[disorder] / server / dcgi.c


#include <stdio.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <stddef.h>
#include <stdlib.h>
#include <time.h>
#include <unistd.h>
#include <string.h>
#include <sys/wait.h>
#include <pcre.h>
#include <assert.h>

#include "client.h"
#include "mem.h"
#include "vector.h"
#include "sink.h"
#include "server-cgi.h"
#include "log.h"
#include "configuration.h"
#include "table.h"
#include "queue.h"
#include "plugin.h"
#include "split.h"
#include "wstat.h"
#include "kvp.h"
#include "syscalls.h"
#include "printf.h"
#include "regsub.h"
#include "defs.h"
#include "trackname.h"
#include "charset.h"
#include "dcgi.h"
#include "url.h"
#include "mime.h"
#include "sendmail.h"
#include "base64.h"

struct entry {
  const char *path;
  const char *sort;
  const char *display;
};

static int compare_entry(const void *a, const void *b) {
  const struct entry *ea = a, *eb = b;

  return compare_tracks(ea->sort, eb->sort,
			ea->display, eb->display,
			ea->path, eb->path);
}

static const char *front_url(void) {
  char *url;
  const char *mgmt;

  /* preserve management interface visibility */
  if((mgmt = cgi_get("mgmt")) && !strcmp(mgmt, "true")) {
    byte_xasprintf(&url, "%s?mgmt=true", config->url);
    return url;
  }
  return config->url;
}

static void redirect(struct sink *output) {
  const char *back;

  back = cgi_get("back");
  cgi_header(output, "Location", back && *back ? back : front_url());
  header_cookie(output);
  cgi_body(output);
}

static void expand_template(dcgi_state *ds, cgi_sink *output,
			    const char *action) {
  cgi_header(output->sink, "Content-Type", "text/html");
  header_cookie(output->sink);
  cgi_body(output->sink);
  expand(output, action, ds);
}

/* actions ********************************************************************/

static void act_prefs_errors(const char *msg,
			     void attribute((unused)) *u) {
  fatal(0, "error splitting parts list: %s", msg);
}

static const char *numbered_arg(const char *argname, int numfile) {
  char *fullname;

  byte_xasprintf(&fullname, "%d_%s", numfile, argname);
  return cgi_get(fullname);
}

static void process_prefs(dcgi_state *ds, int numfile) {
  const char *file, *name, *value, *part, *parts, *current, *context;
  char **partslist;

  if(!(file = numbered_arg("file", numfile)))
    /* The first file doesn't need numbering. */
    if(numfile > 0 || !(file = cgi_get("file")))
      return;
  if((parts = numbered_arg("parts", numfile))
     || (parts = cgi_get("parts"))) {
    /* Default context is display.  Other contexts not actually tested. */
    if(!(context = numbered_arg("context", numfile))) context = "display";
    partslist = split(parts, 0, 0, act_prefs_errors, 0);
    while((part = *partslist++)) {
      if(!(value = numbered_arg(part, numfile)))
	continue;
      /* If it's already right (whether regexps or db) don't change anything,
       * so we don't fill the database up with rubbish. */
      if(disorder_part(ds->g->client, (char **)&current,
		       file, context, part))
	fatal(0, "disorder_part() failed");
      if(!strcmp(current, value))
	continue;
      byte_xasprintf((char **)&name, "trackname_%s_%s", context, part);
      disorder_set(ds->g->client, file, name, value);
    }
    if((value = numbered_arg("random", numfile)))
      disorder_unset(ds->g->client, file, "pick_at_random");
    else
      disorder_set(ds->g->client, file, "pick_at_random", "0");
    if((value = numbered_arg("tags", numfile))) {
      if(!*value)
	disorder_unset(ds->g->client, file, "tags");
      else
	disorder_set(ds->g->client, file, "tags", value);
    }
    if((value = numbered_arg("weight", numfile))) {
      if(!*value || !strcmp(value, "90000"))
	disorder_unset(ds->g->client, file, "weight");
      else
	disorder_set(ds->g->client, file, "weight", value);
    }
  } else if((name = cgi_get("name"))) {
    /* Raw preferences.  Not well supported in the templates at the moment. */
    value = cgi_get("value");
    if(value)
      disorder_set(ds->g->client, file, name, value);
    else
      disorder_unset(ds->g->client, file, name);
  }
}

