X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/blobdiff_plain/bb6ae3fb80fff36cd342d6f6bff3dfabd7dd243e..b28ce5d6683141119444111988b531764f4202df:/server/dcgi.c

diff --git a/server/dcgi.c b/server/dcgi.c
index d878330..69c9214 100644
--- a/server/dcgi.c
+++ b/server/dcgi.c
@@ -464,7 +464,8 @@ static void act_login(cgi_sink *output,
     expand_template(ds, output, "login");
     return;
   }
-  c = disorder_new(1);
+  /* We'll need a new connection as we are going to stop being guest */
+  c = disorder_new(0);
   if(disorder_connect_user(c, username, password)) {
     cgi_set_option("error", "loginfailed");
     expand_template(ds, output, "login");
@@ -475,9 +476,13 @@ static void act_login(cgi_sink *output,
     expand_template(ds, output, "login");
     return;
   }
+  /* Use the new connection henceforth */
+  ds->g->client = c;
+  ds->g->flags = 0;
   /* We have a new cookie */
   header_cookie(output->sink);
-  if((back = cgi_get("back")) && back)
+  cgi_set_option("status", "loginok");
+  if((back = cgi_get("back")) && *back)
     /* Redirect back to somewhere or other */
     redirect(output->sink);
   else
@@ -492,17 +497,19 @@ static void act_logout(cgi_sink *output,
   /* Reconnect as guest */
   disorder_cgi_login(ds, output);
   /* Back to the login page */
+  cgi_set_option("status", "logoutok");
   expand_template(ds, output, "login");
 }
 
 static void act_register(cgi_sink *output,
 			 dcgi_state *ds) {
-  const char *username, *password, *email;
+  const char *username, *password, *password2, *email;
   char *confirm, *content_type;
   const char *text, *encoding, *charset;
 
   username = cgi_get("username");
-  password = cgi_get("password");
+  password = cgi_get("password1");
+  password2 = cgi_get("password2");
   email = cgi_get("email");
 
   if(!username || !*username) {
@@ -515,6 +522,11 @@ static void act_register(cgi_sink *output,
     expand_template(ds, output, "login");
     return;
   }
+  if(!password2 || !*password2 || strcmp(password, password2)) {
+    cgi_set_option("error", "passwordmismatch");
+    expand_template(ds, output, "login");
+    return;
+  }
   if(!email || !*email) {
     cgi_set_option("error", "noemail");
     expand_template(ds, output, "login");
@@ -537,7 +549,7 @@ static void act_register(cgi_sink *output,
   byte_xasprintf((char **)&text,
 		 "Welcome to DisOrder.  To active your login, please visit this URL:\n"
 		 "\n"
-		 "  %s?confirm=%s\n", config->url, confirm);
+		 "%s?c=%s\n", config->url, urlencodestring(confirm));
   if(!(text = mime_encode_text(text, &charset, &encoding)))
     fatal(0, "cannot encode email");
   byte_xasprintf(&content_type, "text/plain;charset=%s",
@@ -545,15 +557,102 @@ static void act_register(cgi_sink *output,
   sendmail("", config->mail_sender, email, "Welcome to DisOrder",
 	   encoding, content_type, text); /* TODO error checking  */
   /* We'll go back to the login page with a suitable message */
-  cgi_set_option("registered", "registeredok");
+  cgi_set_option("status", "registered");
   expand_template(ds, output, "login");
 }
 
