From d80fe50ade9d74b83310b926d0d98037ecdac1d8 Mon Sep 17 00:00:00 2001 From: onefang Date: Wed, 22 Apr 2020 05:51:40 +1000 Subject: Various fixes and additions I'm too tired to untangle now. lol Method to include a query in the GET redirection. More testing instructions. More stuff v shs sanity. Various functions changed from figuring out their arguments to just pass them in. Changed some function names. Added "You are person X" linky at top of logged in pages. Allow gods to edit the level of others. No doubt various small things I forgot. lol --- src/sledjchisl/sledjchisl.c | 372 +++++++++++++++++++++++++++++--------------- 1 file changed, 249 insertions(+), 123 deletions(-) (limited to 'src/sledjchisl') diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c index f6f8f9d..8fb505b 100644 --- a/src/sledjchisl/sledjchisl.c +++ b/src/sledjchisl/sledjchisl.c @@ -380,7 +380,7 @@ struct _reqData { lua_State *L; qhashtbl_t *configs, *queries, *body, *cookies, *headers, *valid, *stuff, *database, *Rcookies, *Rheaders; - char *Scheme, *Host, *Method, *Script, *RUri, *doit, *form, *output; + char *Scheme, *Host, *Method, *Script, *RUri, *doit, *form, *output, *outQuery; sesh shs, *lnk; MYSQL *db; gridStats *stats; @@ -2539,6 +2539,8 @@ static void HTMLfooter(qgrow_t *reply) " So feel free to create as many test accounts as you need to test things.

\n" "

We follow the usual web site registration process, which sends a validation email, with a link to click.   " " However, during this test mode, no emails will be sent, instead a link will be displayed near the top of the page when a user is logged in.

\n" + "

After creating an account, log on as your grid god account, click the 'validated members' button, click on the new member, set their level to 'approved', " + " then click on the 'save' button.   In theory that will create their in world account, in practice I still haven't written that bit.

" "

Missing bits that are still being written - sending the emails, creating real grid accounts, editing accounts, listing accounts, deleting accounts.

\n" " \n"); // reply->addstr(reply, "
\n
\n"); @@ -2774,7 +2776,7 @@ HTMLfile *checkHTMLcache(char *file) . tell them they have validated create their OpenSim account UserAccounts.UserTitle and auth tables, not GridUser table create their GridUser record. - update their UserAccounts.Userlevel and UserAccounts.UserTitle +. update their UserAccounts.Userlevel and UserAccounts.UserTitle . send them to the login page. . regenerate the usual token ? let user stay logged on? @@ -3191,7 +3193,7 @@ static void setToken_n_munchie(reqData *Rd, boolean linky) shs->salt, shs->seshID ); - char *tnm1 = xmprintf(" ['name']='%s',\n", shs->name); + char *tnm1 = xmprintf(" ['name']='%s',\n ['level']='%d',\n", shs->name, (int) shs->level); char *tnm2 = xmprintf(" ['UUID']='%s',\n", shs->UUID); char *tnm3 = xmprintf(" ['passHash']='%s',\n", getStrH(Rd->stuff, "passHash")); char *tnm4 = xmprintf(" ['passSalt']='%s',\n", getStrH(Rd->stuff, "passSalt")); @@ -3304,9 +3306,9 @@ static void generateAccountUUID(reqData *Rd) Rd->database->putstr(Rd->database, "UserAccounts.Userlevel", "-200"); } -char *getLevel(reqData *Rd) +char *getLevel(short level) { - char *ret = "", *lvl = xmprintf("%d", Rd->shs.level); + char *ret = "", *lvl = xmprintf("%d", level); ret = accountLevels->getstr(accountLevels, lvl, false); if (NULL == ret) { @@ -3316,7 +3318,7 @@ char *getLevel(reqData *Rd) accountLevels->lock(accountLevels); while(accountLevels->getnext(accountLevels, &obj, NULL, false) == true) { - if (atoi(obj.name) <= Rd->shs.level) + if (atoi(obj.name) <= level) ret = (char *) obj.data; } } @@ -3326,7 +3328,9 @@ char *getLevel(reqData *Rd) static void accountWrite(reqData *Rd) { - char *file = xmprintf("%s/users/%s.lua", scData, Rd->shs.UUID); + char *uuid = getStrH(Rd->database, "UserAccounts.PrincipalID"); + char *file = xmprintf("%s/users/%s.lua", scData, uuid); + char *level = getStrH(Rd->database, "UserAccounts.UserLevel"); char *link = (NULL == Rd->lnk) ? "" : Rd->lnk->hashish; char *about = encodeSlash(getStrH(Rd->stuff, "aboutMe")); char *voucher = encodeSlash(getStrH(Rd->stuff, "voucher")); @@ -3337,7 +3341,7 @@ static void accountWrite(reqData *Rd) " ['created']='%ld',\n" " ['email']='%s',\n" " ['title']='%s',\n" - " ['level']='%d',\n" + " ['level']='%s',\n" " ['flags']='%d',\n" " ['active']='%d',\n" " ['passwordHash']='%s',\n" @@ -3355,13 +3359,13 @@ static void accountWrite(reqData *Rd) getStrH(Rd->stuff, "name"), (strcmp("", getStrH(Rd->stuff, "created")) != 0) ? atol(getStrH(Rd->stuff, "created")) : (long) Rd->shs.timeStamp[1].tv_sec, getStrH(Rd->stuff, "email"), - getLevel(Rd), - Rd->shs.level, + getLevel(atoi(level)), + level, 64, 0, getStrH(Rd->stuff, "passwordHash"), getStrH(Rd->stuff, "passwordSalt"), - Rd->shs.UUID, + uuid, getStrH(Rd->stuff, "DoB"), getStrH(Rd->stuff, "agree"), getStrH(Rd->stuff, "adult"), @@ -3714,6 +3718,10 @@ W("Validated session linky."); } else { + char *level = tnm->getstr(tnm, "level", false); + + if (NULL == level) + level = "-256"; qstrcpy(shs->sesh, sizeof(shs->sesh), seshion); qstrcpy(shs->toke_n_munchie, sizeof(shs->toke_n_munchie), toke_n_munchie); qstrcpy(shs->hashish, sizeof(shs->hashish), hashish); @@ -3723,6 +3731,8 @@ W("Validated session linky."); // TODO - free this somewhere. // shs->name = tnm->getstr(tnm, "name", true); // shs->UUID = tnm->getstr(tnm, "UUID", true); + shs->level = atoi(level); +// TODO - get level from somewhere and stuff it in shs. shs->timeStamp[0].tv_nsec = UTIME_OMIT; shs->timeStamp[0].tv_sec = UTIME_OMIT; memcpy(&shs->timeStamp[1], &st.st_mtim, sizeof(struct timespec)); @@ -3747,8 +3757,9 @@ t("SessionValidate() Lua read %s = %s", n, (char *) obj.data); } } tnm->unlock(tnm); + // TODO - check this. - Rd->database->putstr(Rd->database, "UserAccounts.PrincipalID", tnm->getstr(tnm, "UUID", false)); +// Rd->database->putstr(Rd->database, "UserAccounts.PrincipalID", tnm->getstr(tnm, "UUID", false)); } } free(munchie); @@ -3877,10 +3888,12 @@ static int nameValidate(reqData *Rd, inputForm *iF, inputValue *iV) if (0 == ret) { - Rd->stuff->putstr(Rd->stuff, "firstName", name); - Rd->stuff->putstr(Rd->stuff, "lastName", s); - Rd->stuff->putstrf(Rd->stuff, "name", "%s %s", name, s); - Rd->shs.name = Rd->stuff->getstr(Rd->stuff, "name", true); + Rd->stuff->putstr(Rd->stuff, "firstName", name); + Rd->stuff->putstr(Rd->stuff, "lastName", s); + Rd->stuff->putstrf(Rd->stuff, "name", "%s %s", name, s); +// TODO - fix this, so we don't show "You are user" when we are not, but everything else still works. +// if ('\0' != getStrH(Rd->queries, "user")[0]) + Rd->shs.name = Rd->stuff->getstr(Rd->stuff, "name", true); } } } @@ -4223,18 +4236,23 @@ static void aboutMeWeb(reqData *Rd, inputForm *oF, inputValue *oV) HTMLtextArea(Rd->reply, oV->field->name, oV->field->title, 7, oV->field->viewLength, 4, oV->field->maxLength, "Describe yourself here.", "off", "true", "soft", oV->value, FALSE, FALSE); } -static void accountWebHeaders(reqData *Rd, inputForm *oF, char *name) +static void accountWebHeaders(reqData *Rd, inputForm *oF) //, char *name) { char *linky = checkLinky(Rd); HTMLheader(Rd->reply, " account manager"); Rd->reply->addstrf(Rd->reply, "

