1 files changed, 97 insertions, 365 deletions
diff --git a/src/NOTES.txt b/src/NOTES.txt
index 93ed815..a72e7c8 100644
--- a/src/NOTES.txt
+++ b/src/NOTES.txt
@@ -142,122 +142,6 @@ Last update time for parameters, plus an update frequency.  Once a minute.
 Account creation process in the database.
-Apart from the usual input validation of things...
-OpenSim/Server/Handlers/UserAccounts/UserAccountServerPostHandler.cs
-    byte[] CreateUser(Dictionary<string, object> request)
-        Looks like their built in web front end, perhaps what is triggered by the console?
-        createdUserAccount
-            = ((UserAccountService)m_UserAccountService).CreateUser(scopeID, principalID, firstName, lastName, password, email, model);
-OpenSim/opensim-SC/OpenSim/ApplicationPlugins/RemoteController/RemoteAdminPlugin.cs
-    An XML RPC interface to -
-        private UserAccount CreateUser(UUID scopeID, string firstName, string lastName, string password, string email)
-            account = new UserAccount(scopeID, UUID.Random(), firstName, lastName, email);
-            if (userAccountService.StoreUserAccount(account))
-            success = authenticationService.SetPassword(account.PrincipalID, password)
-            gridUserService.SetHome(account.PrincipalID.ToString(), home.RegionID, new Vector3(128, 128, 0), new Vector3(0, 1, 0));
-            success = inventoryService.CreateUserInventory(account.PrincipalID);
-OpenSim/opensim-SC/OpenSim/Services/UserAccountService/UserAccountService.cs
-    Looks like the console command handler.
-        create user [<first> [<last> [<pass> [<email> [<user id> [<model>]]]]]] - Create a new user
-            protected void HandleCreateUser(string module, string[] cmdparams)
-                Gathers console arguments, or prompts for them.
-                CreateUser(UUID.Zero, principalId, firstName, lastName, password, email, model);
-            public UserAccount CreateUser(UUID scopeID, UUID principalID, string firstName, string lastName, string password, string email, string model = "")
-                Looks almost identical to the OpenSim/ApplicationPlugins/RemoteController/RemoteAdminPlugin.cs one above, but they add -
-                    CreateDefaultAppearanceEntries(account.PrincipalID)
-account = new UserAccount(scopeID, UUID.Random(), firstName, lastName, email);
-    OpenSim/opensim-SC/OpenSim/Services/Interfaces/IUserAccountService.cs
-        public UserAccount(UUID scopeID, UUID principalID, string firstName, string lastName, string email)
-            Just holds the data in memory, in a dictionary I think.
-    OpenSim/opensim-SC/OpenSim/Services/UserAccountService/UserAccountService.cs
-        public bool StoreUserAccount(UserAccount data)
-            Stuffs the data into a new UserAccountData()
-            m_Database.Store(d)
-                As far as I can tell, just dumps this data into the UserAccounts table -
-                    FirstName, LastName, PrincipleID, ScopeID, Email, Created, UserLevel, UserFlags, UserTitle
-                        PrincipleID is their randomly generated with no thought to collisions UUID.
-                        ScopeID is 00000000-0000-0000-0000-000000000000
-                        Userlevel is 0 for most, -1 for Waki, determines if they can log on.  Also higher for gods and things.
-                        UserFlags, I think the only one is "64 god can login to this account using gods password.
-                        UserTitle might default to "Local", or be configurable / and editable.
-                    something something URL encoded "ServiceURLs" mumble
-                        HomeURI=http%3a%2f%2fgrid.infinitegrid.org%3a8002%2f GatekeeperURI= InventoryServerURI=http%3a%2f%2fgrid.infinitegrid.org%3a8002%2f AssetServerURI=http%3a%2f%2fgrid.infinitegrid.org%3a8002%2f ProfileServerURI=http%3a%2f%2fgrid.infinitegrid.org%3a8002%2f FriendsServerURI=http%3a%2f%2fgrid.infinitegrid.org%3a8002%2f IMServerURI=http%3a%2f%2fgrid.infinitegrid.org%3a8002%2f GroupsServerURI=http%3a%2f%2fgrid.infinitegrid.org%3a8002%2f
-                        Though most are either NULL, empty, or -
-                            HomeURI= GatekeeperURI= InventoryServerURI= AssetServerURI=
-                    Doesn't metion "active", which is always equal to 1 I guess.
