X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=webcit%2Fwebcit.c;fp=webcit%2Fwebcit.c;h=7cc9768b9fc20de15dab0b656e59322a876dc3b8;hb=8611acef7ff4213c28ad20ff755d34509870bc96;hp=0000000000000000000000000000000000000000;hpb=76a0f8571de023fe6bd20390174a2302e0a0b982;p=citadel.git

diff --git a/webcit/webcit.c b/webcit/webcit.c
new file mode 100644
index 000000000..7cc9768b9
--- /dev/null
+++ b/webcit/webcit.c
@@ -0,0 +1,1012 @@
+// This is the main transaction loop of the web service.  It maintains a
+// persistent session to the Citadel server, handling HTTP WebCit requests as
+// they arrive and presenting a user interface.
+//
+// Copyright (c) 1996-2021 by the citadel.org team
+//
+// This program is open source software.  You can redistribute it and/or
+// modify it under the terms of the GNU General Public License, version 3.
+
+
+#define SHOW_ME_VAPPEND_PRINTF
+#include <stdio.h>
+#include <stdarg.h>
+#include "webcit.h"
+#include "dav.h"
+#include "webserver.h"
+
+StrBuf *csslocal = NULL;
+HashList *HandlerHash = NULL;
+
+void stuff_to_cookie(int unset_cookie);
+extern int GetConnected(void);
+extern int verbose;
+
+void PutRequestLocalMem(void *Data, DeleteHashDataFunc DeleteIt)
+{
+	int n;
+	
+	n = GetCount(WC->Hdr->HTTPHeaders);
+	Put(WC->Hdr->HTTPHeaders, IKEY(n), Data, DeleteIt);
+}
+
+void DeleteWebcitHandler(void *vHandler)
+{
+	WebcitHandler *Handler = (WebcitHandler*) vHandler;
+	FreeStrBuf(&Handler->Name);
+	FreeStrBuf(&Handler->DisplayName);
+	free (Handler);
+}
+
+void WebcitAddUrlHandler(const char * UrlString, long UrlSLen, 
+			 const char *DisplayName, long dslen,
+			 WebcitHandlerFunc F, 
+			 long Flags)
+{
+	WebcitHandler *NewHandler;	
+	NewHandler = (WebcitHandler*) malloc(sizeof(WebcitHandler));
+	NewHandler->F = F;
+	NewHandler->Flags = Flags;
+	NewHandler->Name = NewStrBufPlain(UrlString, UrlSLen);
+	StrBufShrinkToFit(NewHandler->Name, 1);
+	NewHandler->DisplayName = NewStrBufPlain(DisplayName, dslen);
+	StrBufShrinkToFit(NewHandler->DisplayName, 1);
+	Put(HandlerHash, UrlString, UrlSLen, NewHandler, DeleteWebcitHandler);
+}
+
+void tmplput_HANDLER_DISPLAYNAME(StrBuf *Target, WCTemplputParams *TP) 
+{
+	if (WC->Hdr->HR.Handler != NULL)
+		StrBufAppendTemplate(Target, TP, WC->Hdr->HR.Handler->DisplayName, 0);
+}
+
+
+/*
+ * web-printing funcion. uses our vsnprintf wrapper
+ */
+#ifdef UBER_VERBOSE_DEBUGGING
+void wcc_printf(const char *FILE, const char *FUNCTION, long LINE, const char *format,...)
+#else
+void wc_printf(const char *format,...)
+#endif
+{
+	va_list arg_ptr;
+
+	if (WC->WBuf == NULL)
+		WC->WBuf = NewStrBuf();
+#ifdef UBER_VERBOSE_DEBUGGING
+	StrBufAppendPrintf(WC->WBuf, "\n%s:%s:%d[", FILE, FUNCTION, LINE);
+#endif
+
+	va_start(arg_ptr, format);
+	StrBufVAppendPrintf(WC->WBuf, format, arg_ptr);
+	va_end(arg_ptr);
+#ifdef UBER_VERBOSE_DEBUGGING
+	StrBufAppendPrintf(WC->WBuf, "]\n");
+#endif
+}
+
+/*
+ * http-header-printing funcion. uses our vsnprintf wrapper
+ */
+void hprintf(const char *format,...)
+{
+	va_list arg_ptr;
+
+	va_start(arg_ptr, format);
+	StrBufVAppendPrintf(WC->HBuf, format, arg_ptr);
+	va_end(arg_ptr);
+}
+
+
+
+/*
+ * wrap up an HTTP session, closes tags, etc.