static void act_prefs(cgi_sink *output, dcgi_state *ds) {
  const char *files;
  int nfiles, numfile;

  if((files = cgi_get("files"))) nfiles = atoi(files);
  else nfiles = 1;
  for(numfile = 0; numfile < nfiles; ++numfile)
    process_prefs(ds, numfile);
  cgi_header(output->sink, "Content-Type", "text/html");
  header_cookie(output->sink);
  cgi_body(output->sink);
  expand(output, "prefs", ds);
}

static void act_login(cgi_sink *output,
		      dcgi_state *ds) {
  const char *username, *password, *back;
  disorder_client *c;

  username = cgi_get("username");
  password = cgi_get("password");
  if(!username || !password
     || !strcmp(username, "guest")/*bodge to avoid guest cookies*/) {
    /* We're just visiting the login page */
    expand_template(ds, output, "login");
    return;
  }
  /* We'll need a new connection as we are going to stop being guest */
  c = disorder_new(0);
  if(disorder_connect_user(c, username, password)) {
    cgi_set_option("error", "loginfailed");
    expand_template(ds, output, "login");
    return;
  }
  if(disorder_make_cookie(c, &login_cookie)) {
    cgi_set_option("error", "cookiefailed");
    expand_template(ds, output, "login");
    return;
  }
  /* Use the new connection henceforth */
  ds->g->client = c;
  ds->g->flags = 0;
  /* We have a new cookie */
  header_cookie(output->sink);
  cgi_set_option("status", "loginok");
  if((back = cgi_get("back")) && *back)
    /* Redirect back to somewhere or other */
    redirect(output->sink);
  else
    /* Stick to the login page */
    expand_template(ds, output, "login");
}

static void act_logout(cgi_sink *output,
		       dcgi_state *ds) {
  disorder_revoke(ds->g->client);
  login_cookie = 0;
  /* Reconnect as guest */
  disorder_cgi_login(ds, output);
  /* Back to the login page */
  cgi_set_option("status", "logoutok");
  expand_template(ds, output, "login");
}

static void act_register(cgi_sink *output,
			 dcgi_state *ds) {
  const char *username, *password, *password2, *email;
  char *confirm, *content_type;
  const char *text, *encoding, *charset;

  username = cgi_get("username");
  password = cgi_get("password1");
  password2 = cgi_get("password2");
  email = cgi_get("email");

  if(!username || !*username) {
    cgi_set_option("error", "nousername");
    expand_template(ds, output, "login");
    return;
  }
  if(!password || !*password) {
    cgi_set_option("error", "nopassword");
    expand_template(ds, output, "login");
    return;
  }
  if(!password2 || !*password2 || strcmp(password, password2)) {
    cgi_set_option("error", "passwordmismatch");
    expand_template(ds, output, "login");
    return;
  }
  if(!email || !*email) {
    cgi_set_option("error", "noemail");
    expand_template(ds, output, "login");
    return;
  }
  /* We could well do better address validation but for now we'll just do the
   * minimum */
  if(!strchr(email, '@')) {
    cgi_set_option("error", "bademail");
    expand_template(ds, output, "login");
    return;
  }
  if(disorder_register(ds->g->client, username, password, email, &confirm)) {
    cgi_set_option("error", "cannotregister");
    expand_template(ds, output, "login");
    return;
  }
  /* Send the user a mail */
  /* TODO templatize this */
  byte_xasprintf((char **)&text,
		 "Welcome to DisOrder.  To active your login, please visit this URL:\n"
		 "\n"
		 "%s?c=%s\n", config->url, urlencodestring(confirm));
  if(!(text = mime_encode_text(text, &charset, &encoding)))
    fatal(0, "cannot encode email");
  byte_xasprintf(&content_type, "text/plain;charset=%s",
		 quote822(charset, 0));
  sendmail("", config->mail_sender, email, "Welcome to DisOrder",
	   encoding, content_type, text); /* TODO error checking  */
  /* We'll go back to the login page with a suitable message */
  cgi_set_option("status", "registered");
  expand_template(ds, output, "login");
}

