admin.c

Go to the documentation of this file.

/******************************************************************************/
/* cgi_admin.c © Copyright 2000-2004 by Raosoft Inc. All Rights Reserved.     */
/*                                                                            */
/* You may use and modify this file for your own use, but may not distribute  */
/* it or derivative works without the prior written consent of Raosoft, Inc.  */
/*                                                                            */
/* This software is provided "as is," and Raosoft makes no warranty, express  */
/* or implied, of fitness for a articular application. Every measure has been */
/* taken to anticipate risks inherent to computer networks, but we cannot     */
/* guarantee safety or reliability of this program in every situation.        */
/*                                                                            */
/******************************************************************************/

#include "cgi.h"
#include <dirent.h>
static char* systemFields =  "DIRECTORY,PAGE,NAME,SECTION";

typedef struct
{
  char* argv0;
  CGINameValue* Config;
  CGINameValue* Params;
  STREAM htmlout;
} AdminInfo;

int WriteINIFileSection(char* fname,char* section, CGINameValue* ini)
{
  int size = FileSize(fname);
  char* c;
  char *d, *e;
  char* lastname="";
  char* start;
  size_t i;
  FILE * f = fopen(fname,"rt");
  if (!f) return 0;

  start = strdup3("[",section,"]");
  c  = CGIMALLOC(size + 2);
  size = fread(c,1,size,f);
  c[size]=0;
  fclose(f);

  d = stristr(c,start);
  if (d) e = stristr(d+1,"\n[");
  else e = 0;

  f = fopen(fname,"wt");
  if (!f)
  {
   CGIFREE(c);
   return 0;
  }

  fwrite(c,1,d ? (d-c) : size,f);
  fprintf(f,"%s",start);

  for (i=0; ini[i].name; i++)
  {
   if (!ini[i].name[0]) continue;
   if (!strcmp(ini[i].name,lastname))
    fprintf(f,",%s",ini[i].value);
   else
    fprintf(f,"\n%s=%s",ini[i].name,ini[i].value);
   lastname = ini[i].name;
  }
  fwrite("\n",1,1,f);

  if (e)
   fwrite(e,1,strlen(e),f);

  fclose(f);
  CGIFREE(c)
  CGIFREE(start);
  return 1;
}

void DoSetValue(CGINameValue* Variables, char*name, char* value)
{
 if (!SetFieldValue(Variables,name,value))
 {
  ExtendNVP(Variables,128);
  SetFieldValue(Variables,name,value);
  /* add to the list of 'shadow variables' that won't get saved */
 }
}

int GetRespcount(char* argv0, char* dbname)
{
  char filename[MAXPATH];
  int i = 0;
  FILE * f;

  ExpandLocalPath(argv0,filename,dbname,".respcount");
  f = CGIFOPEN(filename,"rb");
  if (f)
  {
   fread(&i,sizeof(i),1,f);
   fclose(f);
  }
  return i;
}

int SetRespcount(char* argv0, char* dbname, int i)
{
  char filename[MAXPATH];

  FILE * f;
  ExpandLocalPath(argv0,filename,dbname,".respcount");
  f = CGIFOPEN(filename,"wb");
  if (f)
  {
   fwrite(&i,sizeof(i),1,f);
   fclose(f);
   return 1;
  }
  return 0;
}

FILE* OpenPage(char* argv0,char* page)
{
 char fname[MAXPATH];
 FILE* f=0;
 if (!page) return 0;
 if (!*page) return 0;
 ExpandLocalPath(argv0,fname,"admin" SLASH,page);
 f = fopen(fname,"rt");
 return f;
}

void Login(AdminInfo* self)
{
 FILE* source = OpenPage(self->argv0,"login.html");
 if (source)
 {
  RunReport(self->argv0,self->htmlout,source,self->Params,0,0,1,0);
  fclose(source);
 }
}


