From: rjk@greenend.org.uk <>
Date: Sun, 30 Dec 2007 20:56:33 +0000 (+0000)
Subject: Confirmation URLs now work and activate new logins.  The code is all a
X-Git-Tag: 3.0~132
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/commitdiff_plain/230209f70c8bc613eba3cca81d4e5ca060855a56

Confirmation URLs now work and activate new logins.  The code is all a
bit ad-hoc and crufty but the basic functionality does work.
---

diff --git a/server/dcgi.c b/server/dcgi.c
index d878330..e36719c 100644
--- a/server/dcgi.c
+++ b/server/dcgi.c
@@ -537,7 +537,7 @@ static void act_register(cgi_sink *output,
   byte_xasprintf((char **)&text,
 		 "Welcome to DisOrder.  To active your login, please visit this URL:\n"
 		 "\n"
-		 "  %s?confirm=%s\n", config->url, confirm);
+		 "  %s?confirm=%s\n", config->url, urlencodestring(confirm));
   if(!(text = mime_encode_text(text, &charset, &encoding)))
     fatal(0, "cannot encode email");
   byte_xasprintf(&content_type, "text/plain;charset=%s",
@@ -549,10 +549,27 @@ static void act_register(cgi_sink *output,
   expand_template(ds, output, "login");
 }
 
+static void act_confirm(cgi_sink *output,
+			dcgi_state *ds) {
+  const char *confirmation;
+
+  if(!(confirmation = cgi_get("confirm"))) {
+    cgi_set_option("error", "noconfirm");
+    expand_template(ds, output, "login");
+  }
+  if(disorder_confirm(ds->g->client, confirmation)) {
+    cgi_set_option("error", "badconfirm");
+    expand_template(ds, output, "login");
+  }
+  cgi_set_option("confirmed", "confirmedok");
+  expand_template(ds, output, "login");
+}
+
 static const struct action {
   const char *name;
   void (*handler)(cgi_sink *output, dcgi_state *ds);
 } actions[] = {
+  { "confirm", act_confirm },
   { "disable", act_disable },
   { "enable", act_enable },
   { "login", act_login },
@@ -1687,7 +1704,14 @@ static void perform_action(cgi_sink *output, dcgi_state *ds,
 void disorder_cgi(cgi_sink *output, dcgi_state *ds) {
   const char *action = cgi_get("action");
 
-  if(!action) action = "playing";
+  if(!action) {
+    /* We allow URLs which are just confirm=... in order to keep confirmation
+     * URLs, which are user-facing, as short as possible. */
+    if(cgi_get("confirm"))
+      action = "confirm";
+    else
+      action = "playing";
+  }
   perform_action(output, ds, action);
 }
 
diff --git a/templates/login.html b/templates/login.html
index 6c1d0b9..8f366bb 100644
--- a/templates/login.html
+++ b/templates/login.html
@@ -38,6 +38,8 @@ USA
    <p>@label:login.registered@</p>
    }@
 
+  <!-- TODO report success of confirmation -->
+
    @if{@eq{@user@}{guest}@}{
    @#{guest user, allow login and registration}@
    <h2>Existing users</h2>