+static void act_confirm(cgi_sink *output,
+			dcgi_state *ds) {
+  const char *confirmation;
+
+  if(!(confirmation = cgi_get("c"))) {
+    cgi_set_option("error", "noconfirm");
+    expand_template(ds, output, "login");
+  }
+  /* Confirm our registration */
+  if(disorder_confirm(ds->g->client, confirmation)) {
+    cgi_set_option("error", "badconfirm");
+    expand_template(ds, output, "login");
+  }
+  /* Get a cookie */
+  if(disorder_make_cookie(ds->g->client, &login_cookie)) {
+    cgi_set_option("error", "cookiefailed");
+    expand_template(ds, output, "login");
+    return;
+  }
+  /* Discard any cached data JIC */
+  ds->g->flags = 0;
+  /* We have a new cookie */
+  header_cookie(output->sink);
+  cgi_set_option("status", "confirmed");
+  expand_template(ds, output, "login");
+}
+
+static void act_edituser(cgi_sink *output,
+			 dcgi_state *ds) {
+  const char *email = cgi_get("email"), *password = cgi_get("changepassword1");
+  const char *password2 = cgi_get("changepassword2");
+  int newpassword = 0;
+  disorder_client *c;
+
+  if((password && *password) || (password && *password2)) {
+    if(!password || !password2 || strcmp(password, password2)) {
+      cgi_set_option("error", "passwordmismatch");
+      expand_template(ds, output, "login");
+      return;
+    }
+  } else
+    password = password2 = 0;
+  
+  if(email) {
+    if(disorder_edituser(ds->g->client, disorder_user(ds->g->client),
+			 "email", email)) {
+      cgi_set_option("error", "badedit");
+      expand_template(ds, output, "login");
+      return;
+    }
+  }
+  if(password) {
+    if(disorder_edituser(ds->g->client, disorder_user(ds->g->client),
+			 "password", password)) {
+      cgi_set_option("error", "badedit");
+      expand_template(ds, output, "login");
+      return;
+    }
+    newpassword = 1;
+  }
+  if(newpassword) {
+    login_cookie = 0;			/* it'll be invalid now */
+    /* This is a bit duplicative of act_login() */
+    c = disorder_new(0);
+    if(disorder_connect_user(c, disorder_user(ds->g->client), password)) {
+      cgi_set_option("error", "loginfailed");
+      expand_template(ds, output, "login");
+      return;
+    }
+    if(disorder_make_cookie(c, &login_cookie)) {
+      cgi_set_option("error", "cookiefailed");
+      expand_template(ds, output, "login");
+      return;
+    }
+    /* Use the new connection henceforth */
+    ds->g->client = c;
+    ds->g->flags = 0;
+    /* We have a new cookie */
+    header_cookie(output->sink);
+  }
+  cgi_set_option("status", "edited");
+  expand_template(ds, output, "login");  
+}
+
+
 static const struct action {
   const char *name;
   void (*handler)(cgi_sink *output, dcgi_state *ds);
 } actions[] = {
+  { "confirm", act_confirm },
   { "disable", act_disable },
+  { "edituser", act_edituser },
   { "enable", act_enable },
   { "login", act_login },
   { "logout", act_logout },
@@ -1585,6 +1684,19 @@ static void exp_right(int attribute((unused)) nargs,
     expandstring(output, args[2], ds);
 }
 
+static void exp_userinfo(int attribute((unused)) nargs,
+			 char **args,
+			 cgi_sink *output,
+			 void *u) {
+  dcgi_state *const ds = u;
+  const char *value;
+
+  if(disorder_userinfo(ds->g->client, disorder_user(ds->g->client), args[0],
+		       (char **)&value))
+    value = "";
+  cgi_output(output, "%s", value);
+}
+
 static const struct cgi_expansion expansions[] = {
   { "#", 0, INT_MAX, EXP_MAGIC, exp_comment },
   { "action", 0, 0, 0, exp_action },
@@ -1647,6 +1759,7 @@ static const struct cgi_expansion expansions[] = {
   { "url", 0, 0, 0, exp_url },
   { "urlquote", 1, 1, 0, exp_urlquote },
   { "user", 0, 0, 0, exp_user },
+  { "userinfo", 1, 1, 0, exp_userinfo },
   { "version", 0, 0, 0, exp_version },
   { "volume", 1, 1, 0, exp_volume },
   { "when", 0, 0, 0, exp_when },
@@ -1687,7 +1800,14 @@ static void perform_action(cgi_sink *output, dcgi_state *ds,
 void disorder_cgi(cgi_sink *output, dcgi_state *ds) {
   const char *action = cgi_get("action");
 
-  if(!action) action = "playing";
+  if(!action) {
+    /* We allow URLs which are just confirm=... in order to keep confirmation
+     * URLs, which are user-facing, as short as possible. */
+    if(cgi_get("c"))
+      action = "confirm";
+    else
+      action = "playing";
+  }
   perform_action(output, ds, action);
 }