+ *
+ * print_standard_html_footer should be set to:
+ * 0		- to transmit only,
+ * nonzero	- to append the closing tags
+ */
+void wDumpContent(int print_standard_html_footer)
+{
+	if (print_standard_html_footer) {
+		wc_printf("</div> <!-- end of 'content' div -->\n");
+		do_template("trailing");
+	}
+
+	/* If we've been saving it all up for one big output burst,
+	 * go ahead and do that now.
+	 */
+	end_burst();
+}
+
+
+ 
+
+/*
+ * Output HTTP headers and leading HTML for a page
+ */
+void output_headers(	int do_httpheaders,	/* 1 = output HTTP headers			  */
+			int do_htmlhead,	/* 1 = output HTML <head> section and <body> opener */
+			int do_room_banner,	/* 1 = include the room banner and <div id="content"></div> */
+			int unset_cookies,	/* 1 = session is terminating, so unset the cookies */
+			int suppress_check,	/* 1 = suppress check for instant messages	  */
+			int cache		/* 1 = allow browser to cache this page	     */
+) {
+	char httpnow[128];
+
+	if (WC->isFailure) 
+		hprintf("HTTP/2.2 500 Internal Server Error");
+	else if (WC->Hdr->HaveRange > 1)
+		hprintf("HTTP/1.1 206 Partial Content\r\n");
+	else
+		hprintf("HTTP/1.1 200 OK\r\n");
+
+	http_datestring(httpnow, sizeof httpnow, time(NULL));
+
+	if (do_httpheaders) {
+		if (WC->serv_info != NULL)
+			hprintf("Content-type: text/html; charset=utf-8\r\n"
+				"Server: %s / %s\n"
+				"Connection: close\r\n",
+				PACKAGE_STRING, 
+				ChrPtr(WC->serv_info->serv_software));
+		else
+			hprintf("Content-type: text/html; charset=utf-8\r\n"
+				"Server: %s / [n/a]\n"
+				"Connection: close\r\n",
+				PACKAGE_STRING);
+	}
+
+	if (cache > 0) {
+		char httpTomorow[128];
+
+		http_datestring(httpTomorow, sizeof httpTomorow, 
+				time(NULL) + 60 * 60 * 24 * 2);
+
+		hprintf("Pragma: public\r\n"
+			"Cache-Control: max-age=3600, must-revalidate\r\n"
+			"Last-modified: %s\r\n"
+			"Expires: %s\r\n",
+			httpnow,
+			httpTomorow
+		);
+	}
+	else {
+		hprintf("Pragma: no-cache\r\n"
+			"Cache-Control: no-store\r\n"
+			"Expires: -1\r\n"
+		);
+	}
+
+	if (cache < 2) stuff_to_cookie(unset_cookies);
+
+	if (do_htmlhead) {
+		begin_burst();
+		do_template("head");
+		if ( (WC->logged_in) && (!unset_cookies) ) {
+			DoTemplate(HKEY("paging"), NULL, &NoCtx);
+		}
+		if (do_room_banner) {
+			tmplput_roombanner(NULL, NULL);
+		}
+	}
+
+	if (do_room_banner) {
+		wc_printf("<div id=\"content\">\n");
+	}
+}
+
+void output_custom_content_header(const char *ctype) {
+	hprintf("HTTP/1.1 200 OK\r\n");
+	hprintf("Content-type: %s; charset=utf-8\r\n",ctype);
+	hprintf("Server: %s / %s\r\n", PACKAGE_STRING, ChrPtr(WC->serv_info->serv_software));
+	hprintf("Connection: close\r\n");
+}
+
+
+/*
+ * Generic function to do an HTTP redirect.  Easy and fun.
+ */
+void http_redirect(const char *whichpage) {
+	hprintf("HTTP/1.1 302 Moved Temporarily\n");
+	hprintf("Location: %s\r\n", whichpage);
+	hprintf("URI: %s\r\n", whichpage);
+	hprintf("Content-type: text/html; charset=utf-8\r\n");
+	stuff_to_cookie(0);
+	begin_burst();
+	wc_printf("<html><body>");
+	wc_printf("Go <a href=\"%s\">here</A>.", whichpage);
+	wc_printf("</body></html>\n");
+	end_burst();
+}
+
+
+
+/*
+ * Output a piece of content to the web browser using conformant HTTP and MIME semantics.
+ *
+ * If this function is called, it is expected that begin_burst() has already been called
+ * and some sort of content has been fed into the buffer.  This function will transmit a
+ * bunch of headers to the client.  end_burst() will add some headers of its own, and then
+ * transmit the buffered content to the client.
