Major rewrite of the validation code.

Other things might have snuck into this mess. Make sure errors cause pages to reload with the data that was entered, so they can easily correct it.
author: onefang 2020-03-18 23:44:23 +1000
committer: onefang 2020-03-18 23:44:23 +1000
commit: 0dd0082560332995ba8e6ed86b3fd6b92ba783e8 (patch)
tree: 4b417ed9c5a5d5916cf29ba3e2734e8a0b4cda20 /src
parent: Include all stuff in a session file. (diff)
download: opensim-SC_OLD-0dd0082560332995ba8e6ed86b3fd6b92ba783e8.zip
opensim-SC_OLD-0dd0082560332995ba8e6ed86b3fd6b92ba783e8.tar.gz
opensim-SC_OLD-0dd0082560332995ba8e6ed86b3fd6b92ba783e8.tar.bz2
opensim-SC_OLD-0dd0082560332995ba8e6ed86b3fd6b92ba783e8.tar.xz
1 files changed, 304 insertions, 272 deletions
diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c
index 06c6187..8bcf076 100644
--- a/src/sledjchisl/sledjchisl.c
+++ b/src/sledjchisl/sledjchisl.c
@@ -305,18 +305,18 @@ qhashtbl_t *HTMLfileCache = NULL;
 typedef struct _reqData reqData;
-typedef int   (*fieldValidFunc)         (reqData *Rd, qhashtbl_t *data);
+typedef int   (*fieldValidFunc)         (reqData *Rd, qhashtbl_t *data, char *name);
 typedef struct _validFunc validFunc;
 struct _validFunc
 {
-  char *name;
+  char *name, *title;
  fieldValidFunc func;
 };
 qlisttbl_t *fieldValidFuncs = NULL;
-static void newValidFunc(char *name, fieldValidFunc func)
+static void newValidFunc(char *name, char *title, fieldValidFunc func)
 {
  validFunc *vf = xmalloc(sizeof(validFunc));
-  vf->name = name;      vf->func = func;
+  vf->name = name;      vf->title = title;      vf->func = func;
  fieldValidFuncs->put(fieldValidFuncs, vf->name, vf, sizeof(validFunc));
 }
@@ -402,7 +402,7 @@ struct _sesh
 struct _reqData
 {
  lua_State *L;
-  qhashtbl_t *configs, *queries, *body, *cookies, *headers, *stuff, *database, *Rcookies, *Rheaders;
+  qhashtbl_t *configs, *queries, *body, *cookies, *headers, *valid, *stuff, *database, *Rcookies, *Rheaders;
  char *Scheme, *Host, *Method, *Script, *RUri, *doit;
  sesh shs, *lnk;
  MYSQL *db;
@@ -2727,6 +2727,96 @@ NOTE - storing a pepper on the same RAID array as everything else will be a prob
 https://stackoverflow.com/questions/16891729/best-practices-salting-peppering-passwords
 */
+static void bitch(reqData *Rd, char *message, char *log)
+{
+  addStrL(Rd->errors, message);
+  E("%s %s %s %s  %s", getStrH(Rd->headers, "REMOTE_ADDR"), getStrH(Rd->stuff, "UUID"), getStrH(Rd->stuff, "name"), message, log);
+}
+/* "A token cookie that references a non-existent session, its value should be replaced immediately to prevent session fixation."
+https://owasp.org/www-community/attacks/Session_fixation
+    Which describes the problem, but offers no solution.
+    See https://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication?rq=1.
+I think this means send a new cookie.
+    I clear out the cookies and send blank ones with -1 maxAge, so they should get deleted.
