Commit | Line | Data |
---|---|---|
bca4e2b7 RK |
1 | /* |
2 | * This file is part of DisOrder. | |
3 | * Copyright (C) 2004-2008 Richard Kettlewell | |
4 | * | |
e7eb3a27 | 5 | * This program is free software: you can redistribute it and/or modify |
bca4e2b7 | 6 | * it under the terms of the GNU General Public License as published by |
e7eb3a27 | 7 | * the Free Software Foundation, either version 3 of the License, or |
bca4e2b7 RK |
8 | * (at your option) any later version. |
9 | * | |
e7eb3a27 RK |
10 | * This program is distributed in the hope that it will be useful, |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | * GNU General Public License for more details. | |
14 | * | |
bca4e2b7 | 15 | * You should have received a copy of the GNU General Public License |
e7eb3a27 | 16 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
bca4e2b7 | 17 | */ |
59cf25c4 | 18 | /** @file cgi/actions.c |
1e97629d RK |
19 | * @brief DisOrder web actions |
20 | * | |
21 | * Actions are anything that the web interface does beyond passive template | |
22 | * expansion and inspection of state recieved from the server. This means | |
23 | * playing tracks, editing prefs etc but also setting extra headers e.g. to | |
24 | * auto-refresh the playing list. | |
59cf25c4 RK |
25 | * |
26 | * See @ref lib/macros-builtin.c for docstring syntax. | |
1e97629d | 27 | */ |
bca4e2b7 | 28 | |
1e97629d | 29 | #include "disorder-cgi.h" |
5a7df048 RK |
30 | |
31 | /** @brief Redirect to some other action or URL */ | |
32 | static void redirect(const char *url) { | |
33 | /* By default use the 'back' argument */ | |
34 | if(!url) | |
71634563 | 35 | url = cgi_get("back"); |
04aa2c4f | 36 | if(url && *url) { |
e7ce7665 | 37 | if(strncmp(url, "http", 4)) |
5a7df048 RK |
38 | /* If the target is not a full URL assume it's the action */ |
39 | url = cgi_makeurl(config->url, "action", url, (char *)0); | |
40 | } else { | |
41 | /* If back= is not set just go back to the front page */ | |
42 | url = config->url; | |
43 | } | |
44 | if(printf("Location: %s\n" | |
45 | "%s\n" | |
1e97629d | 46 | "\n", url, dcgi_cookie_header()) < 0) |
2e9ba080 | 47 | disorder_fatal(errno, "error writing to stdout"); |
5a7df048 RK |
48 | } |
49 | ||
59cf25c4 | 50 | /*$ playing |
5c1ae3bc RK |
51 | * |
52 | * Expands \fIplaying.tmpl\fR as if there was no special 'playing' action, but | |
53 | * adds a Refresh: field to the HTTP header. The maximum refresh interval is | |
54 | * defined by \fBrefresh\fR (see \fBdisorder_config\fR(5)) but may be less if | |
55 | * the end of the track is near. | |
56 | */ | |
59cf25c4 | 57 | /*$ manage |
5c1ae3bc RK |
58 | * |
59 | * Expands \fIplaying.tmpl\fR (NB not \fImanage.tmpl\fR) as if there was no | |
60 | * special 'playing' action, and adds a Refresh: field to the HTTP header. The | |
61 | * maximum refresh interval is defined by \Bfrefresh\fR (see | |
62 | * \fBdisorder_config\fR(5)) but may be less if the end of the track is near. | |
63 | */ | |
448d3570 RK |
64 | static void act_playing(void) { |
65 | long refresh = config->refresh; | |
66 | long length; | |
67 | time_t now, fin; | |
68 | char *url; | |
71634563 | 69 | const char *action; |
448d3570 | 70 | |
1e97629d RK |
71 | dcgi_lookup(DCGI_PLAYING|DCGI_QUEUE|DCGI_ENABLED|DCGI_RANDOM_ENABLED); |
72 | if(dcgi_playing | |
73 | && dcgi_playing->state == playing_started /* i.e. not paused */ | |
74 | && !disorder_length(dcgi_client, dcgi_playing->track, &length) | |
448d3570 | 75 | && length |
1e97629d | 76 | && dcgi_playing->sofar >= 0) { |
448d3570 | 77 | /* Try to put the next refresh at the start of the next track. */ |
4265e5d3 | 78 | xtime(&now); |
657fdb79 | 79 | fin = now + length - dcgi_playing->sofar; |
448d3570 RK |
80 | if(now + refresh > fin) |
81 | refresh = fin - now; | |
82 | } | |
6a5964b7 | 83 | if(dcgi_queue && dcgi_queue->origin == origin_scratch) { |
657fdb79 RK |
84 | /* next track is a scratch, refresh immediately */ |