-success = authenticationService.SetPassword(account.PrincipalID, password)
-    OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs
-        stores password details in "auth" table -
-            UUID
-            passwordSalt = Util.Md5Hash(UUID.Random().ToString());
-            passwdHash = Util.Md5Hash(Util.Md5Hash(password) + ":" + passwordSalt);
-            accountType = "UserAccount";
-            webLoginKey = UUID.Zero.ToString();
-gridUserService.SetHome(account.PrincipalID.ToString(), home.RegionID, new Vector3(128, 128, 0), new Vector3(0, 1, 0));
-    OpenSim/Services/UserAccountService/GridUserService.cs
-        Stores in database table GridUser
-            HomeRegionID, HomePosition, HomeLookAt
-        The other fields in that table -
-            UserID, LastRegionID, LastPosition, LastLookAt, Online (true or false), Login (timestamp or 0), Logout (timestamp or 0).
-success = inventoryService.CreateUserInventory(account.PrincipalID);
-    OpenSim/Services/InventoryService/XInventoryService.cs
-        Create a bunch of folders in the users inventory, of specific types.
-            rootFolder = ConvertToOpenSim(CreateFolder(principalID, UUID.Zero, (int)FolderType.Root, InventoryFolderBase.ROOT_FOLDER_NAME));
-            XInventoryFolder[] sysFolders = GetSystemFolders(principalID, rootFolder.ID)
-            if (!Array.Exists(sysFolders, delegate(XInventoryFolder f) { if (f.type == (int)FolderType.Animation) return true; return false; }))
-                CreateFolder(principalID, rootFolder.ID, (int)FolderType.Animation, "Animations");
-                    FolderType.BodyPart, "Body Parts"
-                XInventoryFolder folder = CreateFolder(principalID, rootFolder.ID, (int)FolderType.CallingCard, "Calling Cards");
-                folder = CreateFolder(principalID, folder.folderID, (int)FolderType.CallingCard, "Friends")
-                CreateFolder(principalID, folder.folderID, (int)FolderType.CallingCard, "All");
-                    FolderType.Clothing, "Clothing"
-                    FolderType.CurrentOutfit, "Current Outfit"
-                    FolderType.Favorites, "Favorites"
-                    FolderType.Gesture, "Gestures")
-                    FolderType.Landmark, "Landmarks"
-                    FolderType.LostAndFound, "Lost And Found"
-                    FolderType.Notecard, "Notecards"
-                    FolderType.Object, "Objects"
-                    FolderType.Snapshot, "Photo Album"
-                    FolderType.LSLText, "Scripts"
-                    FolderType.Sound, "Sounds"
-                    FolderType.Texture, "Textures"
-                    FolderType.Trash, "Trash"
-                    Stores in database inventoryFolders ????
-                        folderName, type, version = 1, folderID = UUID.Random(), agentID = principalID, parentFolderID = parentID
-CreateDefaultAppearanceEntries(account.PrincipalID)
-    OpenSim/Services/UserAccountService/UserAccountService.cs
-        protected void CreateDefaultAppearanceEntries(UUID principalID)
-        Creates a bunch of "Default *" body parts and clothes, Ruth 1.0, links them in Inventories current outfit folder.
-        Creates a AvatarWearable[] and puts them all in it.
-        AvatarAppearance ap = new AvatarAppearance();
-            ap.SetWearable(i, wearables[i]);
-        m_AvatarService.SetAppearance(principalID, ap);
-            
 UserAccounts table -
    UserFlags           64 is "allow gods to log in as me"
@@ -284,84 +168,6 @@ userdata (empty, can't find any actual usage in the source code, part of profile
 auth.webLoginKey seems to be some sort of passwordy type thing, though perhaps not actually hashed, rarely used, none of IG members have one.
-PLAN-
-.    username
-.    password
-.    create   login
-.check if it's a proper two word name
-.login -> check if it's an existing account, get their UUID.
-    create toke_n_munchie
-    write session record
-create -> new user
-    create new UUID
-    check if it's an existing UUID
-        dbCount(, "UserAccounts", "PrincipleID='new-UUID'")
-    loop until we get a new one
-    create toke_n_munchie
-    write session record
-    Create ->
-    (wait a few seconds before showing this page)
-.    email
-.    email again
-.    password again
-.    DoB
-.    accept terms of service
-.    claim to be an adult
-.    confirm / cancel
-    New user
-        UserAccounts.FirstName = ???