+*/
+static void bitchSession(reqData *Rd, char *message, char *log)
+{
+  addStrL(Rd->errors, message);
+  C("%s %s %s %s  %s", getStrH(Rd->headers, "REMOTE_ADDR"), getStrH(Rd->stuff, "UUID"), getStrH(Rd->stuff, "name"), message, log);
+  Rd->vegOut = TRUE;
+}
+int LuaToHash(reqData *Rd, char *file, char *var, qhashtbl_t *tnm, int ret, struct stat *st, struct timespec *now, char *type)
+{
+  struct timespec then;
+  if (-1 == clock_gettime(CLOCK_REALTIME, &then))
+    perror_msg("Unable to get the time.");
+  I("Reading %s file %s", type, file);
+  if (0 != stat(file, st))
+  {
+    D("No %s file.", file);
+    perror_msg("Unable to stat %s", file);
+    ret++;
+  }
+  else
+  {
+    int status = luaL_loadfile(Rd->L, file), result;
+    if (status)
+    {
+      bitchSession(Rd, "No such thing.", "Can't load file.");
+      E("Couldn't load file: %s", lua_tostring(Rd->L, -1));
+      ret++;
+    }
+    else
+    {
+      result = lua_pcall(Rd->L, 0, LUA_MULTRET, 0);
+      if (result)
+      {
+        bitchSession(Rd, "Broken thing.", "Can't run file.");
+        E("Failed to run script: %s", lua_tostring(Rd->L, -1));
+        ret++;
+      }
+      else
+      {
+        lua_getglobal(Rd->L, var);
+        lua_pushnil(Rd->L);
+        while(lua_next(Rd->L, -2) != 0)
+        {
+          char *n = (char *) lua_tostring(Rd->L, -2);
+          if (lua_isstring(Rd->L, -1))
+          {
+            tnm->putstr(tnm, n, (char *) lua_tostring(Rd->L, -1));
+//d("Reading %s = %s", n, getStrH(tnm, n));
+          }
+          else
+          {
+            char *v = (char *) lua_tostring(Rd->L, -1);
+            W("Unknown Lua variable type for %s = %s", n, v);
+          }
+          lua_pop(Rd->L, 1);
+        }
+        if (-1 == clock_gettime(CLOCK_REALTIME, now))
+          perror_msg("Unable to get the time.");
+        double n = (now->tv_sec * 1000000000.0) + now->tv_nsec;
+        double t = (then.tv_sec * 1000000000.0) + then.tv_nsec;
+        T("Reading %s file took %lf seconds", type, (n - t) / 1000000000.0);
+      }
+    }
+  }
+  return ret;
+}
 static void freeSesh(reqData *Rd, boolean linky, boolean wipe)
 {
  char *file = NULL;
@@ -2933,26 +3023,6 @@ static void createUser(reqData *Rd)
  free(file);
 }
-static void bitch(reqData *Rd, char *message, char *log)
-{
-  addStrL(Rd->errors, message);
-  E("%s %s %s %s  %s", getStrH(Rd->headers, "REMOTE_ADDR"), getStrH(Rd->stuff, "UUID"), getStrH(Rd->stuff, "name"), message, log);
-}
-/* "A token cookie that references a non-existent session, its value should be replaced immediately to prevent session fixation."
-https://owasp.org/www-community/attacks/Session_fixation
-    Which describes the problem, but offers no solution.
-    See https://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication?rq=1.
-I think this means send a new cookie.
-    I clear out the cookies and send blank ones with -1 maxAge, so they should get deleted.
-*/
-static void bitchSession(reqData *Rd, char *message, char *log)
-{
-  addStrL(Rd->errors, message);
-  C("%s %s %s %s  %s", getStrH(Rd->headers, "REMOTE_ADDR"), getStrH(Rd->stuff, "UUID"), getStrH(Rd->stuff, "name"), message, log);
-  Rd->vegOut = TRUE;
-}
 static sesh *newSesh(reqData *Rd, boolean linky)
 {
  unsigned char *md5hash = xzalloc(17);
@@ -2961,7 +3031,7 @@ static sesh *newSesh(reqData *Rd, boolean linky)
  uuid_t binuuid;
  sesh *ret = &Rd->shs;
-W("New sesh");
+d("New sesh");
  if (linky)
  {
    Rd->lnk = xzalloc(sizeof(sesh));
@@ -3044,132 +3114,72 @@ char *checkLinky(reqData *Rd)
 }
-boolean prevalidate(qhashtbl_t *data, char *name)
-{
-  if ('\0' != getStrH(data, name)[0])
-  {
-    I("Already validated %s.", name);
-    return TRUE;
-  }
-  return FALSE;
-}
 boolean badBoy(int ret, reqData *Rd, qhashtbl_t *data, char *name, char *value)
 {
  if (NULL == value)
    value = getStrH(data, name);
  if (0 != ret)
  {
-    char *t = xmprintf("BAD - %s", name);
+    Rd->valid->putint(Rd->valid, name, -1);
+W("Bad boy %s = %s", name, value);
-    Rd->stuff->putstr(Rd->stuff, t, value);
-    Rd->stuff->remove(data, name);
-    free(t);
    return TRUE;
  }
-  data->putstr(data, name, value);
+  Rd->stuff->putstr(Rd->stuff, name, value);
+  Rd->valid->putint(Rd->valid, name, 1);
  return FALSE;
 }
-char *months[] =
+int validateThings(reqData *Rd, char *doit, char *name, qhashtbl_t *things)
-{
-  "january",
-  "february",
-  "march",
-  "april",
-  "may",
-  "june",
-  "july",
-  "august",
-  "september",
-  "october",
-  "november",
-  "december"
-};
-int LuaToHash(reqData *Rd, char *file, char *var, qhashtbl_t *tnm, int ret, struct stat *st, struct timespec *now, char *type)
 {
-  struct timespec then;
+  int e = 0;
+  qlisttbl_obj_t obj;
-  if (-1 == clock_gettime(CLOCK_REALTIME, &then))
+  D("For function %s, start of %s validation.", doit, name);
-    perror_msg("Unable to get the time.");
+  memset((void *) &obj, 0, sizeof(obj));
-  I("Reading %s file %s", type, file);
+  fieldValidFuncs->lock(fieldValidFuncs);
-  if (0 != stat(file, st))
+  while(fieldValidFuncs->getnext(fieldValidFuncs, &obj, NULL, false) == true)
-  {
-    bitchSession(Rd, "No such thing.", "No file.");
-    perror_msg("Unable to stat %s", file);
-    ret++;
-  }
-  else
  {
-    int status = luaL_loadfile(Rd->L, file), result;
+    char *t = things->getstr(things, obj.name, false);
-    if (status)
+    if (NULL != t)
-    {
-      bitchSession(Rd, "No such thing.", "Can't load file.");
-      E("Couldn't load file: %s", lua_tostring(Rd->L, -1));
-      ret++;
-    }
-    else
    {
-      result = lua_pcall(Rd->L, 0, LUA_MULTRET, 0);
+      char *nm = obj.name;
+      int valid = Rd->valid->getint(Rd->valid, nm);
+      validFunc *vf = (validFunc *) obj.data;
-      if (result)
+      if (0 != valid)   // Is it in the valid qhashtbl?