static void act_confirm(cgi_sink *output,
			dcgi_state *ds) {
  const char *confirmation;

  if(!(confirmation = cgi_get("c"))) {
    cgi_set_option("error", "noconfirm");
    expand_template(ds, output, "login");
  }
  /* Confirm our registration */
  if(disorder_confirm(ds->g->client, confirmation)) {
    cgi_set_option("error", "badconfirm");
    expand_template(ds, output, "login");
  }
  /* Get a cookie */
  if(disorder_make_cookie(ds->g->client, &login_cookie)) {
    cgi_set_option("error", "cookiefailed");
    expand_template(ds, output, "login");
    return;
  }
  /* Discard any cached data JIC */
  ds->g->flags = 0;
  /* We have a new cookie */
  header_cookie(output->sink);
  cgi_set_option("status", "confirmed");
  expand_template(ds, output, "login");
}

static void act_edituser(cgi_sink *output,
			 dcgi_state *ds) {
  const char *email = cgi_get("email"), *password = cgi_get("changepassword1");
  const char *password2 = cgi_get("changepassword2");
  int newpassword = 0;
  disorder_client *c;

  if((password && *password) || (password && *password2)) {
    if(!password || !password2 || strcmp(password, password2)) {
      cgi_set_option("error", "passwordmismatch");
      expand_template(ds, output, "login");
      return;
    }
  } else
    password = password2 = 0;
  
  if(email) {
    if(disorder_edituser(ds->g->client, disorder_user(ds->g->client),
			 "email", email)) {
      cgi_set_option("error", "badedit");
      expand_template(ds, output, "login");
      return;
    }
  }
  if(password) {
    if(disorder_edituser(ds->g->client, disorder_user(ds->g->client),
			 "password", password)) {
      cgi_set_option("error", "badedit");
      expand_template(ds, output, "login");
      return;
    }
    newpassword = 1;
  }
  if(newpassword) {
    login_cookie = 0;			/* it'll be invalid now */
    /* This is a bit duplicative of act_login() */
    c = disorder_new(0);
    if(disorder_connect_user(c, disorder_user(ds->g->client), password)) {
      cgi_set_option("error", "loginfailed");
      expand_template(ds, output, "login");
      return;
    }
    if(disorder_make_cookie(c, &login_cookie)) {
      cgi_set_option("error", "cookiefailed");
      expand_template(ds, output, "login");
      return;
    }
    /* Use the new connection henceforth */
    ds->g->client = c;
    ds->g->flags = 0;
    /* We have a new cookie */
    header_cookie(output->sink);
  }
  cgi_set_option("status", "edited");
  expand_template(ds, output, "login");  
}

static void act_reminder(cgi_sink *output,
			 dcgi_state *ds) {
  const char *const username = cgi_get("username");

  if(!username || !*username) {
    cgi_set_option("error", "nousername");
    expand_template(ds, output, "login");
    return;
  }
  if(disorder_reminder(ds->g->client, username)) {
    cgi_set_option("error", "reminderfailed");
    expand_template(ds, output, "login");
    return;
  }
  cgi_set_option("status", "reminded");
  expand_template(ds, output, "login");  
}