-        UserAccounts.LastName = ???
-        UserAccounts.Email = ???
-        UserAccounts.Created = timestamp
-        UserAccounts.PrincipleID = randomly generate UUID, but check for collisions with other accounts.
-                                                            It's a UNIQUE KEY.
-        UserAccounts.ScopeID = 00000000-0000-0000-0000-000000000000
-        UserAccounts.Userlevel = -200
-        UserAccounts.UserFlags = 64
-        UserAccounts.UserTitle = newbie
-        UserAccounts.ServiceURLs = ""
-        UserAccounts.active = 0
-        auth.UUID = UserAccounts.PrincipleID
-                                                            It's a PRIMARY KEY.
-        auth.passwordSalt = Util.Md5Hash(UUID.Random().ToString())
-        auth.passwdHash = Util.Md5Hash(Util.Md5Hash(password) + ":" + passwordSalt)
-        auth.accountType = "UserAccount"
-        auth.webLoginKey (varchar(255)) = "00000000-0000-0000-0000-000000000000"
-        userdata.UserId = UserAccounts.PrincipleID
-        userdata.TagId = "account creation data"
-                                                            It's a UNIQUE KEY
-        userdata.DataKey = "DoB"
-        userdata.DataVal = ???
-        userdata.UserId = UserAccounts.PrincipleID
-        userdata.TagId = "account creation data"
-        userdata.DataKey = "timezone"
-        userdata.DataVal = ???
-        userdata.UserId = UserAccounts.PrincipleID
-        userdata.TagId = "account creation data"
-        userdata.DataKey = "Terms of service"
-        userdata.DataVal = "True"
-        userdata.UserId = UserAccounts.PrincipleID
-        userdata.TagId = "account creation data"
-        userdata.DataKey = "claims to be an adult"
-        userdata.DataVal = "True"
-    Validated via email
-    (wait a few seconds before showing this page)
-        UserAccounts.Userlevel = -100
-        UserAccounts.UserTitle = validated
    Vouched for
        userdata.UserId = UserAccounts.PrincipleID
        userdata.TagId = "vouches"
@@ -372,26 +178,6 @@ create -> new user
        UserAccounts.UserTitle = vouched for
-    Admin approved
-        GridUser.UserID = UserAccounts.PrincipleID
-                                                            It's a PRIMARY KEY.
-        GridUser.HomeRegionID = ???
-        GridUser.HomePosition = ???
-        GridUser.HomeLookAt = ???
-        GridUser.LastRegionID = ???
-        GridUser.LastPosition = ???
-        GridUser.LastLookAt = ???
-        GridUser.Online = False
-        GridUser.Login = 0
-        GridUser.Logout = 0
-        UserAccounts.active = 1
-        UserAccounts.Userlevel = 1
-        UserAccounts.UserTitle = Member / Local / whatever
-        Load the default IAR.
 -------------------------------------------------------------------
 https://project-awesome.org/aleksandar-todorovic/awesome-c
@@ -408,6 +194,12 @@ https://danielmiessler.com/study/http/
            "should not be used to make security decisions as it is controlled by the client"
            Though others tell us to do precisely that.  lol
+http://opensimulator.org/wiki/Userlevel
+http://www.catb.org/esr/structure-packing/
+    A good read, including a few links to other good stuff.
+    Am I doing this stuff properly by intuition, or completely ballsing it up?  lol
+    http://www.catb.org/esr/time-programming/
 -------------------------------------------------------------------
@@ -480,172 +272,112 @@ long list of stuff I have to deal with manually, and now I are one.  lol
 -------------------------------------------------------------------
+-------------------------------------------------------------------
-Time for a restructure of the web page / field / database stuff.
+For logged in user, at the top show their name as linky to their accountView http://localhost/sledjchisl.fcgi/account.html?user=account+name
+    That accountView offers edit / logout button, etc.
-Will need to include a "what page is this" cookie, or maybe query ?mode=add
+    Display account stuff, but not edit it until they hit the edit button.
+When showing other users
+    accountView, with edit / delete buttons if logged in user is high enough level.
-old validate UUID
-    define the UUID based UserAccounts db static dbRequest, fill it if needed.