      {
-        bitchSession(Rd, "Broken thing.", "Can't run file.");
+        if (0 < valid)  // Positive valid means it's valid, negative means it's invald.
-        E("Failed to run script: %s", lua_tostring(Rd->L, -1));
+          D("Already validated %s - %s.", vf->title, nm);
-        ret++;
+        else
+          D("Already invalidated %s - %s.", vf->title, nm);
      }
      else
      {
-        lua_getglobal(Rd->L, var);
+        D("Validating %s - %s.", vf->title, nm);
-        lua_pushnil(Rd->L);
+        if (vf->func)
+          e += vf->func(Rd, things, nm);
-        while(lua_next(Rd->L, -2) != 0)
+        else
-        {
+          E("No validation function for %s - %s", vf->title, nm);
-          char *n = (char *) lua_tostring(Rd->L, -2);
-          if (lua_isstring(Rd->L, -1))
-          {
-            tnm->putstr(tnm, n, (char *) lua_tostring(Rd->L, -1));
-//d("Reading %s %s", n, getStrH(tnm, n));
-          }
-          else
-          {
-            char *v = (char *) lua_tostring(Rd->L, -1);
-            W("Unknown Lua variable type for %s = %s", n, v);
-          }
-          lua_pop(Rd->L, 1);
-        }
-        if (-1 == clock_gettime(CLOCK_REALTIME, now))
-          perror_msg("Unable to get the time.");
-        double n = (now->tv_sec * 1000000000.0) + now->tv_nsec;
-        double t = (then.tv_sec * 1000000000.0) + then.tv_nsec;
-        T("Reading %s file took %lf seconds", type, (n - t) / 1000000000.0);
      }
    }
  }
+  fieldValidFuncs->unlock(fieldValidFuncs);
-  return ret;
+  return e;
 }
-static int validateSesh(reqData *Rd, qhashtbl_t *data)
+static int validateSesh(reqData *Rd, qhashtbl_t *data, char *name)
 {
  int ret = 0;
  boolean linky = FALSE;
  if ('\0' != Rd->shs.leaf[0])
  {
-    I("Already validated session.");
+    d("Already validated session.");
    return ret;
  }
-  I("Validating session.");
  char  *toke_n_munchie = "", *munchie = "", *hashish = "",
        *leaf, *timeStamp = "", *seshion = "", *seshID = "",
        *t0, *t1;
@@ -3324,15 +3334,25 @@ W("Validated session linky.");
                        Rd->stuff->putstr(Rd->stuff, "linky-hashish",                   t0);
                    }
                  }
-                  Rd->stuff->putstr(Rd->stuff, "name",          tnm->getstr(tnm, "name", true));
-                  Rd->stuff->putstr(Rd->stuff, "UUID",          tnm->getstr(tnm, "UUID", true));
+                  qhashtbl_obj_t obj;
-                  Rd->stuff->putstr(Rd->stuff, "level",         tnm->getstr(tnm, "level", true));
-                  Rd->stuff->putstr(Rd->stuff, "passwordSalt",  tnm->getstr(tnm, "passwordSalt", true));
+                  memset((void*)&obj, 0, sizeof(obj));
-                  Rd->stuff->putstr(Rd->stuff, "passwordHash",  tnm->getstr(tnm, "passwordHash", true));
+                  tnm->lock(tnm);
+                  while(tnm->getnext(tnm, &obj, false) == true)
+                  {
+                    char *n = obj.name;
+                    if ((strcmp("salt", n) != 0) && (strcmp("seshID", n) != 0))
+                    {
+t("Lua %s = %s", n, (char *) obj.data);
+                      Rd->stuff->putstr(Rd->stuff, obj.name, (char *) obj.data);
+                    }
+                  }
+                  tnm->unlock(tnm);