int VerifyPassword(AdminInfo* self,char* directory, char* password)
{
  char fname[MAXPATH];
  CGINameValue* ini;
  int ret;
  char* c;
  if (!*directory) directory = "."; /*root dir*/
  ExpandLocalPath(self->argv0,fname,directory,SLASH "cgi.ini");
  ini = ReadINIFileSection(fname,"admin",0);
  c = GetFieldValue(ini,"PASSWORD");
  ret = *c && HasToken(password,c,0);
  DeleteNVP(ini);
  return ret;
}

int VerifyUser(AdminInfo* self,char* directory, char* username, char* session, char* password)
{
  char * verify;
  char fname[MAXPATH];
  CGINameValue* ini;
  int ret;
  ret = strcspn(username,"\\/.");
  if (username[ret]) return 0; /* invalid name */
  if (ret > 32) return 0; /* too long */
  ExpandLocalPath(self->argv0,fname,"admin" SLASH, username);
  strcat(fname,".ini");
  ini = ReadINIFileSection(fname,"USER",1); /* leave room for a SESSION entry */
  if (!ini) return 0;

  ret = atoi(GetFieldValue(ini,"ACTIVE"));
  if (ret)
  {
   /* check the password */
   if (*password && !strcmp(password,GetFieldValue(ini,"PASSWORD")))
   {
    ret = 1;
    /* update the session */
    SetFieldValue(ini,"SESSION",session);
    WriteINIFileSection(fname,"USER",ini);
   }
   /* or the session */
   else if (*session && atoi(session) && !strcmp(session,GetFieldValue(ini,"SESSION")))
    ret = 1;
   else
    ret = 0;

   if (ret)
   {
    char* home = GetFieldValue(ini,"HOME");
    if (!*home && !*directory)
     ret = 1;
    else if (*home && !*directory)
    {
     SetFieldValue(self->Params,"DIRECTORY",home);
     ret = 2;
    }
    else
    {
     ret = HasTokenI(GetFieldValue(ini,"SPACES"),directory,0);
     if (!ret) /* administrators can always get in */
      ret = HasTokenI(GetFieldValue(ini,"SPACES"),"admin",0);
    }
    /* always can read the home directory */
   }

  }

  DeleteNVP(ini);
  return ret;
}

int Authenticate(AdminInfo* self,char* directory, char** cookie)
{
 CGINameValue *clist=0;

 int ret = 0;
 char * password = GetFieldValue(self->Params,"AUTHENTICATION");
 char * username = GetFieldValue(self->Params,"USER");

 int authUser = atoi(GetFieldValue(self->Config,"AUTHUSER"));
 int authSpace = atoi(GetFieldValue(self->Config,"AUTHSPACE"));

 if (cookie)
 {
  if (*cookie)
   clist = ReadPairedString(*cookie,';',0);

  *cookie = 0;
 }

 if (!strcmp(directory,".")) directory = "";

 if (*username && authUser)
 {/* logging in to a user account. generate a new session */
   char s[32];
   int i = time(0) ^ 0x5a5a5a5a;
   /* invert the bit order and use decimal notation */
   i = (i&0x00ffff00) | ((i & 0xff000000) >> 24) | ((i & 0x000000ff) << 24);
   sprintf(s,"%u",i);
   /* username limited to 32 bytes */
   ret = VerifyUser(self,directory, username, s, password);
   if (ret && cookie)
   {/* erase old workspace passwords. new cookie: user=username; session=s; */
    char x[128];
    sprintf(x,"Set-Cookie: USER=%s;\nSet-Cookie: SESSION=%s;\nSet-Cookie: PASSWORD=;",username,s);
    *cookie = strdup(x);
   }
 }

 if (!ret && *password && authSpace)
 {
  ret = VerifyPassword(self, directory, password);
  if (ret && cookie)
  {
   char x[128], *y, *z;
   /* preserve existing username/session */
   sprintf(x,"Set-Cookie: USER=%s;\nSet-Cookie: SESSION=%s;\nSet-Cookie: PASSWORD=",
             GetFieldValue(clist,"USER"),
             GetFieldValue(clist,"SESSION"));
   y = strdup3(x,password,",");
   z = GetFieldValue(clist,"PASSWORD");
   if (HasToken(z,password,0))
   {
    *cookie = y;
   }
   else
   {
    z = strdup3(y,z,"");
    *cookie = z;
   }
   free(y);
  }
 }