85 | refresh = 0; | |
448d3570 | 86 | } |
1e97629d RK |
87 | if(!dcgi_playing |
88 | && ((dcgi_queue | |
2dc2f478 | 89 | && dcgi_queue->origin != origin_random) |
1e97629d RK |
90 | || dcgi_random_enabled) |
91 | && dcgi_enabled) { | |
448d3570 | 92 | /* no track playing but playing is enabled and there is something coming |
657fdb79 RK |
93 | * up, so refresh immediately */ |
94 | refresh = 0; | |
448d3570 | 95 | } |
533272be RK |
96 | /* Bound the refresh interval below as a back-stop against the above |
97 | * calculations coming up with a stupid answer */ | |
98 | if(refresh < config->refresh_min) | |
99 | refresh = config->refresh_min; | |
448d3570 RK |
100 | if((action = cgi_get("action"))) |
101 | url = cgi_makeurl(config->url, "action", action, (char *)0); | |
102 | else | |
103 | url = config->url; | |
e7ce7665 RK |
104 | if(printf("Refresh: %ld;url=%s\n", |
105 | refresh, url) < 0) | |
2e9ba080 | 106 | disorder_fatal(errno, "error writing to stdout"); |
e7ce7665 | 107 | dcgi_expand("playing", 1); |
1e97629d RK |
108 | } |
109 | ||
59cf25c4 | 110 | /*$ disable |
5c1ae3bc RK |
111 | * |
112 | * Disables play. | |
113 | */ | |
1e97629d RK |
114 | static void act_disable(void) { |
115 | if(dcgi_client) | |
116 | disorder_disable(dcgi_client); | |
117 | redirect(0); | |
118 | } | |
119 | ||
59cf25c4 | 120 | /*$ enable |
5c1ae3bc RK |
121 | * |
122 | * Enables play. | |
123 | */ | |
1e97629d RK |
124 | static void act_enable(void) { |
125 | if(dcgi_client) | |
126 | disorder_enable(dcgi_client); | |
127 | redirect(0); | |
128 | } | |
129 | ||
59cf25c4 | 130 | /*$ random-disable |
5c1ae3bc RK |
131 | * |
132 | * Disables random play. | |
133 | */ | |
1e97629d RK |
134 | static void act_random_disable(void) { |
135 | if(dcgi_client) | |
136 | disorder_random_disable(dcgi_client); | |
137 | redirect(0); | |
138 | } | |
139 | ||
59cf25c4 | 140 | /*$ random-enable |
5c1ae3bc RK |
141 | * |
142 | * Enables random play. | |
143 | */ | |
1e97629d RK |
144 | static void act_random_enable(void) { |
145 | if(dcgi_client) | |
146 | disorder_random_enable(dcgi_client); | |
147 | redirect(0); | |
448d3570 RK |
148 | } |
149 | ||
59cf25c4 | 150 | /*$ pause |
5c1ae3bc RK |
151 | * |
152 | * Pauses the current track (if there is one and it's not paused already). | |
153 | */ | |
6d9dd8d9 RK |
154 | static void act_pause(void) { |
155 | if(dcgi_client) | |
156 | disorder_pause(dcgi_client); | |
157 | redirect(0); | |
158 | } | |
159 | ||
59cf25c4 | 160 | /*$ resume |
5c1ae3bc RK |
161 | * |
162 | * Resumes the current track (if there is one and it's paused). | |
163 | */ | |
6d9dd8d9 RK |
164 | static void act_resume(void) { |
165 | if(dcgi_client) | |
166 | disorder_resume(dcgi_client); | |
167 | redirect(0); | |
168 | } | |
169 | ||
59cf25c4 | 170 | /*$ remove |
5c1ae3bc RK |
171 | * |
172 | * Removes the track given by the \fBid\fR argument. If this is the currently | |
173 | * playing track then it is scratched. | |
174 | */ | |
a2c4ad5f RK |
175 | static void act_remove(void) { |
176 | const char *id; | |
177 | struct queue_entry *q; | |
178 | ||
179 | if(dcgi_client) { | |
180 | if(!(id = cgi_get("id"))) | |
2e9ba080 | 181 | disorder_error(0, "missing 'id' argument"); |
a2c4ad5f | 182 | else if(!(q = dcgi_findtrack(id))) |
2e9ba080 | 183 | disorder_error(0, "unknown queue id %s", id); |
6a5964b7 RK |
184 | else if(q->origin == origin_scratch) |
185 | /* can't scratch scratches */ | |
2e9ba080 | 186 | disorder_error(0, "does not make sense to scratch or remove %s", id); |
6a5964b7 RK |
187 | else if(q->state == playing_paused |
188 | || q->state == playing_started) | |
189 | /* removing the playing track = scratching */ | |
a2c4ad5f | 190 | disorder_scratch(dcgi_client, id); |
6a5964b7 RK |
191 | else if(q->state == playing_unplayed) |
192 | /* otherwise it must be in the queue */ | |
a2c4ad5f | 193 | disorder_remove(dcgi_client, id); |