account manager

\n"); - if (NULL != name) + if (NULL != Rd->shs.name) { - Rd->reply->addstrf(Rd->reply, "

account for %s

\n", name); + char *nm = qstrreplace("tr", xstrdup(Rd->shs.name), " ", "+"); + + Rd->reply->addstrf(Rd->reply, "

You are %s

\n", Rd->Host, Rd->RUri, nm, Rd->shs.name); Rd->reply->addstr(Rd->reply, linky); + free(nm); } free(linky); +// if (NULL != name) +// Rd->reply->addstrf(Rd->reply, "

account for %s

\n", name); if (0 != Rd->errors->size(Rd->messages)) HTMLlist(Rd->reply, "messages -", Rd->messages); if (NULL != oF->help) @@ -4284,9 +4302,9 @@ static void accountWebFooter(reqData *Rd, inputForm *oF) static void accountAddWeb(reqData *Rd, inputForm *oF, inputValue *oV) { - char *name = getStrH(Rd->stuff, "name"); +// char *name = getStrH(Rd->database, "Lua.name"); - accountWebHeaders(Rd, oF, name); + accountWebHeaders(Rd, oF); accountWebFields(Rd, oF, oV); accountWebSubs(Rd, oF); accountWebFooter(Rd, oF); @@ -4294,10 +4312,9 @@ static void accountAddWeb(reqData *Rd, inputForm *oF, inputValue *oV) static void accountLoginWeb(reqData *Rd, inputForm *oF, inputValue *oV) { - char *name = getStrH(Rd->stuff, "name"); - + Rd->shs.name = NULL; Rd->shs.UUID = NULL; - accountWebHeaders(Rd, oF, NULL); + accountWebHeaders(Rd, oF); accountWebFields(Rd, oF, oV); accountWebSubs(Rd, oF); accountWebFooter(Rd, oF); @@ -4305,21 +4322,23 @@ static void accountLoginWeb(reqData *Rd, inputForm *oF, inputValue *oV) static void accountViewWeb(reqData *Rd, inputForm *oF, inputValue *oV) { - char *name = getStrH(Rd->stuff, "name"), - *email = displayPrep(getStrH(Rd->stuff, "email")), + char *name = getStrH(Rd->database, "Lua.name"), + *level = getStrH(Rd->database, "UserAccounts.UserLevel"), + *email = displayPrep(getStrH(Rd->database, "UserAccounts.Email")), *voucher = displayPrep(getStrH(Rd->database, "Lua.voucher")), *about = displayPrep(getStrH(Rd->database, "Lua.aboutMe")); time_t crtd = atol(getStrH(Rd->database, "UserAccounts.Created")); - accountWebHeaders(Rd, oF, name); + accountWebHeaders(Rd, oF); accountWebFields(Rd, oF, oV); // TODO - still need to encode < > as < u> for email, voucher, and about. // TODO - dammit, qurl_decode returns the string length, and decodes the string in place. - Rd->reply->addstrf(Rd->reply, "