+ */
+void http_transmit_thing(const char *content_type, int is_static)
+{
+	if (verbose)
+		syslog(LOG_DEBUG, "http_transmit_thing(%s)%s", content_type, ((is_static > 0) ? " (static)" : ""));
+	output_headers(0, 0, 0, 0, 0, is_static);
+
+	hprintf("Content-type: %s\r\n"
+		"Server: %s\r\n"
+		"Connection: close\r\n",
+		content_type,
+		PACKAGE_STRING);
+
+	end_burst();
+}
+
+void http_transmit_headers(const char *content_type, int is_static, long is_chunked, int is_gzip)
+{
+	if (verbose)
+		syslog(LOG_DEBUG, "http_transmit_thing(%s)%s", content_type, ((is_static > 0) ? " (static)" : ""));
+	output_headers(0, 0, 0, 0, 0, is_static);
+
+	if (is_gzip)
+		hprintf("Content-encoding: gzip\r\n");
+
+	if (WC->Hdr->HaveRange)
+		hprintf("Accept-Ranges: bytes\r\n"
+			"Content-Range: bytes %ld-%ld/%ld\r\n",
+			WC->Hdr->RangeStart,
+			WC->Hdr->RangeTil,
+			WC->Hdr->TotalBytes);
+
+	hprintf("Content-type: %s\r\n"
+		"Server: "PACKAGE_STRING"\r\n"
+		"%s"
+		"Connection: close\r\n\r\n",
+		content_type,
+		(is_chunked)?"Transfer-Encoding: chunked\r\n":"");
+}
+
+
+/*
+ * Convenience functions to display a page containing only a string
+ *
+ * titlebarcolor	color of the titlebar of the frame
+ * titlebarmsg		text to display in the title bar
+ * messagetext		body of the box
+ */
+void convenience_page(const char *titlebarcolor, const char *titlebarmsg, const char *messagetext)
+{
+	hprintf("HTTP/1.1 200 OK\n");
+	output_headers(1, 1, 1, 0, 0, 0);
+	wc_printf("<div id=\"room_banner_override\">\n");
+	wc_printf("<table width=100%% border=0 bgcolor=\"#%s\"><tr><td>", titlebarcolor);
+	wc_printf("<span class=\"titlebar\">%s</span>\n", titlebarmsg);
+	wc_printf("</td></tr></table>\n");
+	wc_printf("</div>\n<div id=\"content\">\n");
+	escputs(messagetext);
+	wc_printf("<hr />\n");
+	wDumpContent(1);
+}
+
+
+/*
+ * Display a blank page.
+ */
+void blank_page(void) {
+	output_headers(1, 1, 0, 0, 0, 0);
+	wDumpContent(2);
+}
+
+
+/*
+ * A template has been requested
+ */
+void url_do_template(void) {
+	const StrBuf *MimeType;
+	const StrBuf *Tmpl = sbstr("template");
+	begin_burst();
+	MimeType = DoTemplate(SKEY(Tmpl), NULL, &NoCtx);
+	http_transmit_thing(ChrPtr(MimeType), 0);
+}
+
+
+
+/*
+ * convenience function to indicate success
+ */
+void display_success(const char *successmessage)
+{
+	convenience_page("007700", "OK", successmessage);
+}
+
+
+/*
+ * Authorization required page (sends a 401, causing the browser to request login credentials)
+ */
+void authorization_required(void)
+{
+	const char *message = "";
+
+	hprintf("HTTP/1.1 401 Authorization Required\r\n");
+	hprintf(
+		"Server: %s / %s\r\n"
+		"Connection: close\r\n",
+		PACKAGE_STRING, ChrPtr(WC->serv_info->serv_software)
+	);
+	hprintf("WWW-Authenticate: Basic realm=\"%s\"\r\n", ChrPtr(WC->serv_info->serv_humannode));
+
+	/* if this is a false cookie authentication, remove it to avoid endless loops. */
+	if (StrLength(WC->Hdr->HR.RawCookie) > 0)
+		stuff_to_cookie(1);
+
+	hprintf("Content-Type: text/html\r\n");
+	begin_burst();
+	wc_printf("<h1>");
+	wc_printf(_("Authorization Required"));
+	wc_printf("</h1>\r\n");
+
+	if (WC->ImportantMsg != NULL) {
+		message = ChrPtr(WC->ImportantMsg);
+	}
+
+	wc_printf(
+		_("The resource you requested requires a valid username and password. "
+		"You could not be logged in: %s\n"),
+		message
+	);
+	wDumpContent(0);
+}
+
+
+/*
+ * Convenience functions to wrap around asynchronous ajax responses
+ */
+void begin_ajax_response(void) {
+
+	FlushStrBuf(WC->HBuf);
+	output_headers(0, 0, 0, 0, 0, 0);
+
+	hprintf("Content-type: text/html; charset=UTF-8\r\n"
+		"Server: %s\r\n"
+		"Connection: close\r\n"
+		,
+		PACKAGE_STRING);
+	begin_burst();
+}
+
+
+/*
+ * print ajax response footer 
+ */
+void end_ajax_response(void) {
+	wDumpContent(0);
+}
+
+
+/*
+ * Wraps a Citadel server command in an AJAX transaction.
