+                       hdr->c_language
+       );
+       hdr->HR.got_auth = AUTH_COOKIE;
+}
+
+void 
+HttpNewModule_AUTH
+(ParsedHttpHdrs *httpreq)
+{
+       httpreq->c_username = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER));
+       httpreq->c_password = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_PASS));
+       httpreq->c_roomname = NewStrBuf();
+       httpreq->c_language = NewStrBuf();
+}
+void 
+HttpDetachModule_AUTH
+(ParsedHttpHdrs *httpreq)
+{
+       FLUSHStrBuf(httpreq->c_username);
+       FLUSHStrBuf(httpreq->c_password);
+       FLUSHStrBuf(httpreq->c_roomname);
+       FLUSHStrBuf(httpreq->c_language);
+}
+
+void 
+HttpDestroyModule_AUTH
+(ParsedHttpHdrs *httpreq)
+{
+       FreeStrBuf(&httpreq->c_username);
+       FreeStrBuf(&httpreq->c_password);
+       FreeStrBuf(&httpreq->c_roomname);
+       FreeStrBuf(&httpreq->c_language);
+}
+
  void 
  InitModule_AUTH
  (void)
  {
-       WebcitAddUrlHandler(HKEY("do_welcome"), do_welcome, ANONYMOUS);
-       WebcitAddUrlHandler(HKEY("login"), do_login, ANONYMOUS);
-       WebcitAddUrlHandler(HKEY("display_openid_login"), _display_openid_login, ANONYMOUS);
-       WebcitAddUrlHandler(HKEY("openid_login"), do_openid_login, ANONYMOUS);
-       WebcitAddUrlHandler(HKEY("finalize_openid_login"), finalize_openid_login, ANONYMOUS);
-       WebcitAddUrlHandler(HKEY("openid_manual_create"), openid_manual_create, ANONYMOUS);
-       WebcitAddUrlHandler(HKEY("do_logout"), do_logout, 0);
-       WebcitAddUrlHandler(HKEY("validate"), validate, 0);
-       WebcitAddUrlHandler(HKEY("display_reg"), _display_reg, 0);
-       WebcitAddUrlHandler(HKEY("display_changepw"), display_changepw, 0);
-       WebcitAddUrlHandler(HKEY("changepw"), changepw, 0);
-       WebcitAddUrlHandler(HKEY("termquit"), do_logout, 0);
+       RegisterHeaderHandler(HKEY("COOKIE"), Header_HandleCookie);
+       RegisterHeaderHandler(HKEY("AUTHORIZATION"), Header_HandleAuth);
+
+       WebcitAddUrlHandler(HKEY(""), "", 0, do_welcome, ANONYMOUS|COOKIEUNNEEDED); /* no url pattern at all? Show login. */
+       WebcitAddUrlHandler(HKEY("do_welcome"), "", 0, do_welcome, ANONYMOUS|COOKIEUNNEEDED);
+       WebcitAddUrlHandler(HKEY("login"), "", 0, do_login, ANONYMOUS|COOKIEUNNEEDED);
+       WebcitAddUrlHandler(HKEY("display_openid_login"), "", 0, _display_openid_login, ANONYMOUS);
+       WebcitAddUrlHandler(HKEY("openid_login"), "", 0, do_openid_login, ANONYMOUS);
+       WebcitAddUrlHandler(HKEY("finalize_openid_login"), "", 0, finalize_openid_login, ANONYMOUS);
+       WebcitAddUrlHandler(HKEY("openid_manual_create"), "", 0, openid_manual_create, ANONYMOUS);
+       WebcitAddUrlHandler(HKEY("do_logout"), "", 0, do_logout, ANONYMOUS|COOKIEUNNEEDED|FORCE_SESSIONCLOSE);
+       WebcitAddUrlHandler(HKEY("validate"), "", 0, validate, 0);
+       WebcitAddUrlHandler(HKEY("display_reg"), "", 0, _display_reg, 0);
+       WebcitAddUrlHandler(HKEY("display_changepw"), "", 0, display_changepw, 0);
+       WebcitAddUrlHandler(HKEY("changepw"), "", 0, changepw, 0);
+       WebcitAddUrlHandler(HKEY("termquit"), "", 0, do_logout, 0);
  
         RegisterConditional(HKEY("COND:AIDE"), 2, ConditionalAide, CTX_NONE);
         RegisterConditional(HKEY("COND:ROOMAIDE"), 2, ConditionalRoomAide, CTX_NONE);
@@ -912,3 +1057,16 @@ InitModule_AUTH
  
         return ;
  }
+
+
+void 
+SessionDestroyModule_AUTH
+(wcsession *sess)
+{
+       FreeStrBuf(&sess->wc_username);
+       FreeStrBuf(&sess->wc_fullname);
+       FreeStrBuf(&sess->wc_password);
+       FreeStrBuf(&sess->wc_roomname);
+       FreeStrBuf(&sess->httpauth_pass);
+       FreeStrBuf(&sess->cs_inet_email);
+}