Title / level : %s / %d

", getLevel(Rd), Rd->shs.level); + Rd->reply->addstrf(Rd->reply, "

Name : %s

", name); + Rd->reply->addstrf(Rd->reply, "

Title / level : %s / %s

", getLevel(atoi(level)), level); Rd->reply->addstrf(Rd->reply, "

Date of birth : %s

", getStrH(Rd->database, "Lua.DoB")); Rd->reply->addstrf(Rd->reply, "

Created : %s

", ctime(&crtd)); Rd->reply->addstrf(Rd->reply, "

Email : %s

", email); - Rd->reply->addstrf(Rd->reply, "

UUID : %s

", Rd->shs.UUID); + Rd->reply->addstrf(Rd->reply, "

UUID : %s

", getStrH(Rd->database, "UserAccounts.PrincipalID")); Rd->reply->addstrf(Rd->reply, "

Voucher : %s

", voucher); // Rd->reply->addstrf(Rd->reply, "

About :

" // "", qurl_decode(getStrH(Rd->database, "Lua.aboutMe"))); @@ -4332,43 +4351,65 @@ static void accountViewWeb(reqData *Rd, inputForm *oF, inputValue *oV) static void accountEditWeb(reqData *Rd, inputForm *oF, inputValue *oV) { - char *name = getStrH(Rd->stuff, "name"); + char *name = getStrH(Rd->database, "Lua.name"), + *level = getStrH(Rd->database, "UserAccounts.UserLevel"), + *email = displayPrep(getStrH(Rd->database, "UserAccounts.Email")), + *voucher = displayPrep(getStrH(Rd->database, "Lua.voucher")), + *about = displayPrep(getStrH(Rd->database, "Lua.aboutMe")), + *lvl = getLevel(atoi(level)); - accountWebHeaders(Rd, oF, name); + accountWebHeaders(Rd, oF); accountWebFields(Rd, oF, oV); - HTMLtext(Rd->reply, "password", "Old password", "password", "", 16, 0, FALSE); - Rd->reply->addstr(Rd->reply, "

Warning, the limit on password length is set by your viewer, some can't handle longer than 16 characters.

\n"); +// HTMLtext(Rd->reply, "password", "Old password", "password", "", 16, 0, FALSE); +// Rd->reply->addstr(Rd->reply, "

Warning, the limit on password length is set by your viewer, some can't handle longer than 16 characters.

\n"); //// HTMLtext(Rd->reply, "title", "text", "title", getStrH(Rh->stuff, "title"), 16, 64, TRUE); - qlisttbl_obj_t obj; - char *lvl = getLevel(Rd); + HTMLhidden(Rd->reply, "user", name); + Rd->reply->addstrf(Rd->reply, "

Name : %s

", name); + Rd->reply->addstrf(Rd->reply, "

Email : %s

", email); + Rd->reply->addstrf(Rd->reply, "

Voucher : %s

", voucher); - HTMLselect(Rd->reply, "level", "level"); - memset((void*)&obj, 0, sizeof(obj)); // must be cleared before call - accountLevels->lock(accountLevels); - while(accountLevels->getnext(accountLevels, &obj, NULL, false) == true) + if (200 <= Rd->shs.level) { - boolean is = false; + qlisttbl_obj_t obj; - if (strcmp(lvl, (char *) obj.data) == 0) - is = true; - HTMLoption(Rd->reply, (char *) obj.data, is); + HTMLselect(Rd->reply, "level", "level"); + memset((void*)&obj, 0, sizeof(obj)); // must be cleared before call + accountLevels->lock(accountLevels); + while(accountLevels->getnext(accountLevels, &obj, NULL, false) == true) + { + boolean is = false; + + if (strcmp(lvl, (char *) obj.data) == 0) + is = true; + HTMLoption(Rd->reply, (char *) obj.data, is); + } + accountLevels->unlock(accountLevels); + HTMLselectEnd(Rd->reply); + + Rd->reply->addstrf(Rd->reply, "

"); + Rd->reply->addstrf(Rd->reply, "
disabled
Account cannot log in anywhere.
"); + Rd->reply->addstrf(Rd->reply, "
newbie
Newly created account, not yet validated.
"); + Rd->reply->addstrf(Rd->reply, "
validated
Newly created account, they have clicked on the validation link in their validation email.
"); + Rd->reply->addstrf(Rd->reply, "
vouched for
Someone has vouched for this person.
"); + Rd->reply->addstrf(Rd->reply, "
approved
This person is approved, and can log into the world.
"); + Rd->reply->addstrf(Rd->reply, "
god
This is a god admin person.
"); + Rd->reply->addstrf(Rd->reply, "

"); } - accountLevels->unlock(accountLevels); - HTMLselectEnd(Rd->reply); + else + Rd->reply->addstrf(Rd->reply, "