-    if create
-        try to find an unused UUID
-        fill Rd->stuff with UUID
-    if confirm
-        check it's length
-    otherwise
-        check it's length
-        look it up, bitch if not found
-    If we found it, put level into Rd->database
-    fill Rd->stuff with UUID
-old validateName
-    define the name based UserAccounts db static dbRequest, fill it if needed.
-    Do the Lua file lookup, fill a tnm hash.
-    Do the database lookup, fill rows.
-    if login
-        convert tnm to Rd->database, or dbPull(rows)
-        fill Rd->stuff with name, UUID, and level
-    if create
-        complain if we found a record
-        try to find an unused UUID
-        fill Rd->database with new data
-        fill Rd->stuff with name, UUID, and level
-old validatePassword
-    define the UUID based auth db static dbRequest, fill it if needed.
-    if login
-        do the database lookup, fill rows
-        check if the name validation found us a UUID, fail login if it didn't
-        do the pasword+salt hash and compare
-        fill Rd->stuff with passwordHash and passwordSalt
-    if create
-        fill Rd->stuff with paswordHash and passwordSalt
-    if confirm
-        check if password hashess are the same
-freeSesh(Rd, linky, wipe)
-            linky - Rd->shs or Rd->lnk
-                    %s/sessions/%s.lua or %s/sessions/%s.linky
-            wipe  - wipe or delete session
-                    wiping means remove session stuff from Rd->stuff
-                        Which happens on - session failing to write, redirecting login form, showing login form if not confirm, vegOut (session timeout, bitchSession)
-newSesh(Rd, linky)
-            linky - old Rd->shs or a new Rd->lnk
-    setToken_n_munchie(Rd, linky);                      Only caller of setToken_n_munchie(Rd, linky);
-setToken_n_munchie(Rd, linky)
-            linky - Rd->shs or Rd->lnk
-                    %s/sessions/%s.lua or %s/sessions/%s.linky
-                    !linky - actually set the cookies.
-    if error writing session file - freeSesh(Rd, linky, TRUE);
-//validateSesh()
-sessionValidate()
-    bitchSession() for bad session things.
-    sets chillOut for validated session linky.
-        Rd->chillOut = TRUE;
-        freeSesh(Rd, linky, FALSE);
-        Rd->func = (pageBuildFunction) loginPage;
-        Rd->doit = "logout";
-    sets vegOut if the session timed out.
-//validatePassword()
-    sets chillOut for validated password on create.
-bitchSession()  called if there's anything wrong with the session trackers, if we can't load / run the users Lua file, 
-    sets vegOut
-account_HTML()
-    sets chillOut for POST confirm
-        createUser(Rd);
-        newSesh(Rd, TRUE);
-        Rd->chillOut = TRUE;
-    sets chillOut for POST login
-        Rd->chillOut = TRUE;
-    POST with no errors will
-        form == accountLogin    freeSesh(Rd, FALSE, TRUE)
-        doit == login           chillOut = TRUE
-        vegOut                  freeSesh(Rd, FALSE, TRUE);
-        else chillOut           freeSesh(Rd, FALSE, FALSE);  newSesh(Rd, FALSE);
-        else no Rd->shs.leaf    newSesh(Rd, FALSE);
-        redirect to GET
-    otherwise
-        form == accountLogin
-            doit == confirm     freeSesh(Rd, FALSE, TRUE)
-                                newSesh(Rd, FALSE)
-        else if errors          reeSesh(Rd, FALSE, FALSE)  newSesh(Rd, FALSE)
-        show page
-LOGGED IN means that the session stored on disk has a valid UUID.
-    When creating a new user, we create a new UUID firstish.
-accountLoginWeb() / accountOut()
-    freeSesh(Rd, FALSE, TRUE)
-    newSesh(Rd, FALSE)
-accountView()
-    freeSesh(Rd, FALSE, FALSE)
-    newSesh(Rd, FALSE)
-accountAdd()
-    Note that this is in two parts, first they click "create" on login page, then "confirm" on the account creation page.
-Account creation
-    accountLoginWeb()
-        "create"        -> 
-            Show accountCreateWeb and await confirmation.
-    accountCreateWeb()
-        "confirm"       -> accountAdd()
-            create UUID
-            create user
-            store user
-            wipe old session
-            store new session with UUID, user is logged in now
-            create linky
-            email linky
-            Show usual logged in page.