+ */
+void ajax_servcmd(void) {
+	int Done = 0;
+	StrBuf *Buf;
+	char *junk;
+	size_t len;
+
+	if (verbose) {
+		syslog(LOG_DEBUG, "ajax_servcmd() g_cmd=\"%s\"", bstr("g_cmd") );
+	}
+	begin_ajax_response();
+	Buf = NewStrBuf();
+	serv_puts(bstr("g_cmd"));
+	StrBuf_ServGetln(Buf);
+	StrBufAppendBuf(WC->WBuf, Buf, 0);
+	StrBufAppendBufPlain(WC->WBuf, HKEY("\n"), 0);
+	
+	switch (GetServerStatus(Buf, NULL)) {
+	case 8:
+		serv_puts("\n\n000");
+		if ( (StrLength(Buf)==3) && 
+		     !strcmp(ChrPtr(Buf), "000")) {
+			StrBufAppendBufPlain(WC->WBuf, HKEY("\000"), 0);
+			break;
+		}
+	case 1:
+		while (!Done) {
+			if (StrBuf_ServGetln(Buf) < 0)
+				break;
+			if ( (StrLength(Buf)==3) && 
+			     !strcmp(ChrPtr(Buf), "000")) {
+				Done = 1;
+			}
+			StrBufAppendBuf(WC->WBuf, Buf, 0);
+			StrBufAppendBufPlain(WC->WBuf, HKEY("\n"), 0);
+		}
+		break;
+	case 4:
+		text_to_server(bstr("g_input"));
+		serv_puts("000");
+		break;
+	case 6:
+		len = atol(&ChrPtr(Buf)[4]);
+		StrBuf_ServGetBLOBBuffered(Buf, len);
+		break;
+	case 7:
+		len = atol(&ChrPtr(Buf)[4]);
+		junk = malloc(len);
+		memset(junk, 0, len);
+		serv_write(junk, len);
+		free(junk);
+	}
+	
+	end_ajax_response();
+	
+	/*
+	 * This is kind of an ugly hack, but this is the only place it can go.
+	 * If the command was GEXP, then the instant messenger window must be
+	 * running, so reset the "last_pager_check" watchdog timer so
+	 * that page_popup() doesn't try to open it a second time. TODO: page_popup isn't with us anymore.
+	 */
+	if (!strncasecmp(bstr("g_cmd"), "GEXP", 4)) {
+		WC->last_pager_check = time(NULL);
+	}
+	FreeStrBuf(&Buf);
+}
+
+
+/*
+ * Helper function for the asynchronous check to see if we need
+ * to open the instant messenger window.
+ */
+void seconds_since_last_gexp(void)
+{
+	char buf[256];
+
+	if ( (time(NULL) - WC->last_pager_check) < 30) {
+		wc_printf("NO\n");
+	}
+	else {
+		memset(buf, 0, 5);
+		serv_puts("NOOP");
+		serv_getln(buf, sizeof buf);
+		if (buf[3] == '*') {
+			wc_printf("YES");
+		}
+		else {
+			wc_printf("NO");
+		}
+	}
+}
+
+
+/*
+ * Save a URL destination so we can go to it later
+ */
+void push_destination(void) {
+
+	if (!WC) {
+		wc_printf("no session");
+		return;
+	}
+
+	FreeStrBuf(&WC->PushedDestination);
+	WC->PushedDestination = NewStrBufDup(sbstr("url"));
+	if (verbose)
+		syslog(LOG_DEBUG, "Push: %s", ChrPtr(WC->PushedDestination));
+	wc_printf("OK");
+}
+
+
+/*
+ * Go to the URL saved by push_destination()
+ */
+void pop_destination(void) {
+	/*
+	 * If we are in the middle of a new user signup, the server may request that
+	 * we first pass through a registration screen.
+	 */
+	if ((WC) && (WC->need_regi)) {
+		if ((WC->PushedDestination != NULL) && (StrLength(WC->PushedDestination) > 0)) {
+			/* Registering will take us to the My Citadel Config room, so save our place */
+			StrBufAppendBufPlain(WC->PushedDestination, HKEY("?go="), 0);
+			StrBufUrlescAppend(WC->PushedDestination, WC->CurRoom.name, NULL);
+		}
+		WC->need_regi = 0;
+		display_reg(1);
+		return;
+	}
+
+	/*
+	 * Do something reasonable if we somehow ended up requesting a pop without
+	 * having first done a push.
