+static void act_login(cgi_sink *output,
+ dcgi_state *ds) {
+ const char *username, *password, *back;
+ disorder_client *c;
+
+ username = cgi_get("username");
+ password = cgi_get("password");
+ if(!username || !password
+ || !strcmp(username, "guest")/*bodge to avoid guest cookies*/) {
+ /* We're just visiting the login page */
+ expand_template(ds, output, "login");
+ return;
+ }
+ c = disorder_new(1);
+ if(disorder_connect_user(c, username, password)) {
+ cgi_set_option("error", "loginfailed");
+ expand_template(ds, output, "login");
+ return;
+ }
+ if(disorder_make_cookie(c, &login_cookie)) {
+ cgi_set_option("error", "cookiefailed");
+ expand_template(ds, output, "login");
+ return;
+ }
+ /* We have a new cookie */
+ header_cookie(output->sink);
+ cgi_set_option("status", "loginok");
+ if((back = cgi_get("back")) && *back)
+ /* Redirect back to somewhere or other */
+ redirect(output->sink);
+ else
+ /* Stick to the login page */
+ expand_template(ds, output, "login");
+}
+
+static void act_logout(cgi_sink *output,
+ dcgi_state *ds) {
+ disorder_revoke(ds->g->client);
+ login_cookie = 0;
+ /* Reconnect as guest */
+ disorder_cgi_login(ds, output);
+ /* Back to the login page */
+ cgi_set_option("status", "logoutok");
+ expand_template(ds, output, "login");
+}
+
+static void act_register(cgi_sink *output,
+ dcgi_state *ds) {
+ const char *username, *password, *email;
+ char *confirm, *content_type;
+ const char *text, *encoding, *charset;
+
+ username = cgi_get("username");
+ password = cgi_get("password");
+ email = cgi_get("email");
+
+ if(!username || !*username) {
+ cgi_set_option("error", "nousername");
+ expand_template(ds, output, "login");
+ return;
+ }
+ if(!password || !*password) {
+ cgi_set_option("error", "nopassword");
+ expand_template(ds, output, "login");
+ return;
+ }
+ if(!email || !*email) {
+ cgi_set_option("error", "noemail");
+ expand_template(ds, output, "login");
+ return;
+ }
+ /* We could well do better address validation but for now we'll just do the
+ * minimum */
+ if(!strchr(email, '@')) {
+ cgi_set_option("error", "bademail");
+ expand_template(ds, output, "login");
+ return;
+ }
+ if(disorder_register(ds->g->client, username, password, email, &confirm)) {
+ cgi_set_option("error", "cannotregister");
+ expand_template(ds, output, "login");
+ return;
+ }
+ /* Send the user a mail */
+ /* TODO templatize this */
+ byte_xasprintf((char **)&text,
+ "Welcome to DisOrder. To active your login, please visit this URL:\n"
+ "\n"
+ "%s?c=%s\n", config->url, urlencodestring(confirm));
+ if(!(text = mime_encode_text(text, &charset, &encoding)))
+ fatal(0, "cannot encode email");
+ byte_xasprintf(&content_type, "text/plain;charset=%s",
+ quote822(charset, 0));
+ sendmail("", config->mail_sender, email, "Welcome to DisOrder",
+ encoding, content_type, text); /* TODO error checking */
+ /* We'll go back to the login page with a suitable message */
+ cgi_set_option("status", "registered");
+ expand_template(ds, output, "login");
+}
+
+static void act_confirm(cgi_sink *output,
+ dcgi_state *ds) {
+ const char *confirmation;
+
+ if(!(confirmation = cgi_get("c"))) {
+ cgi_set_option("error", "noconfirm");
+ expand_template(ds, output, "login");
+ }
+ if(disorder_confirm(ds->g->client, confirmation)) {
+ cgi_set_option("error", "badconfirm");
+ expand_template(ds, output, "login");
+ }
+ cgi_set_option("status", "confirmed");
+ expand_template(ds, output, "login");
+}
+