-        "cancel"        -> 
 -------------------------------------------------------------------
+NEXT -
-Maybe - /opt/opensim_SC/var/cache/sessions/uuid-uuid-uuid-uuid.logged  symlink to session.
+    Have the grid start up code also run the web backend inside the left over tmux panel.
+        And have it restart if it crashes.
-https://localhost/sledjchisl.fcgi/account.html?user=account_name
+    Add the account.html stuff to the opensim-SC configuration, so viewers can get to it.
-https://localhost/sledjchisl.fcgi/account.html/users/account_name
+        ditto loginpage.html
-    logged in user is in the sesion, but they can view / vouch / edit / delete any other user depending on their access level
+            retire all the OpenSim web stuff I added before
+        write a stub page for the other pages viewers want
+    Implement poorMansCron.html.
-For logged in user, at the top show their name as linky to their accountView http://localhost/sledjchisl.fcgi/account.html/users/account_name
+    Add the red asterisk to required fields, like every one else does.
-    That accountView offers edit / logout button, etc.
-    Display account stuff, but not edit it until they hit the edit button.
-When showing other users
+    In var/cache/sessions, keep a uuid.lua full of the sessions for that user.
-    accountView, with edit / delete buttons if logged in user is high enough level.
+        Use it to clear out old sessions on login.
+        Use it to clear out old sessions on validation.
+        Use it to update the level in their session if some one changes their level.
 -------------------------------------------------------------------
-------------------------------------------------------------------
+Should clean things up.
+TODO -
+    Move any side effects out of Validate functions, they should just stuff things into Rd->stuff.
+        sessionValidate should be the only thing putting things into shs?
+            Nope, gotta get uuid, name, and level from database / uuid.lua when they log in.
+    Move those side effects into Sub functions.
+iF = accountPages->get(accountPages, form, NULL, false);        
+..
+sub = iF->subs->get(iF->subs, doit, NULL, false);               
+..
+  i = collectFields(Rd, iF, iV, t);                             Stuffs cookies, body, queries, NOT stuff, into iV (including source type).
+// Validate the input data.                                     Loops through iV.
+    iV[i].field->validate(Rd, iF, &iV[i]);                      Stuffs things into Rd->stuff.
+        sessionValidate                                         Is special, ignores iV, gets things directly, reads the session.lua, stuffs things into shs and Rd->stuff.
+        nameValidate                                            Also combines names into Rd->stuff, and into shs.
+        passwordValidate                                        Also special...
+        emailValidate                                           Stuffs both into stuff even if not validated.
+..
+// Submit the data.                                             TODO - do more stuff here, like login/out the account.  Login should check the password here and put things in shs.
+    Usually -
+        accountRead(Rd, iF, iV);
+        complain if found / not found
+        ...
+        freeSesh(Rd, FALSE, wipe);
+        newSesh(Rd, FALSE);
+    accountExploreValidatedVoucherSub                           Does nothing.
+..
+// Return the result.                                           
+    if no errors
+        redirect to GET if it's POST, otcherwise -
+            find the output form
+            collect from stuff into iV
+        call oF->web(Rd, iF, iV)
+    else
+        collect from stuff into iV
+        call iF->eweb()
 -------------------------------------------------------------------
+Coffee Grid -
+Destiny Grid -
+    Auto add Hypergrid visitors group to "partner" grids.
+        Estate has "Allow parcel access overide?".  Not sure what that means.
+            Which does fuck all, and turns itself off.
+Infinite Grid -
+    Set up the deault member and their IAR.
+-------------------------------------------------------------------
+-------------------------------------------------------------------
 BUGS!
 -----
-Redo the santize(), though that needs extensive changes each time we read Rd->cookies, Rd->queries, and Rd->body
+Check length in database values.
+Names are case insensitive in world, should be on the web page to?
+    I think they are on the database side, so I should store the Lua files with lower case file names, but use the case from within the files for display.
+    I may have seen case insensitive grid logins fail, so should test this.
+    Now I have seen them work. Viewer dependant?
+The autogroup thing seems to have broke.  Doesn't work for gods.
+    Or I did that on purpose, should check.  lol
+Should limit viewing of other peoples account details, especially emails, to gods.
+Clear out landmarks from the default IAR.
+-------------------------------------------------------------------
+-------------------------------------------------------------------
+Hacks I should send up stream.
+    qlibc/src/extensions/qconfig.c  line 402 - free(varstr)