+	 */
+	if ( (!WC) || (WC->PushedDestination == NULL) || (StrLength(WC->PushedDestination) == 0) ) {
+		do_welcome();
+		return;
+	}
+
+	/*
+	 * All righty then!  We have a destination saved, so go there now.
+	 */
+	if (verbose) {
+		syslog(LOG_DEBUG, "Pop: %s", ChrPtr(WC->PushedDestination));
+	}
+	http_redirect(ChrPtr(WC->PushedDestination));
+}
+
+
+int ReadPostData(void) {
+	int rc;
+	int urlencoded_post = 0;
+	StrBuf *content = NULL;
+	
+	urlencoded_post = (strncasecmp(ChrPtr(WC->Hdr->HR.ContentType), "application/x-www-form-urlencoded", 33) == 0) ;
+
+	content = NewStrBufPlain(NULL, WC->Hdr->HR.ContentLength + 256);
+
+	if (!urlencoded_post) {
+		StrBufPrintf(content, 
+			"Content-type: %s\n"
+			"Content-length: %ld\n\n",
+			ChrPtr(WC->Hdr->HR.ContentType), 
+			WC->Hdr->HR.ContentLength
+		);
+	}
+
+	/* Read the entire input data at once. */
+	rc = client_read_to(WC->Hdr, content, WC->Hdr->HR.ContentLength, SLEEPING);
+	if (rc < 0) {
+		return rc;
+	}
+	
+	if (urlencoded_post) {
+		ParseURLParams(content);
+	}
+	else if (!strncasecmp(ChrPtr(WC->Hdr->HR.ContentType), "multipart", 9)) {
+		char *Buf;
+		char *BufEnd;
+		long len;
+
+		len = StrLength(content);
+		Buf = SmashStrBuf(&content);
+		BufEnd = Buf + len;
+		mime_parser(Buf, BufEnd, *upload_handler, NULL, NULL, NULL, 0);
+		free(Buf);
+	}
+	else if (WC->Hdr->HR.ContentLength > 0) {
+		WC->upload = content;
+		WC->upload_length = StrLength(WC->upload);
+		content = NULL;
+	}
+	FreeStrBuf(&content);
+	return 1;
+}
+
+
+int Conditional_REST_DEPTH(StrBuf *Target, WCTemplputParams *TP)
+{
+	long Depth, IsDepth;
+	long offset = 0;
+
+	if (WC->Hdr->HR.Handler != NULL)
+		offset ++;
+	Depth = GetTemplateTokenNumber(Target, TP, 2, 0);
+	IsDepth = GetCount(WC->Directory) + offset;
+
+//	LogTemplateError(Target, "bla", 1, TP, "REST_DEPTH: %ld : %ld\n", Depth, IsDepth);
+	if (Depth < 0) {
+		Depth = -Depth;
+		return IsDepth > Depth;
+	}
+	else 
+		return Depth == IsDepth;
+}
+
+
+
+/*
+ * Entry point for WebCit transaction
+ */
+void session_loop(void)
+{
+	int xhttp;
+	StrBuf *Buf;
+	
+	/*
+	 * We stuff these with the values coming from the client cookies,
+	 * so we can use them to reconnect a timed out session if we have to.
+	 */
+	WC->upload_length = 0;
+	WC->upload = NULL;
+	WC->Hdr->nWildfireHeaders = 0;
+
+	if (WC->Hdr->HR.ContentLength > 0) {
+		if (ReadPostData() < 0) {
+			return;
+		}
+	}
+
+	Buf = NewStrBuf();
+	WC->trailing_javascript = NewStrBuf();
+
+	/* Convert base64-encoded URL's back to plain text */
+	if (!strncmp(ChrPtr(WC->Hdr->this_page), "/B64", 4)) {
+		StrBufCutLeft(WC->Hdr->this_page, 4);
+		StrBufDecodeBase64(WC->Hdr->this_page);
+		http_redirect(ChrPtr(WC->Hdr->this_page));
+		goto SKIP_ALL_THIS_CRAP;
+	}
+
+	/* If there are variables in the URL, we must grab them now */
+	if (WC->Hdr->PlainArgs != NULL) {
+		ParseURLParams(WC->Hdr->PlainArgs);
+	}
+
+	/* If the client sent a nonce that is incorrect, kill the request. */
+	if (havebstr("nonce")) {
+		if (verbose) {
+			syslog(LOG_DEBUG, "Comparing supplied nonce %s to session nonce %d", bstr("nonce"), WC->nonce);
+		}
+		if (ibstr("nonce") != WC->nonce) {
+			syslog(LOG_INFO, "Ignoring request with mismatched nonce.");
+			hprintf("HTTP/1.1 404 Security check failed\r\n");
+			hprintf("Content-Type: text/plain\r\n");
+			begin_burst();
+			wc_printf("Security check failed.\r\n");
+			end_burst();
+			goto SKIP_ALL_THIS_CRAP;
+		}
+	}
+
+	/*
+	 * If we're not connected to a Citadel server, try to hook up the connection now.