6a5964b7 RK |
194 | else |
195 | /* various error states */ | |
2e9ba080 | 196 | disorder_error(0, "does not make sense to scratch or remove %s", id); |
a2c4ad5f RK |
197 | } |
198 | redirect(0); | |
199 | } | |
200 | ||
59cf25c4 | 201 | /*$ move |
5c1ae3bc RK |
202 | * |
203 | * Moves the track given by the \fBid\fR argument the distance given by the | |
204 | * \fBdelta\fR argument. If this is positive the track is moved earlier in the | |
205 | * queue and if negative, later. | |
206 | */ | |
6d9dd8d9 RK |
207 | static void act_move(void) { |
208 | const char *id, *delta; | |
209 | struct queue_entry *q; | |
210 | ||
211 | if(dcgi_client) { | |
212 | if(!(id = cgi_get("id"))) | |
2e9ba080 | 213 | disorder_error(0, "missing 'id' argument"); |
6d9dd8d9 | 214 | else if(!(delta = cgi_get("delta"))) |
2e9ba080 | 215 | disorder_error(0, "missing 'delta' argument"); |
6d9dd8d9 | 216 | else if(!(q = dcgi_findtrack(id))) |
2e9ba080 | 217 | disorder_error(0, "unknown queue id %s", id); |
6d9dd8d9 RK |
218 | else switch(q->state) { |
219 | case playing_random: /* unplayed randomly chosen track */ | |
220 | case playing_unplayed: /* haven't played this track yet */ | |
221 | disorder_move(dcgi_client, id, atol(delta)); | |
222 | break; | |
223 | default: | |
2e9ba080 | 224 | disorder_error(0, "does not make sense to scratch %s", id); |
6d9dd8d9 RK |
225 | break; |
226 | } | |
227 | } | |
228 | redirect(0); | |
229 | } | |
230 | ||
59cf25c4 | 231 | /*$ play |
5c1ae3bc RK |
232 | * |
233 | * Play the track given by the \fBtrack\fR argument, or if that is not set all | |
234 | * the tracks in the directory given by the \fBdir\fR argument. | |
235 | */ | |
6d9dd8d9 RK |
236 | static void act_play(void) { |
237 | const char *track, *dir; | |
238 | char **tracks; | |
239 | int ntracks, n; | |
e13809e4 | 240 | struct tracksort_data *tsd; |
00861dcb | 241 | char *id; |
6d9dd8d9 RK |
242 | |
243 | if(dcgi_client) { | |
02eaa49d | 244 | if((track = cgi_get("track"))) { |
00861dcb | 245 | disorder_play(dcgi_client, track, &id); |
6d9dd8d9 RK |
246 | } else if((dir = cgi_get("dir"))) { |
247 | if(disorder_files(dcgi_client, dir, 0, &tracks, &ntracks)) | |
248 | ntracks = 0; | |
e13809e4 | 249 | tsd = tracksort_init(ntracks, tracks, "track"); |
6d9dd8d9 | 250 | for(n = 0; n < ntracks; ++n) |
00861dcb | 251 | disorder_play(dcgi_client, tsd[n].track, &id); |
6d9dd8d9 RK |
252 | } |
253 | } | |
254 | redirect(0); | |
255 | } | |
256 | ||
257 | static int clamp(int n, int min, int max) { | |
258 | if(n < min) | |
259 | return min; | |
260 | if(n > max) | |
261 | return max; | |
262 | return n; | |
263 | } | |
264 | ||
59cf25c4 | 265 | /*$ volume |
5c1ae3bc RK |
266 | * |
267 | * If the \fBdelta\fR argument is set: adjust both channels by that amount (up | |
268 | * if positive, down if negative). | |
269 | * | |
270 | * Otherwise if \fBleft\fR and \fBright\fR are set, set the channels | |
271 | * independently to those values. | |
272 | */ | |
6d9dd8d9 RK |
273 | static void act_volume(void) { |
274 | const char *l, *r, *d; | |
275 | int nd; | |
276 | ||
277 | if(dcgi_client) { | |
278 | if((d = cgi_get("delta"))) { | |
279 | dcgi_lookup(DCGI_VOLUME); | |
280 | nd = clamp(atoi(d), -255, 255); | |
281 | disorder_set_volume(dcgi_client, | |
282 | clamp(dcgi_volume_left + nd, 0, 255), | |
283 | clamp(dcgi_volume_right + nd, 0, 255)); | |
284 | } else if((l = cgi_get("left")) && (r = cgi_get("right"))) | |
285 | disorder_set_volume(dcgi_client, atoi(l), atoi(r)); | |
286 | } | |
287 | redirect(0); | |
288 | } | |
289 | ||
e7ce7665 | 290 | /** @brief Expand the login template with @b @@error set to @p error |
b7e452c7 | 291 | * @param e Error keyword |
e7ce7665 | 292 | */ |
b7e452c7 RK |
293 | static void login_error(const char *e) { |
294 | dcgi_error_string = e; | |
e7ce7665 RK |
295 | dcgi_expand("login", 1); |
296 | } | |
297 | ||
298 | /** @brief Log in | |
299 | * @param username Login name | |