Title / level : %s / %s

", lvl, level); accountWebSubs(Rd, oF); accountWebFooter(Rd, oF); } -static int accountRead(reqData *Rd, inputForm *iF, inputValue *iV) +static int accountRead(reqData *Rd, char *uuid, char *firstName, char *lastName) { int ret = 0, rt = -1; struct stat st; struct timespec now; qhashtbl_t *tnm = qhashtbl(0, 0); - char *uuid, *first, *last; uuid_t binuuid; rowData *rows = NULL; @@ -4413,7 +4454,33 @@ static int accountRead(reqData *Rd, inputForm *iF, inputValue *iV) dbRequests->addfirst(dbRequests, auth, sizeof(*auth)); } - uuid = Rd->shs.UUID; first = getStrH(Rd->stuff, "firstName"); last = getStrH(Rd->stuff, "lastName"); +// uuid = Rd->shs.UUID; first = getStrH(Rd->stuff, "firstName"); last = getStrH(Rd->stuff, "lastName"); + + // Special for showing another users details. + if ('\0' != getStrH(Rd->queries, "user")[0]) + uuid = ""; + + char *first = xstrdup(""), *last = xstrdup(""); + + if (NULL != firstName) + { + first = xstrdup(firstName); + if (NULL == lastName) + { + char *t = strchr(first, ' '); + +d("accountRead() single name |%s| |%s|", first, last); + if (NULL == t) + t = strchr(first, '+'); + if (NULL != t) + { + *t++ = '\0'; + last = xstrdup(t); + } + } + else + last = xstrdup(lastName); + } d("accountRead() UUID %s, name %s %s", uuid, first, last); uuid_clear(binuuid); if ((NULL != uuid) && ('\0' != uuid[0])) @@ -4471,10 +4538,16 @@ d("accountRead() UUID %s, name %s %s", uuid, first, last); } else if (rows) { + ret += rows->rows->size(rows->rows); if (1 == ret) { dbPull(Rd, "UserAccounts", rows); + + char *name = xmprintf("%s %s", getStrH(Rd->database, "UserAccounts.FirstName"), getStrH(Rd->database, "UserAccounts.LastName")); + + Rd->database->putstr(Rd->database, "Lua.name", name); + free(name); dbDoSomething(auth, FALSE, getStrH(Rd->database, "UserAccounts.PrincipalID")); rows = auth->rows; if (rows) @@ -4492,19 +4565,28 @@ d("accountRead() UUID %s, name %s %s", uuid, first, last); if (1 == ret) { // TODO - this has to change when we are editing other peoples accounts. - Rd->shs.UUID = Rd->database->getstr(Rd->database, "UserAccounts.PrincipalID", true); - Rd->stuff->putstr(Rd->stuff, "email", getStrH(Rd->database, "UserAccounts.Email")); - Rd->shs.level = atoi(getStrH(Rd->database, "UserAccounts.UserLevel")); + if ('\0' == getStrH(Rd->queries, "user")[0]) + { +// Rd->shs.level = atoi(getStrH(Rd->database, "UserAccounts.UserLevel")); +// TODO - might have to combine first and last here. +// Rd->shs.name = Rd->database->getstr(Rd->database, "Lua.name", true); +// Rd->shs.UUID = Rd->database->getstr(Rd->database, "UserAccounts.PrincipalID", true); +//d("accountRead() setting session uuid %s level %d name %s ", Rd->shs.UUID, (int) Rd->shs.level, Rd->shs.name); + } +// Rd->stuff->putstr(Rd->stuff, "email", getStrH(Rd->database, "UserAccounts.Email")); } + free(last); + free(first); tnm->free(tnm); return ret; } -static int accountDel(reqData *Rd, inputForm *iF, inputValue *iV) +static int accountDelSub(reqData *Rd, inputForm *iF, inputValue *iV) { int ret = 0; - int c = accountRead(Rd, iF, iV); + char *uuid = Rd->shs.UUID, *first = getStrH(Rd->stuff, "firstName"), *last = getStrH(Rd->stuff, "lastName"); + int c = accountRead(Rd, uuid, first, last); if (1 != c) { @@ -4519,10 +4601,12 @@ static int accountDel(reqData *Rd, inputForm *iF, inputValue *iV) } return ret; } -static int accountCreate(reqData *Rd, inputForm *iF, inputValue *iV) + +static int accountCreateSub(reqData *Rd, inputForm *iF, inputValue *iV) { int ret = 0; - int c = accountRead(Rd, iF, iV); + char *uuid = Rd->shs.UUID, *first = getStrH(Rd->stuff, "firstName"), *last = getStrH(Rd->stuff, "lastName"); + int c = accountRead(Rd, uuid, first, last); boolean wipe = FALSE; if (strcmp("POST", Rd->Method) == 0) @@ -4558,10 +4642,12 @@ static int accountCreate(reqData *Rd, inputForm *iF, inputValue *iV) newSesh(Rd, FALSE); return ret; } -static int accountAdd(reqData *Rd, inputForm *iF, inputValue *iV) + +static int accountAddSub(reqData *Rd, inputForm *iF, inputValue *iV) { int ret = 0; - int c = accountRead(Rd, iF, iV); + char *uuid = Rd->shs.UUID, *first = getStrH(Rd->stuff, "firstName"), *last = getStrH(Rd->stuff, "lastName"); + int c = accountRead(Rd, uuid, first, last); boolean wipe = FALSE; if (0 != c) @@ -4587,11 +4673,12 @@ static int accountAdd(reqData *Rd, inputForm *iF, inputValue *iV) Rd->stuff->putstr(Rd->stuff, "passwordHash", getStrH(Rd->stuff, "passHash")); Rd->stuff->putstr(Rd->stuff, "passwordSalt", getStrH(Rd->stuff, "passSalt")); Rd->shs.level = -200; + Rd->database->putstr(Rd->database, "UserAccounts.UserLevel", "-200"); freeSesh(Rd, FALSE, wipe); newSesh(Rd, TRUE); accountWrite(Rd); // log them in - I("Logged on %s %s Level %d %s", Rd->shs.UUID, getStrH(Rd->stuff, "name"), Rd->shs.level, getLevel(Rd)); + I("Logged on %s %s Level %d %s", Rd->shs.UUID, getStrH(Rd->stuff, "name"), Rd->shs.level, getLevel(Rd->shs.level)); Rd->output = "accountView"; Rd->form = "accountView"; Rd->doit = "login"; @@ -4603,10 +4690,11 @@ static int accountAdd(reqData *Rd, inputForm *iF, inputValue *iV) return ret; } -static int accountSave(reqData *Rd, inputForm *iF, inputValue *iV) +static int accountSaveSub(reqData *Rd, inputForm *iF, inputValue *iV) { int ret = 0; - int c = accountRead(Rd, iF, iV); + char *uuid = Rd->shs.UUID, *first = getStrH(Rd->body, "user"), *last = NULL; + int c = accountRead(Rd, NULL, first, last); boolean wipe = FALSE; if (1 != c) @@ -4616,31 +4704,45 @@ static int accountSave(reqData *Rd, inputForm *iF, inputValue *iV) } else if ((0 == ret) && (strcmp("POST", Rd->Method) == 0)) { - char *h = checkSLOSpassword(Rd, getStrH(Rd->stuff, "passSalt"), getStrH(Rd->body, "password"), getStrH(Rd->stuff, "passHash"), "Passwords are not the same."); - if (NULL == h) - { - ret++; - wipe = TRUE; - Rd->shs.UUID = NULL; - Rd->output = "accountLogin"; - } - else + Rd->stuff->putstr(Rd->stuff, "email", getStrH(Rd->database, "UserAccounts.Email")); + Rd->stuff->putstr(Rd->stuff, "created", getStrH(Rd->database, "UserAccounts.Created")); + Rd->stuff->putstr(Rd->stuff, "flags", getStrH(Rd->database, "UserAccounts.UserFlags")); + Rd->stuff->putstr(Rd->stuff, "active", getStrH(Rd->database, "UserAccounts.active")); + Rd->stuff->putstr(Rd->stuff, "passwordSalt", getStrH(Rd->database, "auth.passwordSalt")); + Rd->stuff->putstr(Rd->stuff, "passwordHash", getStrH(Rd->database, "auth.passwordHash")); + Rd->stuff->putstr(Rd->stuff, "name", getStrH(Rd->database, "Lua.name")); + Rd->stuff->putstr(Rd->stuff, "DoB", getStrH(Rd->database, "Lua.DoB")); + Rd->stuff->putstr(Rd->stuff, "agree", getStrH(Rd->database, "Lua.agree")); + Rd->stuff->putstr(Rd->stuff, "adult", getStrH(Rd->database, "Lua.adult")); + Rd->stuff->putstr(Rd->stuff, "aboutMe", getStrH(Rd->database, "Lua.aboutMe")); + Rd->stuff->putstr(Rd->stuff, "vouched", getStrH(Rd->database, "Lua.vouched")); + Rd->stuff->putstr(Rd->stuff, "voucher", getStrH(Rd->database, "Lua.voucher")); + + char *lvl = getStrH(Rd->body, "level"); + qlisttbl_obj_t obj; + + memset((void*)&obj, 0, sizeof(obj)); // must be cleared before call + accountLevels->lock(accountLevels); + while(accountLevels->getnext(accountLevels, &obj, NULL, false) == true) { - free(h); - Rd->stuff->putstr(Rd->stuff, "passwordHash", getStrH(Rd->stuff, "passHash")); - Rd->stuff->putstr(Rd->stuff, "passwordSalt", getStrH(Rd->stuff, "passSalt")); - accountWrite(Rd); + if (strcmp(lvl, (char *) obj.data) == 0) + Rd->database->putstr(Rd->database, "UserAccounts.UserLevel", obj.name); } + accountLevels->unlock(accountLevels); + accountWrite(Rd); + free(Rd->outQuery); + Rd->outQuery = xmprintf("?user=%s+%s", getStrH(Rd->database, "UserAccounts.FirstName"), getStrH(Rd->database, "UserAccounts.LastName")); } - freeSesh(Rd, FALSE, wipe); - newSesh(Rd, FALSE); +// freeSesh(Rd, FALSE, wipe); +// newSesh(Rd, FALSE); return ret; } -static int accountValidate(reqData *Rd, inputForm *iF, inputValue *iV) +static int accountValidateSub(reqData *Rd, inputForm *iF, inputValue *iV) { int ret = 0; - int c = accountRead(Rd, iF, iV); + char *uuid = Rd->shs.UUID, *first = getStrH(Rd->stuff, "firstName"), *last = getStrH(Rd->stuff, "lastName"); + int c = accountRead(Rd, uuid, first, last); boolean wipe = FALSE; if (1 != c) @@ -4664,6 +4766,7 @@ static int accountValidate(reqData *Rd, inputForm *iF, inputValue *iV) Rd->stuff->putstr(Rd->stuff, "vouched", getStrH(Rd->database, "Lua.vouched")); Rd->stuff->putstr(Rd->stuff, "voucher", getStrH(Rd->database, "Lua.voucher")); Rd->shs.level = -100; + Rd->database->putstr(Rd->database, "UserAccounts.UserLevel", "-100"); accountWrite(Rd); wipe = TRUE; } @@ -4672,15 +4775,15 @@ static int accountValidate(reqData *Rd, inputForm *iF, inputValue *iV) return ret; } - -static int