/* expansions *****************************************************************/

static void exp_label(int attribute((unused)) nargs,
		      char **args,
		      cgi_sink *output,
		      void attribute((unused)) *u) {
  cgi_output(output, "%s", cgi_label(args[0]));
}

struct trackinfo_state {
  dcgi_state *ds;
  const struct queue_entry *q;
  long length;
  time_t when;
};

struct result {
  char *track;
  const char *sort;
};

static int compare_result(const void *a, const void *b) {
  const struct result *ra = a, *rb = b;
  int c;

  if(!(c = strcmp(ra->sort, rb->sort)))
    c = strcmp(ra->track, rb->track);
  return c;
}

static void exp_stats(int attribute((unused)) nargs,
		      char attribute((unused)) **args,
		      cgi_sink *output,
		      void *u) {
  dcgi_state *ds = u;
  char **v;

  cgi_opentag(output->sink, "pre", "class", "stats", (char *)0);
  if(!disorder_stats(ds->g->client, &v, 0)) {
    while(*v)
      cgi_output(output, "%s\n", *v++);
  }
  cgi_closetag(output->sink, "pre");
}

static char *expandarg(const char *arg, dcgi_state *ds) {
  struct dynstr d;
  cgi_sink output;

  dynstr_init(&d);
  output.quote = 0;
  output.sink = sink_dynstr(&d);
  expandstring(&output, arg, ds);
  dynstr_terminate(&d);
  return d.vec;
}

static void exp_navigate(int attribute((unused)) nargs,
			 char **args,
			 cgi_sink *output,
			 void *u) {
  dcgi_state *ds = u;
  dcgi_state substate;
  const char *path = expandarg(args[0], ds);
  const char *ptr;
  int dirlen;

  if(*path) {
    memset(&substate, 0, sizeof substate);
    substate.g = ds->g;
    ptr = path + 1;			/* skip root */
    dirlen = 0;
    substate.nav_path = path;
    substate.first = 1;
    while(*ptr) {
      while(*ptr && *ptr != '/')
	++ptr;
      substate.last = !*ptr;
      substate.nav_len = ptr - path;
      substate.nav_dirlen = dirlen;
      expandstring(output, args[1], &substate);
      dirlen = substate.nav_len;
      if(*ptr) ++ptr;
      substate.first = 0;
    }
  }
}

static void exp_fullname(int attribute((unused)) nargs,
			 char attribute((unused)) **args,
			 cgi_sink *output,
			 void *u) {
  dcgi_state *ds = u;
  cgi_output(output, "%.*s", ds->nav_len, ds->nav_path);
}