                  Rd->database->putstr(Rd->database, "UserAccounts.PrincipalID", tnm->getstr(tnm, "UUID", true));
                }
              }
          }
        }
      }
@@ -3342,15 +3362,48 @@ W("Validated session linky.");
  return ret;
 }
-static int validateDoB(reqData *Rd, qhashtbl_t *data)
+static int validateAboutMe(reqData *Rd, qhashtbl_t *data, char *name)
+{
+  int ret = 0;
+  char *about = getStrH(data, "aboutMe");
+  if ((strcmp("confirm", Rd->doit) != 0) && (strcmp("update", Rd->doit) != 0))
+    return ret;
+  if ('\0' == about[0])
+  {
+    bitch(Rd, "Please fill in the 'About me' section.", "None supplied.");
+    ret++;
+  }
+  badBoy(ret, Rd, data, "aboutMe", about);
+  return ret;
+}
+char *months[] =
+{
+  "january",
+  "february",
+  "march",
+  "april",
+  "may",
+  "june",
+  "july",
+  "august",
+  "september",
+  "october",
+  "november",
+  "december"
+};
+static int validateDoB(reqData *Rd, qhashtbl_t *data, char *name)
 {
  int ret = 0, i;
  char *t;
-  if (prevalidate(Rd->stuff, "year"))   return ret;
+  if ((strcmp("confirm", Rd->doit) != 0) && (strcmp("update", Rd->doit) != 0))
-  if (prevalidate(Rd->stuff, "month"))  return ret;
+    return ret;
-  I("Validating DoB.");
  t = getStrH(data, "year");
  if ((NULL == t) || ('\0' == t[0]))
  {
@@ -3392,19 +3445,15 @@ static int validateDoB(reqData *Rd, qhashtbl_t *data)
  return ret;
 }
-static int validateEmail(reqData *Rd, qhashtbl_t *data)
+static int validateEmail(reqData *Rd, qhashtbl_t *data, char *name)
 {
  int ret = 0;
  char *email = getStrH(data, "email");
  char *emayl = getStrH(data, "emayl");
-  if ((strcmp("create", Rd->doit) != 0) && (strcmp("update", Rd->doit) != 0))
+  if ((strcmp("confirm", Rd->doit) != 0) && (strcmp("update", Rd->doit) != 0))
    return ret;
-  if (prevalidate(Rd->stuff, "email"))  return ret;
-  if (prevalidate(Rd->stuff, "emayl"))  return ret;
-  I("Validating email.");
  if ((NULL == email) || (NULL == emayl) || ('\0' == email[0]) || ('\0' == emayl[0]))
  {
    bitch(Rd, "Please supply an email address.", "None supplied.");
@@ -3425,25 +3474,20 @@ static int validateEmail(reqData *Rd, qhashtbl_t *data)
 // TODO - do other email checks - does the domain exist, ..
  }
-  badBoy(ret, Rd, data, "email", email);
+  badBoy(ret, Rd, data, "email", NULL);
-  badBoy(ret, Rd, data, "emayl", emayl);
+  badBoy(ret, Rd, data, "emayl", NULL);
  return ret;
 }
-static int validateLegal(reqData *Rd, qhashtbl_t *data)
+static int validateLegal(reqData *Rd, qhashtbl_t *data, char *name)
 {
  int ret = 0;
  char *t;
-  if (prevalidate(Rd->stuff, "adult"))  return ret;
-  if (prevalidate(Rd->stuff, "agree"))  return ret;
-  I("Validating legal.");
  t = getStrH(data, "adult");
  if ((NULL == t) || (strcmp("on", t) != 0))
  {
-    bitch(Rd, "You must be an adult to enter this world.", "");
+    bitch(Rd, "You must be an adult to enter this site.", "");
    ret++;
  }
  t = getStrH(data, "agree");
@@ -3458,19 +3502,16 @@ static int validateLegal(reqData *Rd, qhashtbl_t *data)
  return ret;
 }
-static int validateName(reqData *Rd, qhashtbl_t *data)
+static int validateName(reqData *Rd, qhashtbl_t *data, char *nm)
 {
  boolean login = strcmp("login", Rd->doit) == 0;
  int ret = 0;
  unsigned char *name = data->getstr(data, "name", true);       // We have to be unsigned coz of isalnum().