 RenameField(self->Params, "AUTHENTICATION",0);
 if (ret) return ret;

 if (clist)
 {
  if (authUser)
  {
   ret = VerifyUser(self, directory, GetFieldValue(clist,"USER"), GetFieldValue(clist,"SESSION"), "");
   if (ret && !*username)
    SetFieldValue(self->Params,"USER",GetFieldValue(clist,"USER"));
  }
  if (!ret && authSpace)
    ret = VerifyPassword(self, directory, GetFieldValue(clist,"PASSWORD"));
 }

 DeleteNVP(clist);
 return ret;
}

char* RelativeName(char* directory,char* name)
{
  if (*directory)
    return strdup3(directory,"/",name);
  else
    return strdup(name);
}

void ProjectUpdate(AdminInfo *self,char* directory,char* project)
{
 CGINameValue* ini, *Params = self->Params;
 char iniName[MAXPATH+5];
 char* name=RelativeName(directory,project);
 char* section=GetSetting(self->Params,"SECTION","DATABASE");

 ExpandLocalPath(self->argv0,iniName,name,".ini");
 ini = ReadINIFileSection(iniName,section,ListLength(Params));
 if (ini)
 {
  size_t x;
  for (x=0; Params[x].name; x++)
  {
   if (Params[x].name)
    if (!HasTokenI(systemFields,Params[x].name,0))
     SetFieldValue(ini,Params[x].name,Params[x].value);
  }
 }

 WriteINIFileSection(iniName,section,ini);

 CGIFREE(name);
 DeleteNVP(ini);
}

void RecurseDirectories(char* directory,STREAM htmlout,char* format, char* replace)
{
 DIR* d;
 struct stat info;
 char* name, *c;

 name = directory;
 if (!*name) name = ".";
 d = opendir(name);
 while (d)
 {
  struct dirent* f = readdir(d);
  if (!f) break;
  if (f->d_name[0] == '.') continue; /* hidden or system file */
  name = RelativeName(directory,f->d_name);

  if (stat(name,&info))
  {
   free(name);
   continue;
  }

  if (info.st_mode & S_IFREG)
  {
   free(name);
   continue;
  }

  c = strdup3(name,SLASH,"cgi.ini");
  if (stat(c,&info))
  {
   free(c);
   continue;
  }
  free(c);
  c = format;
  while (c)
  {
   char* d = (char*)stristr(c,replace);
   if (d)
   {
    HTMLWriteL(htmlout,c,(d-c));
    HTMLWrite(htmlout,name);
    d += strlen(replace);
   }
   else
   {
    HTMLWrite(htmlout,c);
    d=0;
   }

   c=d;
  }
  RecurseDirectories(name,htmlout,format,replace);
  free(name);
 }

 if (d) closedir(d);
}

static char* JSListWorkspaces(ScriptEnvironment* Env, char* cmd, int argc, char** argv, CGINameValue* Params)
{
 char* f ="$";
 char* g ="$";
 if (argc) f = argv[0];
 if (argc > 2) g = argv[1];
 RecurseDirectories("",Env->htmlout,f,g);
 return 0;
}

static char* JSSendMail(ScriptEnvironment* Env, char* cmd, int argc, char** argv, CGINameValue* Params)
{
 if (!Env->config) return 0;
 if (argc < 3) return 0;
 {
   char* server   = GetSetting(Env->config,"EMAILSERVER","");
   char* profile  = GetSetting(Env->config,"EMAILPROFILE","Windows Messaging Settings");
   char* name     = GetSetting(Env->config,"EMAILNAME","");
   char* password = GetSetting(Env->config,"EMAILPWD","");