/*
Local Variables:
c-basic-offset:2
comment-column:40
fill-column:79
End:
*/
Commit	Line	Data
460b9539	1
	2	#include <stdio.h>
	3	#include <errno.h>
	4	#include <sys/types.h>
	5	#include <sys/socket.h>
	6	#include <stddef.h>
	7	#include <stdlib.h>
	8	#include <time.h>
	9	#include <unistd.h>
	10	#include <string.h>
	11	#include <sys/wait.h>
	12	#include <pcre.h>
	13	#include <assert.h>
	14
	15	#include "client.h"
	16	#include "mem.h"
	17	#include "vector.h"
	18	#include "sink.h"
9faa7a88	19	#include "server-cgi.h"
460b9539	20	#include "log.h"
	21	#include "configuration.h"
	22	#include "table.h"
	23	#include "queue.h"
	24	#include "plugin.h"
	25	#include "split.h"
460b9539	26	#include "wstat.h"
	27	#include "kvp.h"
	28	#include "syscalls.h"
	29	#include "printf.h"
	30	#include "regsub.h"
	31	#include "defs.h"
	32	#include "trackname.h"
61507e3c	33	#include "charset.h"
938d8157	34	#include "dcgi.h"
36bde473	35	#include "url.h"
36bde473	36	#include "mime.h"
bb6ae3fb	37	#include "sendmail.h"
f902253a	38	#include "base64.h"
460b9539	39
460b9539	40	struct entry {
	41	const char *path;
	42	const char *sort;
	43	const char *display;
	44	};
	45
460b9539	46	static int compare_entry(const void a, const void b) {
	47	const struct entry ea = a, eb = b;
	48
	49	return compare_tracks(ea->sort, eb->sort,
	50	ea->display, eb->display,
	51	ea->path, eb->path);
	52	}
	53
	54	static const char *front_url(void) {
	55	char *url;
	56	const char *mgmt;
	57
	58	/* preserve management interface visibility */
	59	if((mgmt = cgi_get("mgmt")) && !strcmp(mgmt, "true")) {
	60	byte_xasprintf(&url, "%s?mgmt=true", config->url);
	61	return url;
	62	}
	63	return config->url;
	64	}
	65
7f66f58b	66	static void redirect(struct sink *output) {
	67	const char *back;
	68
	69	back = cgi_get("back");
	70	cgi_header(output, "Location", back && *back ? back : front_url());
	71	header_cookie(output);
	72	cgi_body(output);
fdf98378	73	}
	74
	75	static void expand_template(dcgi_state ds, cgi_sink output,
	76	const char *action) {
	77	cgi_header(output->sink, "Content-Type", "text/html");
7f66f58b	78	header_cookie(output->sink);
fdf98378	79	cgi_body(output->sink);
	80	expand(output, action, ds);
	81	}
	82
460b9539	83	/* actions ********************************************************************/
460b9539	84
460b9539	85	static void act_prefs_errors(const char *msg,
	86	void attribute((unused)) *u) {
	87	fatal(0, "error splitting parts list: %s", msg);
	88	}
	89
	90	static const char numbered_arg(const char argname, int numfile) {
	91	char *fullname;
	92
	93	byte_xasprintf(&fullname, "%d_%s", numfile, argname);
	94	return cgi_get(fullname);
	95	}
	96
	97	static void process_prefs(dcgi_state *ds, int numfile) {
	98	const char file, name, value, part, parts, current, *context;
	99	char **partslist;
	100
	101	if(!(file = numbered_arg("file", numfile)))
	102	/* The first file doesn't need numbering. */
	103	if(numfile > 0 \|\| !(file = cgi_get("file")))
	104	return;
	105	if((parts = numbered_arg("parts", numfile))
	106	\|\| (parts = cgi_get("parts"))) {
	107	/* Default context is display. Other contexts not actually tested. */
	108	if(!(context = numbered_arg("context", numfile))) context = "display";
	109	partslist = split(parts, 0, 0, act_prefs_errors, 0);
	110	while((part = *partslist++)) {
	111	if(!(value = numbered_arg(part, numfile)))
	112	continue;
	113	/* If it's already right (whether regexps or db) don't change anything,
	114	* so we don't fill the database up with rubbish. */
	115	if(disorder_part(ds->g->client, (char **)&current,
	116	file, context, part))
	117	fatal(0, "disorder_part() failed");
	118	if(!strcmp(current, value))
	119	continue;
	120	byte_xasprintf((char **)&name, "trackname_%s_%s", context, part);