300 | * @param password Password | |
301 | * @return 0 on success, non-0 on error | |
302 | * | |
303 | * On error, calls login_error() to expand the login template. | |
304 | */ | |
305 | static int login_as(const char *username, const char *password) { | |
306 | disorder_client *c; | |
307 | ||
308 | if(dcgi_cookie && dcgi_client) | |
309 | disorder_revoke(dcgi_client); | |
ff92debd MW |
310 | /* We'll need a new connection as we are going to stop being guest. |
311 | * Make sure it's unprivileged, so that the server actually bothers checking | |
312 | * the password we supply. | |
313 | */ | |
e7ce7665 | 314 | c = disorder_new(0); |
ff92debd | 315 | disorder_force_unpriv(c); |
e7ce7665 RK |
316 | if(disorder_connect_user(c, username, password)) { |
317 | login_error("loginfailed"); | |
318 | return -1; | |
319 | } | |
320 | /* Generate a cookie so we can log in again later */ | |
321 | if(disorder_make_cookie(c, &dcgi_cookie)) { | |
322 | login_error("cookiefailed"); | |
323 | return -1; | |
324 | } | |
325 | /* Use the new connection henceforth */ | |
326 | dcgi_client = c; | |
327 | dcgi_lookup_reset(); | |
328 | return 0; /* OK */ | |
329 | } | |
330 | ||
59cf25c4 | 331 | /*$ login |
5c1ae3bc RK |
332 | * |
333 | * If \fBusername\fR and \fBpassword\fR are set (and the username isn't | |
334 | * "guest") then attempt to log in using those credentials. On success, | |
335 | * redirects to the \fBback\fR argument if that is set, or just expands | |
336 | * \fIlogin.tmpl\fI otherwise, with \fB@status\fR set to \fBloginok\fR. | |
337 | * | |
338 | * If they aren't set then just expands \fIlogin.tmpl\fI. | |
339 | */ | |
e7ce7665 RK |
340 | static void act_login(void) { |
341 | const char *username, *password; | |
342 | ||
343 | /* We try all this even if not connected since the subsequent connection may | |
344 | * succeed. */ | |
345 | ||
346 | username = cgi_get("username"); | |
347 | password = cgi_get("password"); | |
348 | if(!username | |
349 | || !password | |
350 | || !strcmp(username, "guest")/*bodge to avoid guest cookies*/) { | |
351 | /* We're just visiting the login page, not performing an action at all. */ | |
352 | dcgi_expand("login", 1); | |
353 | return; | |
354 | } | |
355 | if(!login_as(username, password)) { | |
356 | /* Report the succesful login */ | |
357 | dcgi_status_string = "loginok"; | |
2cc4c0ef RK |
358 | /* Redirect back to where we came from, if necessary */ |
359 | if(cgi_get("back")) | |
360 | redirect(0); | |
361 | else | |
362 | dcgi_expand("login", 1); | |
e7ce7665 RK |
363 | } |
364 | } | |
365 | ||
59cf25c4 | 366 | /*$ logout |
5c1ae3bc RK |
367 | * |
368 | * Logs out the current user and expands \fIlogin.tmpl\fR with \fBstatus\fR or | |
369 | * \fB@error\fR set according to the result. | |
370 | */ | |
e7ce7665 RK |
371 | static void act_logout(void) { |
372 | if(dcgi_client) { | |
373 | /* Ask the server to revoke the cookie */ | |
374 | if(!disorder_revoke(dcgi_client)) | |
375 | dcgi_status_string = "logoutok"; | |
376 | else | |
377 | dcgi_error_string = "revokefailed"; | |
378 | } else { | |
379 | /* We can't guarantee a logout if we can't connect to the server to revoke | |
380 | * the cookie, so we report an error. We'll still ask the browser to | |
381 | * forget the cookie though. */ | |
382 | dcgi_error_string = "connect"; | |
383 | } | |
384 | /* Attempt to reconnect without the cookie */ | |
385 | dcgi_cookie = 0; | |
386 | dcgi_login(); | |
387 | /* Back to login page, hopefuly forcing the browser to forget the cookie. */ | |
388 | dcgi_expand("login", 1); | |
389 | } | |
390 | ||
59cf25c4 | 391 | /*$ register |
5c1ae3bc RK |
392 | * |
393 | * Register a new user using \fBusername\fR, \fBpassword1\fR, \fBpassword2\fR | |
394 | * and \fBemail\fR and expands \fIlogin.tmpl\fR with \fBstatus\fR or | |
395 | * \fB@error\fR set according to the result. | |
396 | */ | |
e7ce7665 RK |