+	 */
+	if (!WC->connected) {
+		if (GetConnected()) {
+			hprintf("HTTP/1.1 503 Service Unavailable\r\n");
+			hprintf("Content-Type: text/html\r\n");
+			begin_burst();
+			wc_printf("<html><head><title>503 Service Unavailable</title></head><body>\n");
+			wc_printf(_("This program was unable to connect or stay "
+				"connected to the Citadel server.  Please report "
+				"this problem to your system administrator.")
+			);
+			wc_printf("<br>");
+			wc_printf("<a href=\"http://www.citadel.org/doku.php/"
+				"faq:generalquestions:webcit_unable_to_connect\">%s</a>",
+				_("Read More...")
+			);
+			wc_printf("</body></html>\n");
+			end_burst();
+			goto SKIP_ALL_THIS_CRAP;
+		}
+	}
+
+	/*
+	 * If we're not logged in, but we have authentication data (either from
+	 * a cookie or from http-auth), try logging in to Citadel using that.
+	 */
+	if (	(!WC->logged_in)
+		&& (StrLength(WC->Hdr->c_username) > 0)
+		&& (StrLength(WC->Hdr->c_password) > 0)
+	) {
+		long Status;
+
+		FlushStrBuf(Buf);
+		serv_printf("USER %s", ChrPtr(WC->Hdr->c_username));
+		StrBuf_ServGetln(Buf);
+		if (GetServerStatus(Buf, &Status) == 3) {
+			serv_printf("PASS %s", ChrPtr(WC->Hdr->c_password));
+			StrBuf_ServGetln(Buf);
+			if (GetServerStatus(Buf, NULL) == 2) {
+				become_logged_in(WC->Hdr->c_username, WC->Hdr->c_password, Buf);
+			}
+			else {
+				/* Should only display when password is wrong */
+				WC->ImportantMsg = NewStrBufPlain(ChrPtr(Buf) + 4, StrLength(Buf) - 4);
+				authorization_required();
+				FreeStrBuf(&Buf);
+				goto SKIP_ALL_THIS_CRAP;
+			}
+		}
+		else if (Status == 541) {
+			WC->logged_in = 1;
+		}
+	}
+
+	xhttp = (WC->Hdr->HR.eReqType != eGET) &&
+		(WC->Hdr->HR.eReqType != ePOST) &&
+		(WC->Hdr->HR.eReqType != eHEAD);
+
+	/*
+	 * If a 'go' (or 'gotofirst') parameter has been specified, attempt to goto that room
+	 * prior to doing anything else.
+	 */
+	if (havebstr("go")) {
+		int ret;
+		if (verbose)
+			syslog(LOG_DEBUG, "Explicit room selection: %s", bstr("go"));
+		ret = gotoroom(sbstr("go"));	/* do quietly to avoid session output! */
+		if ((ret/100) != 2) {
+			if (verbose)
+				syslog(LOG_DEBUG, "Unable to change to [%s]; Reason: %d", bstr("go"), ret);
+		}
+	}
+	else if (havebstr("gotofirst")) {
+		int ret;
+		if (verbose)
+			syslog(LOG_DEBUG, "Explicit room selection: %s", bstr("gotofirst"));
+		ret = gotoroom(sbstr("gotofirst"));	/* do quietly to avoid session output! */
+		if ((ret/100) != 2) {
+			syslog(LOG_INFO, "Unable to change to [%s]; Reason: %d", bstr("gotofirst"), ret);
+		}
+	}
+
+	/*
+	 * If we aren't in any room yet, but we have cookie data telling us where we're
+	 * supposed to be, and 'go' was not specified, then go there.