	121	disorder_set(ds->g->client, file, name, value);
	122	}
	123	if((value = numbered_arg("random", numfile)))
	124	disorder_unset(ds->g->client, file, "pick_at_random");
	125	else
	126	disorder_set(ds->g->client, file, "pick_at_random", "0");
2d0cdf2b RK	127	if((value = numbered_arg("tags", numfile))) {
	128	if(!*value)
	129	disorder_unset(ds->g->client, file, "tags");
	130	else
	131	disorder_set(ds->g->client, file, "tags", value);
	132	}
	133	if((value = numbered_arg("weight", numfile))) {
	134	if(!*value \|\| !strcmp(value, "90000"))
	135	disorder_unset(ds->g->client, file, "weight");
	136	else
	137	disorder_set(ds->g->client, file, "weight", value);
	138	}
460b9539	139	} else if((name = cgi_get("name"))) {
	140	/* Raw preferences. Not well supported in the templates at the moment. */
	141	value = cgi_get("value");
	142	if(value)
	143	disorder_set(ds->g->client, file, name, value);
	144	else
	145	disorder_unset(ds->g->client, file, name);
	146	}
	147	}
	148
	149	static void act_prefs(cgi_sink output, dcgi_state ds) {
	150	const char *files;
	151	int nfiles, numfile;
	152
	153	if((files = cgi_get("files"))) nfiles = atoi(files);
	154	else nfiles = 1;
	155	for(numfile = 0; numfile < nfiles; ++numfile)
	156	process_prefs(ds, numfile);
	157	cgi_header(output->sink, "Content-Type", "text/html");
7f66f58b	158	header_cookie(output->sink);
460b9539	159	cgi_body(output->sink);
	160	expand(output, "prefs", ds);
	161	}
	162
fdf98378	163	static void act_login(cgi_sink *output,
	164	dcgi_state *ds) {
	165	const char username, password, *back;
	166	disorder_client *c;
	167
	168	username = cgi_get("username");
	169	password = cgi_get("password");
	170	if(!username \|\| !password
	171	\|\| !strcmp(username, "guest")/bodge to avoid guest cookies/) {
	172	/* We're just visiting the login page */
	173	expand_template(ds, output, "login");
	174	return;
	175	}
fb6aa8d1	176	/* We'll need a new connection as we are going to stop being guest */
fb6aa8d1	177	c = disorder_new(0);
fdf98378	178	if(disorder_connect_user(c, username, password)) {
	179	cgi_set_option("error", "loginfailed");
	180	expand_template(ds, output, "login");
	181	return;
	182	}
	183	if(disorder_make_cookie(c, &login_cookie)) {
	184	cgi_set_option("error", "cookiefailed");
	185	expand_template(ds, output, "login");
	186	return;
	187	}
fb6aa8d1	188	/* Use the new connection henceforth */
	189	ds->g->client = c;
	190	ds->g->flags = 0;
fdf98378	191	/* We have a new cookie */
7f66f58b	192	header_cookie(output->sink);
ac152d06	193	cgi_set_option("status", "loginok");
ac152d06	194	if((back = cgi_get("back")) && *back)
fdf98378	195	/* Redirect back to somewhere or other */
	196	redirect(output->sink);
	197	else
	198	/* Stick to the login page */
	199	expand_template(ds, output, "login");
	200	}
	201
b42ffad6	202	static void act_logout(cgi_sink *output,
	203	dcgi_state *ds) {
	204	disorder_revoke(ds->g->client);
	205	login_cookie = 0;
7f66f58b	206	/* Reconnect as guest */
938d8157	207	disorder_cgi_login(ds, output);
b42ffad6	208	/* Back to the login page */
ac152d06	209	cgi_set_option("status", "logoutok");
b42ffad6	210	expand_template(ds, output, "login");
	211	}
	212
fdf98378	213	static void act_register(cgi_sink *output,
fdf98378	214	dcgi_state *ds) {
968f044a	215	const char username, password, password2, email;
bb6ae3fb	216	char confirm, content_type;
bb6ae3fb	217	const char text, encoding, *charset;
fdf98378	218
fdf98378	219	username = cgi_get("username");
968f044a	220	password = cgi_get("password1");
968f044a	221	password2 = cgi_get("password2");
fdf98378	222	email = cgi_get("email");
	223
	224	if(!username \|\| !*username) {
	225	cgi_set_option("error", "nousername");
	226	expand_template(ds, output, "login");
	227	return;
	228	}
	229	if(!password \|\| !*password) {