accountView(reqData *Rd, inputForm *iF, inputValue *iV) +static int accountViewSub(reqData *Rd, inputForm *iF, inputValue *iV) { // TODO - this has to change when we are editing other peoples accounts. int ret = 0; - int c = accountRead(Rd, iF, iV); + char *uuid = Rd->shs.UUID, *first = getStrH(Rd->stuff, "firstName"), *last = getStrH(Rd->stuff, "lastName"); + int c = accountRead(Rd, uuid, first, last); boolean wipe = FALSE; -d("Sub accountView %s %s %s", getStrH(Rd->database, "UserAccounts.PrincipalID"), getStrH(Rd->database, "UserAccounts.FirstName"), getStrH(Rd->database, "UserAccounts.LastName")); +d("Sub accountViewSub() %s %s %s", uuid, first, last); if (1 != c) { bitch(Rd, "Cannot view account.", "Account doesn't exist."); @@ -4693,7 +4796,7 @@ d("Sub accountView %s %s %s", getStrH(Rd->database, "UserAccounts.PrincipalID") { // Check password on POST if the session user is the same as the shown user, coz this is the page shown on login. // Also only check on login. - if ((strcmp("POST", Rd->Method) == 0) && (strcmp(Rd->shs.UUID, getStrH(Rd->database, "UserAccounts.PrincipalID")) == 0) + if ((strcmp("POST", Rd->Method) == 0) //&& (strcmp(Rd->shs.UUID, getStrH(Rd->database, "UserAccounts.PrincipalID")) == 0) && (strcmp("login", Rd->doit) == 0) && (strcmp("accountLogin", Rd->form) == 0)) { char *h = checkSLOSpassword(Rd, getStrH(Rd->database, "auth.passwordSalt"), getStrH(Rd->body, "password"), getStrH(Rd->database, "auth.passwordHash"), "Login failed."); @@ -4706,8 +4809,11 @@ d("Sub accountView %s %s %s", getStrH(Rd->database, "UserAccounts.PrincipalID") } else { + Rd->shs.level = atoi(getStrH(Rd->database, "UserAccounts.UserLevel")); + Rd->shs.name = getStrH(Rd->database, "Lua.name"); + Rd->shs.UUID = getStrH(Rd->database, "UserAccounts.PrincipalID"); free(h); - I("Logged on %s %s Level %d %s", Rd->shs.UUID, getStrH(Rd->stuff, "name"), Rd->shs.level, getLevel(Rd)); + I("Logged on %s %s Level %d %s", Rd->shs.UUID, Rd->shs.name, Rd->shs.level, getLevel(Rd->shs.level)); } } } @@ -4716,12 +4822,13 @@ d("Sub accountView %s %s %s", getStrH(Rd->database, "UserAccounts.PrincipalID") return ret; } -static int accountEdit(reqData *Rd, inputForm *iF, inputValue *iV) +static int accountEditSub(reqData *Rd, inputForm *iF, inputValue *iV) { int ret = 0; - int c = accountRead(Rd, iF, iV); + char *uuid = Rd->shs.UUID, *first = getStrH(Rd->stuff, "firstName"), *last = getStrH(Rd->stuff, "lastName"); + int c = accountRead(Rd, uuid, first, last); -d("Sub accountView %s %s %s", getStrH(Rd->database, "UserAccounts.PrincipalID"), getStrH(Rd->database, "UserAccounts.FirstName"), getStrH(Rd->database, "UserAccounts.LastName")); +d("Sub accountEditSub %s %s %s", uuid, first, last); if (1 != c) { bitch(Rd, "Cannot edit account.", "Account doesn't exist."); @@ -4734,16 +4841,19 @@ d("Sub accountView %s %s %s", getStrH(Rd->database, "UserAccounts.PrincipalID") } return ret; } -static int accountExplore(reqData *Rd, inputForm *iF, inputValue *iV) + +static int accountExploreSub(reqData *Rd, inputForm *iF, inputValue *iV) { int ret = 0; // get a list of user records return ret; } -static int accountOut(reqData *Rd, inputForm *iF, inputValue *iV) + +static int accountOutSub(reqData *Rd, inputForm *iF, inputValue *iV) { int ret = 0; - int c = accountRead(Rd, iF, iV); + char *uuid = Rd->shs.UUID, *first = getStrH(Rd->stuff, "firstName"), *last = getStrH(Rd->stuff, "lastName"); + int c = accountRead(Rd, uuid, first, last); if (1 != c) { @@ -4782,7 +4892,7 @@ static int accountFilterValidated(struct dirtree *node) char *where = xmprintf("%s/users/%s", scData, node->name); int rt = LuaToHash(rdl->Rd, where, "user", tnm, 0, &st, &now, "user"); -//t("accountFilterValidatedVoucher %s (%s) -> %s -> %s", name, getStrH(tnm, "level"), getStrH(tnm, "name"), getStrH(tnm, "voucher")); +t("accountFilterValidatedVoucher %s (%s) -> %s -> %s", name, getStrH(tnm, "level"), getStrH(tnm, "name"), getStrH(tnm, "voucher")); if ((0 == rt) && (strcmp("-100", getStrH(tnm, "level")) == 0)) rdl->list->put(rdl->list, getStrH(tnm, "name"), tnm, sizeof(*tnm)); else @@ -4808,10 +4918,10 @@ qlisttbl_t *getAccounts(reqData *Rd) static void accountExploreValidatedVouchersWeb(reqData *Rd, inputForm *oF, inputValue *oV) { qlisttbl_t *list =getAccounts(Rd); - char *name = getStrH(Rd->stuff, "name"); +// char *name = getStrH(Rd->stuff, "name"); Rd->shs.UUID = NULL; - accountWebHeaders(Rd, oF, name); + accountWebHeaders(Rd, oF); accountWebFields(Rd, oF, oV); count = list->size(list); @@ -4829,9 +4939,9 @@ static void accountExploreValidatedVouchersWeb(reqData *Rd, inputForm *oF, input while(list->getnext(list, &obj, NULL, false) == true) { qhashtbl_t *tnm = (qhashtbl_t *) obj.data; - char *nm = qstrreplace("tr", xstrdup(obj.name), " ", "_"); + char *nm = qstrreplace("tr", xstrdup(obj.name), " ", "+"); - Rd->reply->addstrf(Rd->reply, "%s", Rd->Host, Rd->RUri, nm, obj.name); + Rd->reply->addstrf(Rd->reply, "%s", Rd->Host, Rd->RUri, nm, obj.name); Rd->reply->addstrf(Rd->reply, "%s%s%s", getStrH(tnm, "voucher"), getStrH(tnm, "level"), getStrH(tnm, "title")); free(nm); tnm->clear(tnm); @@ -4846,7 +4956,7 @@ static void accountExploreValidatedVouchersWeb(reqData *Rd, inputForm *oF, input accountWebSubs(Rd, oF); accountWebFooter(Rd, oF); } -static int accountExploreValidatedVoucher(reqData *Rd, inputForm *iF, inputValue *iV) +static int accountExploreValidatedVoucherSub(reqData *Rd, inputForm *iF, inputValue *iV) { int ret = 0; return ret; @@ -5180,8 +5290,8 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile) inputFieldExtra(fld, FLD_EDITABLE, 42, 63); fld = addInputField(iF, LUA_TSTRING, "aboutMe", "About me", NULL, aboutMeValidate, aboutMeWeb); inputFieldExtra(fld, FLD_EDITABLE, 50, 16384); - addSubmit(iF, "confirm", "confirm", NULL, accountAdd, "accountView"); - addSubmit(iF, "cancel", "cancel", NULL, accountOut, "accountLogin"); + addSubmit(iF, "confirm", "confirm", NULL, accountAddSub, "accountView"); + addSubmit(iF, "cancel", "cancel", NULL, accountOutSub, "accountLogin"); iF = newInputForm("accountView", "account view", NULL, accountViewWeb, accountLoginWeb); @@ -5190,35 +5300,39 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile) // inputFieldExtra(fld, FLD_HIDDEN, 0, 0); fld = addInputField(iF, LUA_TSTRING, "name", "name", NULL, nameValidate, nameWeb); inputFieldExtra(fld, FLD_HIDDEN, 42, 63); - addSubmit(iF, "login", "", NULL, accountView, "accountView"); // Coz we sometimes want to trigger this from code. - addSubmit(iF, "validate", "", NULL, accountValidate, "accountLogin"); // Coz we sometimes want to trigger this from code. -// addSubmit(iF, "edit", "edit", NULL, accountEdit, "accountEdit"); - addSubmit(iF, "validated_members", "validated members", NULL, accountExploreValidatedVoucher, "accountValidated"); - addSubmit(iF, "logout", "logout", NULL, accountOut, "accountLogin"); + fld = addInputField(iF, LUA_TSTRING, "user", "user", NULL, nameValidate, nameWeb); + inputFieldExtra(fld, FLD_HIDDEN, 42, 63); + addSubmit(iF, "login", "", NULL, accountViewSub, "accountView"); // Coz we sometimes want to trigger this from code. + addSubmit(iF, "validate", "", NULL, accountValidateSub, "accountLogin"); // Coz we sometimes want to trigger this from code. + addSubmit(iF, "edit", "", NULL, accountEditSub, "accountEdit"); // Coz we sometimes want to trigger this from code. + addSubmit(iF, "validated_members", "validated members", NULL, accountExploreValidatedVoucherSub, "accountValidated"); + addSubmit(iF, "logout", "logout", NULL, accountOutSub, "accountLogin"); iF = newInputForm("accountValidated", "account validated list", NULL, accountExploreValidatedVouchersWeb, accountLoginWeb); addSession(iF); fld = addInputField(iF, LUA_TSTRING, "name", "name", NULL, nameValidate, nameWeb); inputFieldExtra(fld, FLD_HIDDEN, 42, 63); - addSubmit(iF, "login", "", NULL, accountView, "accountView"); // Coz we sometimes want to trigger this from code. - addSubmit(iF, "back", "back", NULL, accountView, "accountView"); + addSubmit(iF, "login", "", NULL, accountViewSub, "accountView"); // Coz we sometimes want to trigger this from code. + addSubmit(iF, "back", "back", NULL, accountViewSub, "accountView"); iF = newInputForm("accountEdit", "account edit", NULL, accountEditWeb, accountLoginWeb); addSession(iF); // fld = addInputField(iF, LUA_TSTRING, "UUID", "UUID", NULL, UUIDValidate, UUIDWeb); // inputFieldExtra(fld, FLD_HIDDEN, 0, 0); - fld = addInputField(iF, LUA_TSTRING, "name", "name", NULL, nameValidate, nameWeb); - inputFieldExtra(fld, FLD_HIDDEN, 42, 63); - fld = addInputField(iF, LUA_TEMAIL, "email", "email", "", emailValidate, emailWeb); - inputFieldExtra(fld, FLD_NONE, 42, 254); - addSubmit(iF, "login", "", NULL, accountView, "accountView"); // Coz we sometimes