   SendMail(argv[0],argv[1],argv[2], server, profile, name, password);
 }
 return 0;
}


static ScriptFunction AdminFunctions[] =
   {
    {"listDirectories",2,(ScriptFunctionCall)*JSListWorkspaces},
    {0,0,0}
   };

void AdminPrintPage(AdminInfo* self,char* iniName,FILE* source)
{
  char section[MAXPATH];
  CGINameValue* ini=0;

  while (!feof(source))
  {
   *section = 0;

   if (ini)
     RunReportF(self->argv0,self->htmlout,source,ini,self->Params,0,1,"%load",section,AdminFunctions);
   else
     RunReportF(self->argv0,self->htmlout,source,self->Params,0,0,1,"%load",section,AdminFunctions);

   if (ini) DeleteNVP(ini);

   swapchars(section,'%',0);

   if (*section)
      ini = ReadINIFileSection(iniName,section,0);
   else
      ini = 0;
  }
}

int AdminRunScript(AdminInfo *self,CGINameValue* data,char* page)
{
 if (page)
  if (*page)
 {
 int ret;
 FILE* script = OpenPage(self->argv0,page);
 ScriptFunction Functions[] =
 {
  {"print",10,(ScriptFunctionCall)*JSPrint},
  {"write",10,(ScriptFunctionCall)*JSPrint},
  {"eval",1,(ScriptFunctionCall)*JSEval},
  {"tofixed",2,(ScriptFunctionCall)*JStoFixed},
  {"sendmail",3,(ScriptFunctionCall)*JSSendMail},
  {"runReport",8,(ScriptFunctionCall)*JSReport},
  {"number",1,(ScriptFunctionCall)*JSToNumber},
  {"toNumber",1,(ScriptFunctionCall)*JSToNumber},
  {"random",1,(ScriptFunctionCall)*JSRandom},
  {"subStr",3,(ScriptFunctionCall)*JSsubstr},
  {"indexOf",4,(ScriptFunctionCall)*JSIndexOf},
  {"length",1,(ScriptFunctionCall)*JSstrlen},
  {"listDirectories",2,(ScriptFunctionCall)*JSListWorkspaces},
 {0,0,0}};

 ScriptEnvironment Global;
 memset(&Global,0,sizeof(Global));
 Global.htmlout   = self->htmlout;
 Global.Functions = Functions;
 Global.argv0     = self->argv0;
 Global.config    = self->Config;
 if (script == NULL) return 1; /* OK */

 ret = RunScript(&Global,script,data?data:self->Config);

 CGIFCLOSE(script);
 return ret;
 }
 return 0;
}

int UserAdd(AdminInfo* self,char* user)
{
 FILE *f;
 char fname[MAXPATH];
 CGINameValue* ini;
 struct stat info;

 ExpandLocalPath(self->argv0,fname,"admin" "/", user);
 strcat(fname,".ini");
 if (!stat(fname,&info))
   return 0; /* already exists */

 f = fopen(fname,"wt");
 if (f)
 {
  fwrite("[USER]\nACTIVE=0\n",1,7,f);
  fclose(f);
  return 1;
 }
 return 0;
}

void UserUpdate(AdminInfo* self,char* user,char * fields,char* page)
{
 FILE *f;
 char fname[MAXPATH];
 CGINameValue* ini;
 size_t x;

 ExpandLocalPath(self->argv0,fname,"admin" "/", user);
 strcat(fname,".ini");
 ini = ReadINIFileSection(fname,"USER",16);

 if (!ini) /* new user */
  return;

 for (x=0; self->Params[x].name; x++)
  {
   if (!*self->Params[x].name)
    continue;

   if (HasTokenI(systemFields,self->Params[x].name,0))
    continue;

   if (fields)
    if (!HasTokenI(fields,self->Params[x].name,0))
     continue;

   SetFieldValue(ini,self->Params[x].name,self->Params[x].value);
  }

 AdminRunScript(self,ini,page);
 if (!atoi(GetFieldValue(self->Params,"ERROR")))
 {
   WriteINIFileSection(fname,"USER",ini);
 }

 DeleteNVP(ini);
}

void UserAddSpace(AdminInfo* self,char* user,char * directory)
{
 FILE *f;
 char fname[MAXPATH];
 CGINameValue* ini;
 char* x;
 ExpandLocalPath(self->argv0,fname,"admin" "/", user);
 strcat(fname,".ini");
 ini = ReadINIFileSection(fname,"USER",16);

 if (!ini) /* new user */
  return;

 x = GetFieldValue(ini,"SPACES");
 x = strdup3(x,",",directory);
 SetFieldValue(ini,"SPACES",x);
 free(x);