  char *where = NULL;
-  if (strcmp("logout", Rd->doit) == 0)
+  if ((strcmp("cancel", Rd->doit) == 0) || (strcmp("logout", Rd->doit) == 0))
    return ret;
-  if (prevalidate(Rd->database, "UserAccounts.UserLevel"))      return ret;
-  I("Validating name.");
  if ((NULL == name) || ('\0' == name[0]))
  {
    bitch(Rd, "Please supply an account name.", "None supplied.");
@@ -3557,102 +3598,105 @@ static int validateName(reqData *Rd, qhashtbl_t *data)
      }
      dbDoSomething(acnts, FALSE, name, s);
      rowData *rows = acnts->rows;
+      int c = 0;
      if (rows)
-      {
+        c = rows->rows->size(rows->rows);
-        int i = rows->rows->size(rows->rows);
-        if (login)
+      if (login)
+      {
+        if ((1 != c) && (rt))
        {
          if (rt)
          {
-          bitch(Rd, "Login failed.", "Could not read user Lua file.");
+            W("Could not read user Lua file.");
-          ret += rt;
+            ret += rt;
-            if (i == 0)
+          }
-            {
+          if (0 == c)
-              bitch(Rd, "Login failed.", "No UserAccounts record with that name.");
+          {
-              ret++;
+            W("No UserAccounts record with that name.");
-            }
+            ret++;
-            else
-            {
-              if (i != 1)
-              {
-                bitch(Rd, "Login failed.", "More than one UserAccounts record with that name.");
-                ret++;
-              }
-              else
-              {
-                dbPull(Rd, "UserAccounts", rows);
-                Rd->stuff->putstr(Rd->stuff, "UUID",  xstrdup(getStrH(Rd->database, "UserAccounts.PrincipalID")));
-                Rd->stuff->putstr(Rd->stuff, "level", xstrdup(getStrH(Rd->database, "UserAccounts.Userlevel")));
-                if (s)  {s--;  *s = ' ';  s++;}
-                Rd->stuff->putstr(Rd->stuff,     "name",                        xstrdup(name));
-              }
-            }
          }
          else
          {
+             W("More than one UserAccounts record with that name.");
+             ret++;
+          } 
+          bitch(Rd, "Login failed.", "Could not find user record.");
+        }
+        else
+        {
+          if (1 == c)
+            dbPull(Rd, "UserAccounts", rows);
+          else
+          {
            Rd->database->putstr(Rd->database, "UserAccounts.FirstName",        name);
-            Rd->database->putstr(Rd->database, "UserAccounts.LastName", s);
+            Rd->database->putstr(Rd->database, "UserAccounts.LastName",         s);
-            Rd->database->putstr(Rd->database, "UserAccounts.Email",    getStrH(tnm, "email"));
+            Rd->database->putstr(Rd->database, "UserAccounts.Email",            getStrH(tnm, "email"));
-            Rd->database->putstr(Rd->database, "UserAccounts.Created",  getStrH(tnm, "created"));
+            Rd->database->putstr(Rd->database, "UserAccounts.Created",          getStrH(tnm, "created"));
            Rd->database->putstr(Rd->database, "UserAccounts.PrincipleID",      getStrH(tnm, "UUID"));
            Rd->database->putstr(Rd->database, "UserAccounts.UserLevel",        getStrH(tnm, "level"));
            Rd->database->putstr(Rd->database, "UserAccounts.UserFlags",        getStrH(tnm, "flags"));
            Rd->database->putstr(Rd->database, "UserAccounts.UserTitle",        getStrH(tnm, "title"));
-            Rd->database->putstr(Rd->database, "UserAccounts.active",   getStrH(tnm, "active"));
+            Rd->database->putstr(Rd->database, "UserAccounts.active",           getStrH(tnm, "active"));
            Rd->database->putstr(Rd->database, "auth.passwordSalt",             getStrH(tnm, "passwordSalt"));
            Rd->database->putstr(Rd->database, "auth.passwordHash",             getStrH(tnm, "passwordHash"));
+            tnm->free(tnm);
-            Rd->stuff->putstr(Rd->stuff, "UUID",  xstrdup(getStrH(Rd->database, "UserAccounts.PrincipalID")));
-            Rd->stuff->putstr(Rd->stuff, "level", xstrdup(getStrH(Rd->database, "UserAccounts.Userlevel")));
-            if (s)      {s--;  *s = ' ';  s++;}
-            Rd->stuff->putstr(Rd->stuff,         "name",                        xstrdup(name));
-            if (s)      {s--;  *s = '\0';  s++;}
          }
+          Rd->stuff->putstr(Rd->stuff, "UUID",  xstrdup(getStrH(Rd->database, "UserAccounts.PrincipalID")));
+          Rd->stuff->putstr(Rd->stuff, "level", xstrdup(getStrH(Rd->database, "UserAccounts.Userlevel")));
+          if (s)        {s--;  *s = ' ';  s++;}
+          Rd->stuff->putstr(Rd->stuff,   "name",                        xstrdup(name));
+          if (s)        {s--;  *s = '\0';  s++;}
        }
-        else if (strcmp("create", Rd->doit) == 0)
+      }
+      else if (strcmp("create", Rd->doit) == 0)
+      {
+        if ((0 != c) && (!rt))
+        {
+          bitch(Rd, "Pick a different name.", "An existing Lua user file or UserAccounts record matched that name.");
+          ret++;
+        }
+        else
        {
-          if (i != 0)
-          {
-            bitch(Rd, "Pick a different name.", "An existing UserAccounts record matched that name.");
-            ret++;
-          }
-          else
-          {
 // TODO - compare first, last, and fullname against god names, complain and fail if there's a match.