	230	cgi_set_option("error", "nopassword");
	231	expand_template(ds, output, "login");
	232	return;
	233	}
968f044a	234	if(!password2 \|\| !*password2 \|\| strcmp(password, password2)) {
	235	cgi_set_option("error", "passwordmismatch");
	236	expand_template(ds, output, "login");
	237	return;
	238	}
fdf98378	239	if(!email \|\| !*email) {
	240	cgi_set_option("error", "noemail");
	241	expand_template(ds, output, "login");
	242	return;
	243	}
	244	/* We could well do better address validation but for now we'll just do the
	245	* minimum */
	246	if(!strchr(email, '@')) {
	247	cgi_set_option("error", "bademail");
	248	expand_template(ds, output, "login");
	249	return;
	250	}
	251	if(disorder_register(ds->g->client, username, password, email, &confirm)) {
	252	cgi_set_option("error", "cannotregister");
	253	expand_template(ds, output, "login");
	254	return;
	255	}
bb6ae3fb	256	/* Send the user a mail */
	257	/* TODO templatize this */
	258	byte_xasprintf((char **)&text,
	259	"Welcome to DisOrder. To active your login, please visit this URL:\n"
	260	"\n"
10114017	261	"%s?c=%s\n", config->url, urlencodestring(confirm));
bb6ae3fb	262	if(!(text = mime_encode_text(text, &charset, &encoding)))
	263	fatal(0, "cannot encode email");
	264	byte_xasprintf(&content_type, "text/plain;charset=%s",
	265	quote822(charset, 0));
	266	sendmail("", config->mail_sender, email, "Welcome to DisOrder",
	267	encoding, content_type, text); /* TODO error checking */
fdf98378	268	/* We'll go back to the login page with a suitable message */
ac152d06	269	cgi_set_option("status", "registered");
fdf98378	270	expand_template(ds, output, "login");
	271	}
	272
230209f7	273	static void act_confirm(cgi_sink *output,
	274	dcgi_state *ds) {
	275	const char *confirmation;
	276
10114017	277	if(!(confirmation = cgi_get("c"))) {
230209f7	278	cgi_set_option("error", "noconfirm");
	279	expand_template(ds, output, "login");
	280	}
30365519	281	/* Confirm our registration */
230209f7	282	if(disorder_confirm(ds->g->client, confirmation)) {
	283	cgi_set_option("error", "badconfirm");
	284	expand_template(ds, output, "login");
	285	}
30365519	286	/* Get a cookie */
	287	if(disorder_make_cookie(ds->g->client, &login_cookie)) {
	288	cgi_set_option("error", "cookiefailed");
	289	expand_template(ds, output, "login");
	290	return;
	291	}
	292	/* Discard any cached data JIC */
	293	ds->g->flags = 0;
	294	/* We have a new cookie */
	295	header_cookie(output->sink);
ac152d06	296	cgi_set_option("status", "confirmed");
230209f7	297	expand_template(ds, output, "login");
	298	}
	299
968f044a	300	static void act_edituser(cgi_sink *output,
	301	dcgi_state *ds) {
	302	const char email = cgi_get("email"), password = cgi_get("changepassword1");
	303	const char *password2 = cgi_get("changepassword2");
	304	int newpassword = 0;
	305	disorder_client *c;
	306
	307	if((password && password) \|\| (password && password2)) {
	308	if(!password \|\| !password2 \|\| strcmp(password, password2)) {
	309	cgi_set_option("error", "passwordmismatch");
	310	expand_template(ds, output, "login");
	311	return;
	312	}
	313	} else
	314	password = password2 = 0;
	315
	316	if(email) {
	317	if(disorder_edituser(ds->g->client, disorder_user(ds->g->client),
	318	"email", email)) {
	319	cgi_set_option("error", "badedit");
	320	expand_template(ds, output, "login");
	321	return;
	322	}
	323	}
	324	if(password) {
	325	if(disorder_edituser(ds->g->client, disorder_user(ds->g->client),
	326	"password", password)) {
	327	cgi_set_option("error", "badedit");
	328	expand_template(ds, output, "login");
	329	return;
	330	}
	331	newpassword = 1;
	332	}
	333	if(newpassword) {
	334	login_cookie = 0; /* it'll be invalid now */
	335	/* This is a bit duplicative of act_login() */
	336	c = disorder_new(0);