+	 */
+	else if ( (StrLength(WC->CurRoom.name) == 0) && ( (StrLength(WC->Hdr->c_roomname) > 0) )) {
+		int ret;
+
+		if (verbose)
+			syslog(LOG_DEBUG, "We are in '%s' but cookie indicates '%s', going there...",
+			       ChrPtr(WC->CurRoom.name),
+			       ChrPtr(WC->Hdr->c_roomname)
+		);
+		ret = gotoroom(WC->Hdr->c_roomname);	/* do quietly to avoid session output! */
+		if ((ret/100) != 2) {
+			if (verbose)
+				syslog(LOG_DEBUG, "COOKIEGOTO: Unable to change to [%s]; Reason: %d",
+				       ChrPtr(WC->Hdr->c_roomname), ret);
+		}
+	}
+
+	if (WC->Hdr->HR.Handler != NULL) {
+		if (	(!WC->logged_in)
+			&& ((WC->Hdr->HR.Handler->Flags & ANONYMOUS) == 0)
+			&& (WC->serv_info != NULL)
+			&& (WC->serv_info->serv_supports_guest == 0)
+		) {
+			display_login();
+		}
+		else {
+			if ((WC->Hdr->HR.Handler->Flags & AJAX) != 0) {
+				begin_ajax_response();
+			}
+			WC->Hdr->HR.Handler->F();
+			if ((WC->Hdr->HR.Handler->Flags & AJAX) != 0) {
+				end_ajax_response();
+			}
+		}
+	}
+	/* When all else fails, display the default landing page or a main menu. */
+	else {
+		/* 
+		 * ordinary browser users get a nice login screen, DAV etc. requsets
+		 * are given a 401 so they can handle it appropriate.
+		 */
+		if (!WC->logged_in)  {
+			if (xhttp) {
+				authorization_required();
+			}
+			else {
+				display_default_landing_page();
+			}
+		}
+		/*
+		 * Toplevel dav requests? or just a flat browser request? 
+		 */
+		else {
+			if (xhttp) {
+				dav_main();
+			}
+			else {
+				display_main_menu();
+			}
+		}
+	}
+
+SKIP_ALL_THIS_CRAP:
+	FreeStrBuf(&Buf);
+	fflush(stdout);
+}
+
+
+
+/*
+ * Display the appropriate landing page for this site.
+ */
+void display_default_landing_page(void) {
+	if (WC && WC->serv_info && WC->serv_info->serv_supports_guest) {
+		/* default action */
+
+		if (havebstr("go")) {
+			if (verbose)
+				syslog(LOG_DEBUG, "Explicit room selection: %s", bstr("go"));
+			smart_goto(sbstr("go"));
+		}
+		else if (default_landing_page) {
+			http_redirect(default_landing_page);
+		}
+		else {
+			StrBuf *teh_lobby = NewStrBufPlain(HKEY("_BASEROOM_"));
+			smart_goto(teh_lobby);
+			FreeStrBuf(&teh_lobby);
+		}
+	}
+	else {
+		display_login();
+	}
+}
+
+
+/*
+ * Replacement for sleep() that uses select() in order to avoid SIGALRM
+ */
+void sleeeeeeeeeep(int seconds)
+{
+	struct timeval tv;
+
+	tv.tv_sec = seconds;
+	tv.tv_usec = 0;
+	select(0, NULL, NULL, NULL, &tv);
+}
+
+int Conditional_IS_HTTPS(StrBuf *Target, WCTemplputParams *TP)
+{
+	return is_https != 0;
+}
+
+void AppendImportantMessage(const char *pch, long len)
+{
+
+	if (StrLength(WC->ImportantMsg) > 0) {
+		StrBufAppendBufPlain(WC->ImportantMsg, HKEY("\n"), 0);
+	}
+		
+	StrBufAppendBufPlain(WC->ImportantMsg, pch, len, 0);
+}
+
+int ConditionalImportantMesage(StrBuf *Target, WCTemplputParams *TP)
+{
+	if (WC != NULL) {
+		return (StrLength(WC->ImportantMsg) > 0);
+	}
+	else {
+		return 0;
+	}
+}
+
+void tmplput_importantmessage(StrBuf *Target, WCTemplputParams *TP)
+{
+	
+	if (WC != NULL) {
+		if (StrLength(WC->ImportantMsg) > 0) {
+			StrBufAppendTemplate(Target, TP, WC->ImportantMsg, 0);
+		}
+	}
+}
+
+void tmplput_trailing_javascript(StrBuf *Target, WCTemplputParams *TP)
+{
+