-            {
+          // Generate a UUID, check it isn't already being used.
-              // Generate a UUID, check it isn't already being used.
+          char uuid[37];
-              char uuid[37];
+          uuid_t binuuid;
-              uuid_t binuuid;
+          my_ulonglong users = 0;
-              my_ulonglong users = 0;
-              do        // UserAccounts.PrincipalID is a unique primary index anyway, but we want the user creation process to be a little on the slow side.
+          do    // UserAccounts.PrincipalID is a unique primary index anyway, but we want the user creation process to be a little on the slow side.
-              {
+          {
-                uuid_generate_random(binuuid);
+            struct stat st;
-                uuid_unparse_lower(binuuid, uuid);
-                where = xmprintf("UserAccounts.PrincipalID = '%s'", uuid);
+            uuid_generate_random(binuuid);
-                D("Trying new UUID %s.", where);
+            uuid_unparse_lower(binuuid, uuid);
-                users = dbCount(Rd->db, "UserAccounts", where);
+            // Try Lua user file.
-                free(where);
+            where = xmprintf("%s/users/%s.lua", scData, uuid);
-              } while (users != 0);
+            c = stat(where, &st);
+            if (c)
+              users = 1;
+            free(where);
+            // Try database.
+            where = xmprintf("UserAccounts.PrincipalID = '%s'", uuid);
+            D("Trying new UUID %s.", where);
+            users = dbCount(Rd->db, "UserAccounts", where);
+            free(where);
+          } while (users != 0);
 // TODO - perhaps create a place holder UserAccounts record?  Then we'll have to deal with deleting them later.
+          Rd->stuff->putstr(Rd->stuff,   "UUID",                        xstrdup(uuid));
-              Rd->stuff->putstr(Rd->stuff,       "UUID",                        xstrdup(uuid));
+          Rd->stuff->putstr(Rd->stuff,   "level",                       xstrdup("-200"));
-              Rd->stuff->putstr(Rd->stuff,       "level",                       xstrdup("-200"));
+          Rd->database->putstr(Rd->database, "UserAccounts.PrincipalID",xstrdup(uuid));
-              Rd->database->putstr(Rd->database, "UserAccounts.PrincipalID",    xstrdup(uuid));
+          Rd->database->putstr(Rd->database, "UserAccounts.Userlevel",  xstrdup("-200"));
-              Rd->database->putstr(Rd->database, "UserAccounts.Userlevel",      xstrdup("-200"));
+          Rd->database->putstr(Rd->database, "UserAccounts.firstName",  xstrdup(name));
-              Rd->database->putstr(Rd->database, "UserAccounts.firstName",      xstrdup(name));
+          Rd->database->putstr(Rd->database, "UserAccounts.lastName",   xstrdup(s));
-              Rd->database->putstr(Rd->database, "UserAccounts.lastName",       xstrdup(s));
+          if (s)        {s--;  *s = ' ';  s++;}
-              if (s)    {s--;  *s = ' ';  s++;}
+          Rd->stuff->putstr(Rd->stuff,   "name",                        xstrdup(name));
-              Rd->stuff->putstr(Rd->stuff,       "name",                        xstrdup(name));
-            }
-          }
        }
-        free(rows->rows);
-        free(rows->fieldNames);
-        free(rows);
      }
+      free(rows->rows);
+      free(rows->fieldNames);
+      free(rows);
      if (s)    {s--;  *s = ' ';  s++;}
    }
  }
@@ -3661,7 +3705,7 @@ static int validateName(reqData *Rd, qhashtbl_t *data)
  return ret;
 }
-static int validatePassword(reqData *Rd, qhashtbl_t *data)
+static int validatePassword(reqData *Rd, qhashtbl_t *data, char *name)
 {
  boolean login  = strcmp("login",  Rd->doit) == 0;
  boolean create = strcmp("create", Rd->doit) == 0;
@@ -3670,13 +3714,13 @@ static int validatePassword(reqData *Rd, qhashtbl_t *data)
  char *psswrdH  = getStrH(Rd->stuff, "passwordHash");
  char *psswrdS  = getStrH(Rd->stuff, "passwordSalt");
-  if (prevalidate(Rd->database, "auth.passwordSalt"))   return ret;
-  I("Validating password.");
  if (login)
  {
    char *UUID = getStrH(Rd->database, "UserAccounts.PrincipalID");
    static dbRequest *auth = NULL;
+    if ('\0' == UUID[0])        // If the name validation didn't find us a UUID, then this user doesn't exist, so can't log them on.