397 | static void act_register(void) { |
398 | const char *username, *password, *password2, *email; | |
399 | char *confirm, *content_type; | |
400 | const char *text, *encoding, *charset; | |
401 | ||
402 | /* If we're not connected then this is a hopeless exercise */ | |
403 | if(!dcgi_client) { | |
404 | login_error("connect"); | |
405 | return; | |
406 | } | |
407 | ||
408 | /* Collect arguments */ | |
409 | username = cgi_get("username"); | |
410 | password = cgi_get("password1"); | |
411 | password2 = cgi_get("password2"); | |
412 | email = cgi_get("email"); | |
413 | ||
414 | /* Verify arguments */ | |
415 | if(!username || !*username) { | |
416 | login_error("nousername"); | |
417 | return; | |
418 | } | |
419 | if(!password || !*password) { | |
420 | login_error("nopassword"); | |
421 | return; | |
422 | } | |
423 | if(!password2 || !*password2 || strcmp(password, password2)) { | |
424 | login_error("passwordmismatch"); | |
425 | return; | |
426 | } | |
427 | if(!email || !*email) { | |
428 | login_error("noemail"); | |
429 | return; | |
430 | } | |
431 | /* We could well do better address validation but for now we'll just do the | |
5f2d537c | 432 | * minimum */ |
33e95f03 | 433 | if(!email_valid(email)) { |
e7ce7665 RK |
434 | login_error("bademail"); |
435 | return; | |
436 | } | |
437 | if(disorder_register(dcgi_client, username, password, email, &confirm)) { | |
438 | login_error("cannotregister"); | |
439 | return; | |
440 | } | |
441 | /* Send the user a mail */ | |
442 | /* TODO templatize this */ | |
443 | byte_xasprintf((char **)&text, | |
444 | "Welcome to DisOrder. To active your login, please visit this URL:\n" | |
445 | "\n" | |
446 | "%s?c=%s\n", config->url, urlencodestring(confirm)); | |
447 | if(!(text = mime_encode_text(text, &charset, &encoding))) | |
2e9ba080 | 448 | disorder_fatal(0, "cannot encode email"); |
e7ce7665 RK |
449 | byte_xasprintf(&content_type, "text/plain;charset=%s", |
450 | quote822(charset, 0)); | |
451 | sendmail("", config->mail_sender, email, "Welcome to DisOrder", | |
452 | encoding, content_type, text); /* TODO error checking */ | |
453 | /* We'll go back to the login page with a suitable message */ | |
454 | dcgi_status_string = "registered"; | |
455 | dcgi_expand("login", 1); | |
456 | } | |
457 | ||
59cf25c4 | 458 | /*$ confirm |
5c1ae3bc RK |
459 | * |
460 | * Confirm a user registration using the nonce supplied in \fBc\fR and expands | |
461 | * \fIlogin.tmpl\fR with \fBstatus\fR or \fB@error\fR set according to the | |
462 | * result. | |
463 | */ | |
e7ce7665 RK |
464 | static void act_confirm(void) { |
465 | const char *confirmation; | |
466 | ||
467 | /* If we're not connected then this is a hopeless exercise */ | |
468 | if(!dcgi_client) { | |
469 | login_error("connect"); | |
470 | return; | |
471 | } | |
472 | ||
473 | if(!(confirmation = cgi_get("c"))) { | |
474 | login_error("noconfirm"); | |
475 | return; | |
476 | } | |
477 | /* Confirm our registration */ | |
478 | if(disorder_confirm(dcgi_client, confirmation)) { | |
479 | login_error("badconfirm"); | |
480 | return; | |
481 | } | |
482 | /* Get a cookie */ | |
483 | if(disorder_make_cookie(dcgi_client, &dcgi_cookie)) { | |
484 | login_error("cookiefailed"); | |
485 | return; | |
486 | } | |
487 | /* Junk cached data */ | |
488 | dcgi_lookup_reset(); | |
489 | /* Report success */ | |
490 | dcgi_status_string = "confirmed"; | |
491 | dcgi_expand("login", 1); | |
492 | } | |
493 | ||
59cf25c4 | 494 | /*$ edituser |
5c1ae3bc RK |
495 | * |
496 | * Edit user details using \fBusername\fR, \fBchangepassword1\fR, | |
497 | * \fBchangepassword2\fR and \fBemail\fR and expands \fIlogin.tmpl\fR with | |
498 | * \fBstatus\fR or \fB@error\fR set according to the result. | |
499 | */ | |
e7ce7665 RK |
500 | static void act_edituser(void) { |
501 | const char *email = cgi_get("email"), *password = cgi_get("changepassword1"); | |
502 | const char *password2 = cgi_get("changepassword2"); | |