want to trigger this from code. - addSubmit(iF, "save", "save", NULL, accountSave, "accountSave"); - addSubmit(iF, "cancel", "cancel", NULL, accountOut, "accountView"); -// addSubmit(iF, "members", "members", NULL, accountExplore, "accountExplore"); - addSubmit(iF, "logout", "logout", NULL, accountOut, "accountLogin"); -// addSubmit(iF, "delete", "delete", NULL, accountDel, "accountDel"); +// fld = addInputField(iF, LUA_TSTRING, "name", "name", NULL, nameValidate, nameWeb); +// inputFieldExtra(fld, FLD_HIDDEN, 42, 63); +// fld = addInputField(iF, LUA_TSTRING, "user", "user", NULL, nameValidate, nameWeb); +// inputFieldExtra(fld, FLD_HIDDEN, 42, 63); +// fld = addInputField(iF, LUA_TEMAIL, "email", "email", "", emailValidate, emailWeb); +// inputFieldExtra(fld, FLD_NONE, 42, 254); + addSubmit(iF, "login", "", NULL, accountViewSub, "accountView"); // Coz we sometimes want to trigger this from code. + addSubmit(iF, "save", "save", NULL, accountSaveSub, "accountView"); + addSubmit(iF, "back", "back", NULL, accountViewSub, "accountView"); +// addSubmit(iF, "members", "members", NULL, accountExploreSub, "accountExplore"); + addSubmit(iF, "logout", "logout", NULL, accountOutSub, "accountLogin"); +// addSubmit(iF, "delete", "delete", NULL, accountDelSub, "accountDel"); iF = newInputForm("accountLogin", "account login", "Please login, or create your new account.", accountLoginWeb, accountLoginWeb); @@ -5228,10 +5342,10 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile) fld = addInputField(iF, LUA_TPASSWORD, "password", "password", "Warning, the limit on password length is set by your viewer, some can't handle longer than 16 characters.", passwordValidate, passwordWeb); inputFieldExtra(fld, FLD_EDITABLE | FLD_REQUIRED, 16, 0); - addSubmit(iF, "logout", "", NULL, accountOut, "accountLogin"); // Coz we sometimes want to trigger this from code. - addSubmit(iF, "validate", "", NULL, accountValidate, "accountLogin"); // Coz we sometimes want to trigger this from code. - addSubmit(iF, "login", "login", NULL, accountView, "accountView"); - addSubmit(iF, "create", "create account", NULL, accountCreate, "accountAdd"); + addSubmit(iF, "logout", "", NULL, accountOutSub, "accountLogin"); // Coz we sometimes want to trigger this from code. + addSubmit(iF, "validate", "", NULL, accountValidateSub, "accountLogin"); // Coz we sometimes want to trigger this from code. + addSubmit(iF, "login", "login", NULL, accountViewSub, "accountView"); + addSubmit(iF, "create", "create account", NULL, accountCreateSub, "accountAdd"); } // Figure out what we are doing. @@ -5267,6 +5381,15 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile) sub = iF->subs->get(iF->subs, doit, NULL, false); } + // Special for showing another users details. + if ('\0' != getStrH(Rd->queries, "user")[0]) + { + doit = "edit"; + form = "accountView"; + iF = accountPages->get(accountPages, form, NULL, false); + sub = iF->subs->get(iF->subs, doit, NULL, false); + } + Rd->doit = doit; Rd->form = form; Rd->output = sub->outputForm; @@ -5378,13 +5501,13 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile) if ('\0' != Rd->doit[0]) setCookie(Rd, "doit", Rd->doit); Rd->Rheaders->putstr (Rd->Rheaders, "Status", "303 See Other"); - Rd->Rheaders->putstrf(Rd->Rheaders, "Location", "https://%s%s", Rd->Host, Rd->RUri); + Rd->Rheaders->putstrf(Rd->Rheaders, "Location", "https://%s%s%s", Rd->Host, Rd->RUri, Rd->outQuery); Rd->reply->addstrf(Rd->reply, "Post POST redirect" - "" - "You should get redirected to https://%s%s", - Rd->Host, Rd->RUri, Rd->Host, Rd->RUri, Rd->Host, Rd->RUri + "" + "You should get redirected to https://%s%s%s", + Rd->Host, Rd->RUri, Rd->outQuery, Rd->Host, Rd->RUri, Rd->outQuery, Rd->Host, Rd->RUri, Rd->outQuery ); - I("Redirecting dynamic page %s -> https://%s%s (%s)", file, Rd->Host, Rd->RUri, Rd->form); + I("Redirecting dynamic page %s -> https://%s%s%s (%s)", file, Rd->Host, Rd->RUri, Rd->outQuery, Rd->form); } } } @@ -5403,6 +5526,8 @@ void account_html(char *file, reqData *Rd, HTMLfile *thisFile) free(iV); } + free(Rd->outQuery); + C("Ending dynamic page %s %s", Rd->RUri, form); } @@ -5878,6 +6003,7 @@ jit library is loaded or the JIT compiler will not be activated. Rd->errors = qlist(0); Rd->messages = qlist(0); Rd->reply = qgrow(QGROW_THREADSAFE); + Rd->outQuery = xstrdup(""); qhashtbl_obj_t hobj; qlist_obj_t lobj; -- cgit v1.1