+	if (WC != NULL) {
+		StrBufAppendTemplate(Target, TP, WC->trailing_javascript, 0);
+	}
+}
+
+void tmplput_csslocal(StrBuf *Target, WCTemplputParams *TP)
+{
+	StrBufAppendBuf(Target, 
+			csslocal, 0);
+}
+
+void tmplput_packagestring(StrBuf *Target, WCTemplputParams *TP) {
+	StrBufAppendBufPlain(Target, HKEY(PACKAGE_STRING), 0);
+}
+
+extern char static_local_dir[PATH_MAX];
+
+
+void 
+InitModule_WEBCIT
+(void)
+{
+	char dir[SIZ];
+	WebcitAddUrlHandler(HKEY("blank"), "", 0, blank_page, ANONYMOUS|COOKIEUNNEEDED|ISSTATIC);
+	WebcitAddUrlHandler(HKEY("landing"), "", 0, display_default_landing_page, ANONYMOUS|COOKIEUNNEEDED);
+	WebcitAddUrlHandler(HKEY("do_template"), "", 0, url_do_template, ANONYMOUS);
+	WebcitAddUrlHandler(HKEY("sslg"), "", 0, seconds_since_last_gexp, AJAX|LOGCHATTY);
+	WebcitAddUrlHandler(HKEY("ajax_servcmd"), "", 0, ajax_servcmd, 0);
+	WebcitAddUrlHandler(HKEY("webcit"), "", 0, blank_page, URLNAMESPACE);
+	WebcitAddUrlHandler(HKEY("push"), "", 0, push_destination, AJAX);
+	WebcitAddUrlHandler(HKEY("pop"), "", 0, pop_destination, 0);
+
+	WebcitAddUrlHandler(HKEY("401"), "", 0, authorization_required, ANONYMOUS|COOKIEUNNEEDED);
+	RegisterConditional("COND:IMPMSG", 0, ConditionalImportantMesage, CTX_NONE);
+	RegisterConditional("COND:REST:DEPTH", 0, Conditional_REST_DEPTH, CTX_NONE);
+	RegisterConditional("COND:IS_HTTPS", 0, Conditional_IS_HTTPS, CTX_NONE);
+
+	RegisterNamespace("CSSLOCAL", 0, 0, tmplput_csslocal, NULL, CTX_NONE);
+	RegisterNamespace("IMPORTANTMESSAGE", 0, 1, tmplput_importantmessage, NULL, CTX_NONE);
+	RegisterNamespace("TRAILING_JAVASCRIPT", 0, 0, tmplput_trailing_javascript, NULL, CTX_NONE);
+	RegisterNamespace("URL:DISPLAYNAME", 0, 1, tmplput_HANDLER_DISPLAYNAME, NULL, CTX_NONE);
+	RegisterNamespace("PACKAGESTRING", 0, 1, tmplput_packagestring, NULL, CTX_NONE);
+
+	
+	snprintf(dir, SIZ, "%s/webcit.css", static_local_dir);
+	if (!access(dir, R_OK)) {
+		syslog(LOG_INFO, "Using local Stylesheet [%s]", dir);
+		csslocal = NewStrBufPlain(HKEY("<link href=\"static.local/webcit.css\" rel=\"stylesheet\" type=\"text/css\" />"));
+	}
+	else
+		syslog(LOG_INFO, "No Site-local Stylesheet [%s] installed.", dir);
+
+}
+
+void
+ServerStartModule_WEBCIT
+(void)
+{
+	HandlerHash = NewHash(1, NULL);
+}
+
+
+void 
+ServerShutdownModule_WEBCIT
+(void)
+{
+	FreeStrBuf(&csslocal);
+	DeleteHash(&HandlerHash);
+}
+
+
+
+void
+SessionNewModule_WEBCIT
+(wcsession *sess)
+{
+	sess->ImportantMsg = NewStrBuf();
+	sess->WBuf = NewStrBufPlain(NULL, SIZ * 4);
+	sess->HBuf = NewStrBufPlain(NULL, SIZ / 4);
+}
+
+void
+SessionDetachModule_WEBCIT
+(wcsession *sess)
+{
+	DeleteHash(&sess->Directory);
+
+	FreeStrBuf(&sess->upload);
+	sess->upload_length = 0;
+	
+	FreeStrBuf(&sess->trailing_javascript);
+
+	if (StrLength(sess->WBuf) > SIZ * 30) /* Bigger than 120K? release. */
+	{
+		FreeStrBuf(&sess->WBuf);
+		sess->WBuf = NewStrBuf();
+	}
+	else
+		FlushStrBuf(sess->WBuf);
+	FlushStrBuf(sess->HBuf);
+	if (StrLength(sess->ImportantMsg) > 0) {
+		FlushStrBuf(sess->ImportantMsg);
+	}
+
+}
+
+void 
+SessionDestroyModule_WEBCIT
+(wcsession *sess)
+{
+	FreeStrBuf(&sess->WBuf);
+	FreeStrBuf(&sess->HBuf);
+	FreeStrBuf(&sess->ImportantMsg);
+	FreeStrBuf(&sess->PushedDestination);
+}
+