From 968f044ac93cee0b8ead3f36b76543324de0106f Mon Sep 17 00:00:00 2001 Message-Id: <968f044ac93cee0b8ead3f36b76543324de0106f.1714438021.git.mdw@distorted.org.uk> From: Mark Wooding Date: Mon, 31 Dec 2007 11:02:29 +0000 Subject: [PATCH] Registration now insists you type your password twice the same. Organization: Straylight/Edgeware From: rjk@greenend.org.uk <> Editing user details (email/password) from the web now works. Again you must type your password twice. Registration and editing forms in login.html now have extra documentation in a third column, controlled as ever via labels. New @userinfo@ expansion allows user properties to be queried. Added some missing error.* labels. --- doc/disorder_config.5.in | 3 ++ server/dcgi.c | 82 ++++++++++++++++++++++++++++++++++++++- templates/login.html | 83 ++++++++++++++++++++++++++++------------ templates/options.labels | 29 ++++++++++++-- 4 files changed, 167 insertions(+), 30 deletions(-) diff --git a/doc/disorder_config.5.in b/doc/disorder_config.5.in index 4652369..a58f787 100644 --- a/doc/disorder_config.5.in +++ b/doc/disorder_config.5.in @@ -1161,6 +1161,9 @@ URL-quote \fISTRING\fR. .B @user@ The current username. This will be "guest" if nobody is logged in. .TP +.B @userinfo{\fIPROPERTY\fB}@ +Look up a property of the logged-in user. +.TP .B @version@ Expands to \fBdisorder.cgi\fR's version string. .TP diff --git a/server/dcgi.c b/server/dcgi.c index fca4e01..4e289a0 100644 --- a/server/dcgi.c +++ b/server/dcgi.c @@ -503,12 +503,13 @@ static void act_logout(cgi_sink *output, static void act_register(cgi_sink *output, dcgi_state *ds) { - const char *username, *password, *email; + const char *username, *password, *password2, *email; char *confirm, *content_type; const char *text, *encoding, *charset; username = cgi_get("username"); - password = cgi_get("password"); + password = cgi_get("password1"); + password2 = cgi_get("password2"); email = cgi_get("email"); if(!username || !*username) { @@ -521,6 +522,11 @@ static void act_register(cgi_sink *output, expand_template(ds, output, "login"); return; } + if(!password2 || !*password2 || strcmp(password, password2)) { + cgi_set_option("error", "passwordmismatch"); + expand_template(ds, output, "login"); + return; + } if(!email || !*email) { cgi_set_option("error", "noemail"); expand_template(ds, output, "login"); @@ -582,12 +588,70 @@ static void act_confirm(cgi_sink *output, expand_template(ds, output, "login"); } +static void act_edituser(cgi_sink *output, + dcgi_state *ds) { + const char *email = cgi_get("email"), *password = cgi_get("changepassword1"); + const char *password2 = cgi_get("changepassword2"); + int newpassword = 0; + disorder_client *c; + + if((password && *password) || (password && *password2)) { + if(!password || !password2 || strcmp(password, password2)) { + cgi_set_option("error", "passwordmismatch"); + expand_template(ds, output, "login"); + return; + } + } else + password = password2 = 0; + + if(email) { + if(disorder_edituser(ds->g->client, disorder_user(ds->g->client), + "email", email)) { + cgi_set_option("error", "badedit"); + expand_template(ds, output, "login"); + return; + } + } + if(password) { + if(disorder_edituser(ds->g->client, disorder_user(ds->g->client), + "password", password)) { + cgi_set_option("error", "badedit"); + expand_template(ds, output, "login"); + return; + } + newpassword = 1; + } + if(newpassword) { + login_cookie = 0; /* it'll be invalid now */ + /* This is a bit duplicative of act_login() */ + c = disorder_new(0); + if(disorder_connect_user(c, disorder_user(ds->g->client), password)) { + cgi_set_option("error", "loginfailed"); + expand_template(ds, output, "login"); + return; + } + if(disorder_make_cookie(c, &login_cookie)) { + cgi_set_option("error", "cookiefailed"); + expand_template(ds, output, "login"); + return; + } + /* Use the new connection henceforth */ + ds->g->client = c; + ds->g->flags = 0; + /* We have a new cookie */ + header_cookie(output->sink); + } + cgi_set_option("status", "edited"); + expand_template(ds, output, "login"); +} + static const struct action { const char *name; void (*handler)(cgi_sink *output, dcgi_state *ds); } actions[] = { { "confirm", act_confirm }, { "disable", act_disable }, + { "edituser", act_edituser }, { "enable", act_enable }, { "login", act_login }, { "logout", act_logout }, @@ -1619,6 +1683,19 @@ static void exp_right(int attribute((unused)) nargs, expandstring(output, args[2], ds); } +static void exp_userinfo(int attribute((unused)) nargs, + char **args, + cgi_sink *output, + void *u) { + dcgi_state *const ds = u; + const char *value; + + if(disorder_userinfo(ds->g->client, disorder_user(ds->g->client), args[0], + (char **)&value)) + value = ""; + cgi_output(output, "%s", value); +} + static const struct cgi_expansion expansions[] = { { "#", 0, INT_MAX, EXP_MAGIC, exp_comment }, { "action", 0, 0, 0, exp_action }, @@ -1681,6 +1758,7 @@ static const struct cgi_expansion expansions[] = { { "url", 0, 0, 0, exp_url }, { "urlquote", 1, 1, 0, exp_urlquote }, { "user", 0, 0, 0, exp_user }, + { "userinfo", 1, 1, 0, exp_userinfo }, { "version", 0, 0, 0, exp_version }, { "volume", 1, 1, 0, exp_volume }, { "when", 0, 0, 0, exp_when }, diff --git a/templates/login.html b/templates/login.html index ee245a3..ab943f9 100644 --- a/templates/login.html +++ b/templates/login.html @@ -49,13 +49,18 @@ USA @label:login.username@ - + @label:login.password@ - + + + + + + + +

Use this form to change your email address and/or password.

@@ -118,13 +148,28 @@ USA @label:login.email@ - + + @label:login.edituseremailextra@ + + + @label:login.newpassword@ + + + + @label:login.edituserpassword1extra@ + + + @label:login.newpassword@ + + + + @label:login.edituserpassword2extra@ - @label:login.password@ - - - - - }@ @include{topbarend}@ diff --git a/templates/options.labels b/templates/options.labels index 1d9800a..d2320f4 100644 --- a/templates/options.labels +++ b/templates/options.labels @@ -138,8 +138,20 @@ label login.title "DisOrder Login" # Text for login fields label login.username "Username" label login.password "Password" +label login.password1 "Password" +label login.password2 "Password" +label login.newpassword "New Password" label login.email "Email address" +label login.registerusernameextra "May only contain unaccented Roman letters and digit; case matters" +label login.registeremailextra "Must be valid" +label login.registerpassword1extra "Letter case matters" +label login.registerpassword2extra "Type same password again to check" + +label login.edituseremailextra "" +label login.edituserpassword1extra "Leave blank to keep existing password" +label login.edituserpassword2extra "Type same password again to check" + # Text for login page buttons label login.login "Login" label login.register "Register" @@ -149,8 +161,9 @@ label login.logout "Logout" # Text for login page responses label login.loginok "You are now logged in." label login.logoutok "You are now logged out." -label login.registered "Registered your new login. Please check your email." -label login.confirmed "Confirmed your new login. You are now logged in." +label login.registered "Your new login has been registered. Please check your email." +label login.confirmed "Your new login has been confirmed. You are now logged in." +label login.edited "Your details have been changed." # for account page label account.title "DisOrder User Details" @@ -162,8 +175,18 @@ label error.title "DisOrder error" # Text used when cannot connect to server label error.connect "Cannot connect to server." -# Text used when cannot become right user +# Error messages for login.html label error.loginfailed "Incorrect username and/or password." +label error.cookiefailed "Cannot create login cookie." +label error.nousername "No username specified." +label error.nopassword "No password specified." +label error.passwordmismatch "Passwords do not match." +label error.noemail "No email address specified." +label error.bademail "Invalid email address." +label error.cannotregister "Unable to register user." +label error.noconfirm "Missing confirmation string." +label error.badconfirm "Invalid confirmation string." +label error.badedit "Cannot edit user details." # Text appended to all error pages label error.generic "" -- [mdw]