503 | int newpassword = 0; | |
504 | ||
505 | /* If we're not connected then this is a hopeless exercise */ | |
506 | if(!dcgi_client) { | |
507 | login_error("connect"); | |
508 | return; | |
509 | } | |
510 | ||
511 | /* Verify input */ | |
512 | ||
513 | /* If either password or password2 is set we insist they match. If they | |
514 | * don't we report an error. */ | |
515 | if((password && *password) || (password2 && *password2)) { | |
516 | if(!password || !password2 || strcmp(password, password2)) { | |
517 | login_error("passwordmismatch"); | |
518 | return; | |
519 | } | |
520 | } else | |
521 | password = password2 = 0; | |
33e95f03 | 522 | if(email && !email_valid(email)) { |
e7ce7665 RK |
523 | login_error("bademail"); |
524 | return; | |
525 | } | |
526 | ||
527 | /* Commit changes */ | |
528 | if(email) { | |
529 | if(disorder_edituser(dcgi_client, disorder_user(dcgi_client), | |
530 | "email", email)) { | |
531 | login_error("badedit"); | |
532 | return; | |
533 | } | |
534 | } | |
535 | if(password) { | |
536 | if(disorder_edituser(dcgi_client, disorder_user(dcgi_client), | |
537 | "password", password)) { | |
538 | login_error("badedit"); | |
539 | return; | |
540 | } | |
541 | newpassword = 1; | |
542 | } | |
543 | ||
544 | if(newpassword) { | |
545 | /* If we changed the password, the cookie is now invalid, so we must log | |
546 | * back in. */ | |
547 | if(login_as(disorder_user(dcgi_client), password)) | |
548 | return; | |
549 | } | |
550 | /* Report success */ | |
551 | dcgi_status_string = "edited"; | |
552 | dcgi_expand("login", 1); | |
553 | } | |
554 | ||
59cf25c4 | 555 | /*$ reminder |
5c1ae3bc RK |
556 | * |
557 | * Issue an email password reminder to \fBusername\fR and expands | |
558 | * \fIlogin.tmpl\fR with \fBstatus\fR or \fB@error\fR set according to the | |
559 | * result. | |
560 | */ | |
e7ce7665 RK |
561 | static void act_reminder(void) { |
562 | const char *const username = cgi_get("username"); | |
563 | ||
564 | /* If we're not connected then this is a hopeless exercise */ | |
565 | if(!dcgi_client) { | |
566 | login_error("connect"); | |
567 | return; | |
568 | } | |
569 | ||
570 | if(!username || !*username) { | |
571 | login_error("nousername"); | |
572 | return; | |
573 | } | |
574 | if(disorder_reminder(dcgi_client, username)) { | |
575 | login_error("reminderfailed"); | |
576 | return; | |
577 | } | |
578 | /* Report success */ | |
579 | dcgi_status_string = "reminded"; | |
580 | dcgi_expand("login", 1); | |
581 | } | |
582 | ||
02eaa49d RK |
583 | /** @brief Get the numbered version of an argument |
584 | * @param argname Base argument name | |
585 | * @param numfile File number | |
586 | * @return cgi_get(NUMFILE_ARGNAME) | |
587 | */ | |
588 | static const char *numbered_arg(const char *argname, int numfile) { | |
589 | char *fullname; | |
590 | ||
591 | byte_xasprintf(&fullname, "%d_%s", numfile, argname); | |
592 | return cgi_get(fullname); | |
593 | } | |
594 | ||
595 | /** @brief Set preferences for file @p numfile | |
596 | * @return 0 on success, -1 if there is no such track number | |
597 | * | |
598 | * The old @b nfiles parameter has been abolished, we just keep look for more | |
599 | * files until we run out. | |
600 | */ | |
601 | static int process_prefs(int numfile) { | |
602 | const char *file, *name, *value, *part, *parts, *context; | |
603 | char **partslist; | |
604 | ||
605 | if(!(file = numbered_arg("track", numfile))) | |
606 | return -1; | |
607 | if(!(parts = cgi_get("parts"))) | |
608 | parts = "artist album title"; | |
609 | if(!(context = cgi_get("context"))) | |
610 | context = "display"; | |
611 | partslist = split(parts, 0, 0, 0, 0); | |
612 | while((part = *partslist++)) { | |
613 | if(!(value = numbered_arg(part, numfile))) | |
614 | continue; | |
615 | byte_xasprintf((char **)&name, "trackname_%s_%s", context, part); | |
616 | disorder_set(dcgi_client, file, name, value); | |