+        return 1;
    if (NULL == auth)
    {
      static char *szi[] = {"UUID", NULL};
@@ -3851,16 +3895,19 @@ static int validatePassword(reqData *Rd, qhashtbl_t *data)
  else
    D("Account created%s.", password);
+  badBoy(ret, Rd, data, "auth.passwordSalt", NULL);
  return ret;
 }
-static int validateUUID(reqData *Rd, qhashtbl_t *data)
+static int validateUUID(reqData *Rd, qhashtbl_t *data, char *name)
 {
  int ret = 0, i;
  char uuid[37], *t;
  rowData *rows = NULL;
  static dbRequest *uuids = NULL;
  if (NULL == uuids)
  {
    static char *szi[] = {"PrincipalID", NULL};
@@ -3873,14 +3920,15 @@ static int validateUUID(reqData *Rd, qhashtbl_t *data)
    uuids->where = "PrincipalID=?";
  }
-  I("Validating UUID.");
+  if ((strcmp("cancel", Rd->doit) == 0) || (strcmp("logout", Rd->doit) == 0))
+    return ret;
+  uuid[0] = '\0';
  if (strcmp("create", Rd->doit) == 0)
  {
    // Generate a UUID, check it isn't already being used, and totally ignore whatever UUID is in body.
    uuid_t binuuid;
-    if (prevalidate(Rd->stuff, "UUID")) return ret;
    do  // UserAccounts.PrincipalID is a unique primary index anyway, but we want the user creation process to be a little on the slow side.
    {
      uuid_generate_random(binuuid);
@@ -3903,7 +3951,7 @@ static int validateUUID(reqData *Rd, qhashtbl_t *data)
    if (0 == ret)
    {
      data->putstr(data, "UUID", xstrdup(uuid));
-      data->putstr(data, "NEW - UUID", uuid);
+      Rd->stuff->putstr(Rd->stuff, "UUID", xstrdup(uuid));
    }
    rows = NULL;
  }
@@ -3958,41 +4006,13 @@ static int validateUUID(reqData *Rd, qhashtbl_t *data)
    {
      Rd->database->putstr(Rd->database, "UserAccounts.PrincipalID", xstrdup(uuid));
    }
+    Rd->stuff->putstr(Rd->stuff, "UUID", xstrdup(uuid));
  }
  return ret;
 }
-int validateThings(reqData *Rd, char *doit, char *name, qhashtbl_t *things)
-{
-  int e = 0;
-  W("%s start of %s validation.", doit, name);
-  qlisttbl_obj_t obj;
-  memset((void *) &obj, 0, sizeof(obj));
-  fieldValidFuncs->lock(fieldValidFuncs);
-  while(fieldValidFuncs->getnext(fieldValidFuncs, &obj, NULL, false) == true)
-  {
-    char *t = getStrH(things, obj.name);
-    if ('\0' != t[0])
-    {
-      validFunc *vf = (validFunc *) obj.data;
-W("Validating %s", obj.name);
-      if (vf->func)
-        e += vf->func(Rd, things);
-      else
-        E("No validation function for %s", obj.name);
-    }
-  }
-  fieldValidFuncs->unlock(fieldValidFuncs);
-  return e;
-}
 void loginPage(reqData *Rd, char *message)
 {
  char *name = xstrdup(getStrH(Rd->stuff, "name"));
@@ -4022,11 +4042,14 @@ void loginPage(reqData *Rd, char *message)
 void accountCreationPage(reqData *Rd, char *message)
 {
-  char *name = getStrH(Rd->stuff, "name");
+  char *name = getStrH(Rd->body, "name");
  char *toke_n_munchie = getCookie(Rd->Rcookies, "toke_n_munchie");
  char *tmp = xmalloc(16), *t;
  int i, d;
+  if ('\0' == name[0])
+    name = getStrH(Rd->stuff, "name");
 // TODO - eww lots of memory leaks here.
 // TODO - need to check if qlibc does it's own free() calls, and fill in the gaps for when it doesn't.
