'confirm' now logs the user in (and sends back their username so the

[disorder] / server / dcgi.c

diff --git a/server/dcgi.c b/server/dcgi.c
index e36719c558596ea1b33a038fd4188b69027b8bb2..fca4e01014f93927e42aed16880459ef326b8a50 100644 (file)
--- a/server/dcgi.c
+++ b/server/dcgi.c
@@ -464,7 +464,8 @@ static void act_login(cgi_sink *output,
     expand_template(ds, output, "login");
     return;
   }
-  c = disorder_new(1);
+  /* We'll need a new connection as we are going to stop being guest */
+  c = disorder_new(0);
   if(disorder_connect_user(c, username, password)) {
     cgi_set_option("error", "loginfailed");
     expand_template(ds, output, "login");
@@ -475,9 +476,13 @@ static void act_login(cgi_sink *output,
     expand_template(ds, output, "login");
     return;
   }
+  /* Use the new connection henceforth */
+  ds->g->client = c;
+  ds->g->flags = 0;
   /* We have a new cookie */
   header_cookie(output->sink);
-  if((back = cgi_get("back")) && back)
+  cgi_set_option("status", "loginok");
+  if((back = cgi_get("back")) && *back)
     /* Redirect back to somewhere or other */
     redirect(output->sink);
   else
@@ -492,6 +497,7 @@ static void act_logout(cgi_sink *output,
   /* Reconnect as guest */
   disorder_cgi_login(ds, output);
   /* Back to the login page */
+  cgi_set_option("status", "logoutok");
   expand_template(ds, output, "login");
 }
 
@@ -537,7 +543,7 @@ static void act_register(cgi_sink *output,
   byte_xasprintf((char **)&text,
                 "Welcome to DisOrder.  To active your login, please visit this URL:\n"
                 "\n"
-                "  %s?confirm=%s\n", config->url, urlencodestring(confirm));
+                "%s?c=%s\n", config->url, urlencodestring(confirm));
   if(!(text = mime_encode_text(text, &charset, &encoding)))
     fatal(0, "cannot encode email");
   byte_xasprintf(&content_type, "text/plain;charset=%s",
@@ -545,7 +551,7 @@ static void act_register(cgi_sink *output,
   sendmail("", config->mail_sender, email, "Welcome to DisOrder",
           encoding, content_type, text); /* TODO error checking  */
   /* We'll go back to the login page with a suitable message */
-  cgi_set_option("registered", "registeredok");
+  cgi_set_option("status", "registered");
   expand_template(ds, output, "login");
 }
 
@@ -553,15 +559,26 @@ static void act_confirm(cgi_sink *output,
                        dcgi_state *ds) {
   const char *confirmation;
 
-  if(!(confirmation = cgi_get("confirm"))) {
+  if(!(confirmation = cgi_get("c"))) {
     cgi_set_option("error", "noconfirm");
     expand_template(ds, output, "login");
   }
+  /* Confirm our registration */
   if(disorder_confirm(ds->g->client, confirmation)) {
     cgi_set_option("error", "badconfirm");
     expand_template(ds, output, "login");
   }
-  cgi_set_option("confirmed", "confirmedok");
+  /* Get a cookie */
+  if(disorder_make_cookie(ds->g->client, &login_cookie)) {
+    cgi_set_option("error", "cookiefailed");
+    expand_template(ds, output, "login");
+    return;
+  }
+  /* Discard any cached data JIC */
+  ds->g->flags = 0;
+  /* We have a new cookie */
+  header_cookie(output->sink);
+  cgi_set_option("status", "confirmed");
   expand_template(ds, output, "login");
 }
 
@@ -1707,7 +1724,7 @@ void disorder_cgi(cgi_sink *output, dcgi_state *ds) {
   if(!action) {
     /* We allow URLs which are just confirm=... in order to keep confirmation
      * URLs, which are user-facing, as short as possible. */
-    if(cgi_get("confirm"))
+    if(cgi_get("c"))
       action = "confirm";
     else
       action = "playing";