617 | } | |
9efa107e | 618 | if(numbered_arg("random", numfile)) |
02eaa49d RK |
619 | disorder_unset(dcgi_client, file, "pick_at_random"); |
620 | else | |
621 | disorder_set(dcgi_client, file, "pick_at_random", "0"); | |
622 | if((value = numbered_arg("tags", numfile))) { | |
623 | if(!*value) | |
624 | disorder_unset(dcgi_client, file, "tags"); | |
625 | else | |
626 | disorder_set(dcgi_client, file, "tags", value); | |
627 | } | |
628 | if((value = numbered_arg("weight", numfile))) { | |
629 | if(!*value) | |
630 | disorder_unset(dcgi_client, file, "weight"); | |
631 | else | |
632 | disorder_set(dcgi_client, file, "weight", value); | |
633 | } | |
634 | return 0; | |
635 | } | |
636 | ||
59cf25c4 | 637 | /*$ prefs |
5c1ae3bc RK |
638 | * |
639 | * Set preferences on a number of tracks. | |
640 | * | |
641 | * The tracks to modify are specified in arguments \fB0_track\fR, \fB1_track\fR | |
642 | * etc. The number sequence must be contiguous and start from 0. | |
643 | * | |
644 | * For each track \fIINDEX\fB_track\fR: | |
645 | * - \fIINDEX\fB_\fIPART\fR is used to set the trackname preference for | |
646 | * that part. (See \fBparts\fR below.) | |
647 | * - \fIINDEX\fB_\fIrandom\fR if present enables random play for this track | |
648 | * or disables it if absent. | |
649 | * - \fIINDEX\fB_\fItags\fR sets the list of tags for this track. | |
650 | * - \fIINDEX\fB_\fIweight\fR sets the weight for this track. | |
651 | * | |
652 | * \fBparts\fR can be set to the track name parts to modify. The default is | |
653 | * "artist album title". | |
654 | * | |
655 | * \fBcontext\fR can be set to the context to modify. The default is | |
656 | * "display". | |
657 | * | |
658 | * If the server detects a preference being set to its default, it removes the | |
659 | * preference, thus keeping the database tidy. | |
660 | */ | |
02eaa49d RK |
661 | static void act_set(void) { |
662 | int numfile; | |
663 | ||
664 | if(dcgi_client) { | |
665 | for(numfile = 0; !process_prefs(numfile); ++numfile) | |
666 | ; | |
667 | } | |
668 | redirect(0); | |
669 | } | |
670 | ||
bca4e2b7 RK |
671 | /** @brief Table of actions */ |
672 | static const struct action { | |
673 | /** @brief Action name */ | |
674 | const char *name; | |
675 | /** @brief Action handler */ | |
676 | void (*handler)(void); | |
02eaa49d RK |
677 | /** @brief Union of suitable rights */ |
678 | rights_type rights; | |
bca4e2b7 | 679 | } actions[] = { |
02eaa49d RK |
680 | { "confirm", act_confirm, 0 }, |
681 | { "disable", act_disable, RIGHT_GLOBAL_PREFS }, | |
682 | { "edituser", act_edituser, 0 }, | |
683 | { "enable", act_enable, RIGHT_GLOBAL_PREFS }, | |
684 | { "login", act_login, 0 }, | |
685 | { "logout", act_logout, 0 }, | |
686 | { "manage", act_playing, 0 }, | |
687 | { "move", act_move, RIGHT_MOVE__MASK }, | |
688 | { "pause", act_pause, RIGHT_PAUSE }, | |
689 | { "play", act_play, RIGHT_PLAY }, | |
690 | { "playing", act_playing, 0 }, | |
691 | { "randomdisable", act_random_disable, RIGHT_GLOBAL_PREFS }, | |
692 | { "randomenable", act_random_enable, RIGHT_GLOBAL_PREFS }, | |
693 | { "register", act_register, 0 }, | |
694 | { "reminder", act_reminder, 0 }, | |
695 | { "remove", act_remove, RIGHT_MOVE__MASK|RIGHT_SCRATCH__MASK }, | |
696 | { "resume", act_resume, RIGHT_PAUSE }, | |
697 | { "set", act_set, RIGHT_PREFS }, | |
698 | { "volume", act_volume, RIGHT_VOLUME }, | |
bca4e2b7 RK |
699 | }; |
700 | ||
40dcd866 RK |
701 | /** @brief Check that an action name is valid |
702 | * @param name Action | |
703 | * @return 1 if valid, 0 if not | |
704 | */ | |
705 | static int dcgi_valid_action(const char *name) { | |
706 | int c; | |
707 | ||
708 | /* First character must be letter or digit (this also requires there to _be_ | |
709 | * a first character) */ | |
710 | if(!isalnum((unsigned char)*name)) | |
711 | return 0; | |
712 | /* Only letters, digits, '.' and '-' allowed */ | |