  HTMLheader(Rd->reply, "<!--#echo var=\"grid\" --> account manager");
@@ -4050,7 +4073,7 @@ void accountCreationPage(reqData *Rd, char *message)
    Rd->reply->addstr(Rd->reply, "<p>A validation email will be sent to this email address, you will need to click on the link in it to continue your account creation.</p>\n");
    Rd->reply->addstr(Rd->reply, "<table><tr><td>\n");
    HTMLselect(Rd->reply, "Date of birth", "year");
-    t = getStrH(Rd->stuff, "year");
+    t = getStrH(Rd->body, "year");
    if (NULL == t)
      d = -1;
    else
@@ -4068,7 +4091,7 @@ void accountCreationPage(reqData *Rd, char *message)
    HTMLselectEnd(Rd->reply);
    Rd->reply->addstr(Rd->reply, "</tt><td>");
    HTMLselect(Rd->reply, NULL, "month");
-    t = getStrH(Rd->stuff, "month");
+    t = getStrH(Rd->body, "month");
    HTMLoption(Rd->reply, xstrdup(""), FALSE);
    for (i = 0; i <= 11; i++)
    {
@@ -4177,17 +4200,18 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile)
  if (NULL == fieldValidFuncs)
  {
    fieldValidFuncs = qlisttbl(QLISTTBL_LOOKUPFORWARD | QLISTTBL_THREADSAFE | QLISTTBL_UNIQUE);
-    newValidFunc("hashish",             (fieldValidFunc) validateSesh);
+    newValidFunc("hashish",             "session",      (fieldValidFunc) validateSesh);
-    newValidFunc("toke_n_munchie",      (fieldValidFunc) validateSesh);
+    newValidFunc("toke_n_munchie",      "session",      (fieldValidFunc) validateSesh);
-    newValidFunc("UUID",                (fieldValidFunc) validateUUID);
+    newValidFunc("UUID",                "UUID",         (fieldValidFunc) validateUUID);
-    newValidFunc("name",                (fieldValidFunc) validateName);
+    newValidFunc("name",                "name",         (fieldValidFunc) validateName);
-    newValidFunc("password",            (fieldValidFunc) validatePassword);
+    newValidFunc("password",            "password",     (fieldValidFunc) validatePassword);
-    newValidFunc("email",               (fieldValidFunc) validateEmail);
+    newValidFunc("email",               "email",        (fieldValidFunc) validateEmail);
-    newValidFunc("emayl",               (fieldValidFunc) validateEmail);
+    newValidFunc("emayl",               "email",        (fieldValidFunc) validateEmail);
-    newValidFunc("year",                (fieldValidFunc) validateDoB);
+    newValidFunc("year",                "DoB",          (fieldValidFunc) validateDoB);
-    newValidFunc("month",               (fieldValidFunc) validateDoB);
+    newValidFunc("month",               "DoB",          (fieldValidFunc) validateDoB);
-    newValidFunc("adult",               (fieldValidFunc) validateLegal);
+    newValidFunc("adult",               "legal",        (fieldValidFunc) validateLegal);
-    newValidFunc("agree",               (fieldValidFunc) validateLegal);
+    newValidFunc("agree",               "legal",        (fieldValidFunc) validateLegal);
+    newValidFunc("aboutMe",             "about me",     (fieldValidFunc) validateAboutMe);
  }
  if (NULL == buildPages)
  {
@@ -4329,6 +4353,12 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile)
        freeSesh(Rd, FALSE, TRUE);
      newSesh(Rd, FALSE);
    }
+    else if ((0 != e))  // So we can reload details into a broken form, so the user doesn't have to retype everything.
+    {
+      freeSesh(Rd, FALSE, FALSE);
+      newSesh(Rd, FALSE);
+    }
    Rd->func(Rd, "");
  }
@@ -4726,6 +4756,7 @@ jit library is loaded or the JIT compiler will not be activated.
 //      Rd->body        = qhashtbl(0, 0);       // Inited in toknize below.
 //      Rd->cookies     = qhashtbl(0, 0);       // Inited in toknize below.
      Rd->headers       = qhashtbl(0, 0);
+      Rd->valid         = qhashtbl(0, 0);
      Rd->stuff         = qhashtbl(0, 0);
      Rd->database      = qhashtbl(0, 0);
      Rd->Rcookies      = qhashtbl(0, 0);
@@ -4983,6 +5014,7 @@ fcgiDone:
        qhashtbl_free(Rd->Rcookies);
        qhashtbl_free(Rd->database);
        qhashtbl_free(Rd->stuff);
+        qhashtbl_free(Rd->valid);
        qhashtbl_free(Rd->headers);
        qhashtbl_free(Rd->cookies);
        qhashtbl_free(Rd->body);
author	onefang	2020-03-18 23:44:23 +1000
committer	onefang	2020-03-18 23:44:23 +1000
commit	0dd0082560332995ba8e6ed86b3fd6b92ba783e8 (patch)
tree	4b417ed9c5a5d5916cf29ba3e2734e8a0b4cda20 /src
parent	Include all stuff in a session file. (diff)
download	opensim-SC_OLD-0dd0082560332995ba8e6ed86b3fd6b92ba783e8.zip opensim-SC_OLD-0dd0082560332995ba8e6ed86b3fd6b92ba783e8.tar.gz opensim-SC_OLD-0dd0082560332995ba8e6ed86b3fd6b92ba783e8.tar.bz2 opensim-SC_OLD-0dd0082560332995ba8e6ed86b3fd6b92ba783e8.tar.xz