	337	if(disorder_connect_user(c, disorder_user(ds->g->client), password)) {
	338	cgi_set_option("error", "loginfailed");
	339	expand_template(ds, output, "login");
	340	return;
	341	}
	342	if(disorder_make_cookie(c, &login_cookie)) {
	343	cgi_set_option("error", "cookiefailed");
	344	expand_template(ds, output, "login");
	345	return;
	346	}
	347	/* Use the new connection henceforth */
	348	ds->g->client = c;
	349	ds->g->flags = 0;
	350	/* We have a new cookie */
	351	header_cookie(output->sink);
	352	}
	353	cgi_set_option("status", "edited");
	354	expand_template(ds, output, "login");
	355	}
	356
6207d2f3	357	static void act_reminder(cgi_sink *output,
	358	dcgi_state *ds) {
	359	const char *const username = cgi_get("username");
	360
	361	if(!username \|\| !*username) {
	362	cgi_set_option("error", "nousername");
	363	expand_template(ds, output, "login");
	364	return;
	365	}
	366	if(disorder_reminder(ds->g->client, username)) {
	367	cgi_set_option("error", "reminderfailed");
	368	expand_template(ds, output, "login");
	369	return;
	370	}
	371	cgi_set_option("status", "reminded");
	372	expand_template(ds, output, "login");
	373	}
b28ce5d6	374
460b9539	375	/* expansions *****************************************************************/
460b9539	376
460b9539	377	static void exp_label(int attribute((unused)) nargs,
	378	char **args,
	379	cgi_sink *output,
	380	void attribute((unused)) *u) {
	381	cgi_output(output, "%s", cgi_label(args[0]));
	382	}
	383
	384	struct trackinfo_state {
	385	dcgi_state *ds;
	386	const struct queue_entry *q;
	387	long length;
	388	time_t when;
	389	};
	390
460b9539	391	struct result {
	392	char *track;
	393	const char *sort;
	394	};
	395
	396	static int compare_result(const void a, const void b) {
	397	const struct result ra = a, rb = b;
	398	int c;
	399
	400	if(!(c = strcmp(ra->sort, rb->sort)))
	401	c = strcmp(ra->track, rb->track);
	402	return c;
	403	}
	404
460b9539	405	static void exp_stats(int attribute((unused)) nargs,
	406	char attribute((unused)) **args,
	407	cgi_sink *output,
	408	void *u) {
	409	dcgi_state *ds = u;
	410	char **v;
	411
	412	cgi_opentag(output->sink, "pre", "class", "stats", (char *)0);
	413	if(!disorder_stats(ds->g->client, &v, 0)) {
	414	while(*v)
	415	cgi_output(output, "%s\n", *v++);
	416	}
	417	cgi_closetag(output->sink, "pre");
	418	}
	419
460b9539	420	static char expandarg(const char arg, dcgi_state *ds) {
	421	struct dynstr d;
	422	cgi_sink output;
	423
	424	dynstr_init(&d);
	425	output.quote = 0;
	426	output.sink = sink_dynstr(&d);
	427	expandstring(&output, arg, ds);
	428	dynstr_terminate(&d);
	429	return d.vec;
	430	}
	431
460b9539	432	static void exp_navigate(int attribute((unused)) nargs,
	433	char **args,
	434	cgi_sink *output,
	435	void *u) {
	436	dcgi_state *ds = u;
	437	dcgi_state substate;
	438	const char *path = expandarg(args[0], ds);
	439	const char *ptr;
	440	int dirlen;
	441
	442	if(*path) {
	443	memset(&substate, 0, sizeof substate);
	444	substate.g = ds->g;
	445	ptr = path + 1; /* skip root */
	446	dirlen = 0;
	447	substate.nav_path = path;
	448	substate.first = 1;
	449	while(*ptr) {
	450	while(ptr && ptr != '/')
	451	++ptr;
	452	substate.last = !*ptr;
	453	substate.nav_len = ptr - path;
	454	substate.nav_dirlen = dirlen;
	455	expandstring(output, args[1], &substate);
	456	dirlen = substate.nav_len;
	457	if(*ptr) ++ptr;
	458	substate.first = 0;
	459	}
	460	}
	461	}
	462
	463	static void exp_fullname(int attribute((unused)) nargs,
	464	char attribute((unused)) **args,
	465	cgi_sink *output,
	466	void *u) {
	467	dcgi_state *ds = u;
	468	cgi_output(output, "%.*s", ds->nav_len, ds->nav_path);
	469	}
	470
460b9539	471	/*
	472	Local Variables:
	473	c-basic-offset:2
	474	comment-column:40
	475	fill-column:79
	476	End:
	477	*/