713 | while((c = (unsigned char)*name++)) { | |
714 | if(!(isalnum(c) | |
715 | || c == '.' | |
716 | || c == '_')) | |
717 | return 0; | |
718 | } | |
719 | return 1; | |
720 | } | |
721 | ||
bca4e2b7 RK |
722 | /** @brief Expand a template |
723 | * @param name Base name of template, or NULL to consult CGI args | |
e7ce7665 | 724 | * @param header True to write header |
bca4e2b7 | 725 | */ |
e7ce7665 | 726 | void dcgi_expand(const char *name, int header) { |
99955407 | 727 | const char *p, *found; |
0d0253c9 RK |
728 | |
729 | /* Parse macros first */ | |
f2d306b4 RK |
730 | if((found = mx_find("macros.tmpl", 1/*report*/))) |
731 | mx_expand_file(found, sink_discard(), 0); | |
732 | if((found = mx_find("user.tmpl", 0/*report*/))) | |
99955407 | 733 | mx_expand_file(found, sink_discard(), 0); |
bca4e2b7 | 734 | /* For unknown actions check that they aren't evil */ |
40dcd866 | 735 | if(!dcgi_valid_action(name)) |
2e9ba080 | 736 | disorder_fatal(0, "invalid action name '%s'", name); |
71634563 | 737 | byte_xasprintf((char **)&p, "%s.tmpl", name); |
f2d306b4 | 738 | if(!(found = mx_find(p, 0/*report*/))) |
2e9ba080 | 739 | disorder_fatal(errno, "cannot find %s", p); |
e7ce7665 | 740 | if(header) { |
10921eba | 741 | if(printf("Content-Type: text/html; charset=UTF-8\n" |
e7ce7665 RK |
742 | "%s\n" |
743 | "\n", dcgi_cookie_header()) < 0) | |
2e9ba080 | 744 | disorder_fatal(errno, "error writing to stdout"); |
e7ce7665 | 745 | } |
99955407 | 746 | if(mx_expand_file(found, sink_stdio("stdout", stdout), 0) == -1 |
bca4e2b7 | 747 | || fflush(stdout) < 0) |
2e9ba080 | 748 | disorder_fatal(errno, "error writing to stdout"); |
bca4e2b7 RK |
749 | } |
750 | ||
751 | /** @brief Execute a web action | |
752 | * @param action Action to perform, or NULL to consult CGI args | |
753 | * | |
754 | * If no recognized action is specified then 'playing' is assumed. | |
755 | */ | |
1e97629d | 756 | void dcgi_action(const char *action) { |
bca4e2b7 | 757 | int n; |
bca4e2b7 RK |
758 | |
759 | /* Consult CGI args if caller had no view */ | |
760 | if(!action) | |
761 | action = cgi_get("action"); | |
762 | /* Pick a default if nobody cares at all */ | |
763 | if(!action) { | |
764 | /* We allow URLs which are just c=... in order to keep confirmation URLs, | |
765 | * which are user-facing, as short as possible. Actually we could lose the | |
766 | * c= for this... */ | |
767 | if(cgi_get("c")) | |
768 | action = "confirm"; | |
769 | else | |
770 | action = "playing"; | |
5a7df048 RK |
771 | /* Make sure 'action' is always set */ |
772 | cgi_set("action", action); | |
bca4e2b7 | 773 | } |
ba937f01 | 774 | if((n = TABLE_FIND(actions, name, action)) >= 0) { |
02eaa49d RK |
775 | if(actions[n].rights) { |
776 | /* Some right or other is required */ | |
777 | dcgi_lookup(DCGI_RIGHTS); | |
778 | if(!(actions[n].rights & dcgi_rights)) { | |
2cc4c0ef | 779 | const char *back = cgi_thisurl(config->url); |
02eaa49d | 780 | /* Failed operations jump you to the login screen with an error |
2cc4c0ef RK |
781 | * message. On success, the user comes back to the page they were |
782 | * after. */ | |
783 | cgi_clear(); | |
784 | cgi_set("back", back); | |
02eaa49d RK |
785 | login_error("noright"); |
786 | return; | |
787 | } | |
788 | } | |
789 | /* It's a known action */ | |
bca4e2b7 | 790 | actions[n].handler(); |
02eaa49d | 791 | } else { |
bca4e2b7 | 792 | /* Just expand the template */ |
e7ce7665 | 793 | dcgi_expand(action, 1/*header*/); |
448d3570 | 794 | } |
bca4e2b7 RK |
795 | } |
796 | ||
797 | /** @brief Generate an error page */ | |
0d0253c9 RK |
798 | void dcgi_error(const char *key) { |
799 | dcgi_error_string = xstrdup(key); | |
e7ce7665 | 800 | dcgi_expand("error", 1); |
bca4e2b7 RK |
801 | } |
802 | ||
803 | /* | |
804 | Local Variables: | |
805 | c-basic-offset:2 | |
806 | comment-column:40 | |
807 | fill-column:79 | |
808 | indent-tabs-mode:nil | |
809 | End: | |
810 | */ |