 WriteINIFileSection(fname,"USER",ini);
 DeleteNVP(ini);
}
void User(AdminInfo* self,char* user, char* page)
{
  char fname[MAXPATH];
  CGINameValue* ini;
  FILE* source = OpenPage(self->argv0,page);
  if (!source) return;

  ExpandLocalPath(self->argv0,fname,"admin" "/", user);
  strcat(fname,".ini");
  AdminPrintPage(self,fname,source);

/*  RunReportF(self->argv0,self->htmlout,source,self->Params,0,0,1,"admin",AdminFunctions);

  ini = ReadINIFileSection(fname,"USER",0);

  if (ini && source)
  {
   RunReportF(self->argv0,self->htmlout,source,ini,self->Params,0,1,0,AdminFunctions);
   fclose(source);
  }

  DeleteNVP(ini);
*/
}

int SpaceAdd(AdminInfo* self,char* directory, char* name, char* page)
{
 FILE *f;
 char fname[MAXPATH];
 CGINameValue* ini;
 struct stat info;
 int ret = 0;
 char* pwd = GetFieldValue(self->Params,"PASSWORD");
 if (!*pwd)
  {
   FILE* source = OpenPage(self->argv0,page);
   if (source)
   {
    RunReportF(self->argv0,self->htmlout,source,self->Params,0,0,1,0,0,AdminFunctions);
    fclose(source);
   }
   return 2;
  }

 directory = RelativeName(directory,name);
 ExpandLocalPath(self->argv0,fname,directory,"/" "cgi.ini");

 if (stat(fname,&info))
 {
   mkdir(directory);
   f = fopen(fname,"wt");
   if (f)
   {
    fwrite("[admin]\nLOGLEVEL=0\nPASSWORD=\n",1,29,f);
    fclose(f);
    ret = 1;
   }
 }
 free(directory);
 return ret;
}

void Space(AdminInfo* self,char* directory,char* page)
{
  char fname[MAXPATH];
  FILE* source = OpenPage(self->argv0,page);
  if (!source) return;

  if (!*directory) directory=".";
  ExpandLocalPath(self->argv0,fname,directory, "/" "cgi.ini");

  AdminPrintPage(self,fname,source);
/*  RunReportF(self->argv0,self->htmlout,source,ini,self->Params,0,1,0,AdminFunctions); */
  fclose(source);
}

void SpaceUpdate(AdminInfo* self,char* directory,char * fields,char* page)
{
 FILE *f;
 char fname[MAXPATH];
 CGINameValue* ini;
 char* pwd;
 size_t x;
 char* section=GetSetting(self->Params,"SECTION","admin");


 if (!*directory) directory=".";
 ExpandLocalPath(self->argv0,fname,directory, "/" "cgi.ini");
 ini = ReadINIFileSection(fname,section,16); /* leave room for new entries */

 if (!ini) /* new user */
  return;

 for (x=0; self->Params[x].name; x++)
  {
   if (!*self->Params[x].name)
    continue;

   if (HasTokenI(systemFields,self->Params[x].name,0))
    continue;

   if (fields)
    if (!HasTokenI(fields,self->Params[x].name,0))
     continue;

   SetFieldValue(ini,self->Params[x].name,self->Params[x].value);
  }

 AdminRunScript(self,ini,page);
 if (!atoi(GetFieldValue(self->Params,"ERROR")))
 {
   WriteINIFileSection(fname,section,ini);
 }

 DeleteNVP(ini);
}

void Project(AdminInfo *self,char* directory,char* project)
{
 char fname[MAXPATH+5];
 FILE* source = OpenPage(self->argv0,"project.html");
 char* name;
 if (!source) return;

 name=RelativeName(directory,project);
 ExpandLocalPath(self->argv0,fname,name,".ini");
 free(name);

 AdminPrintPage(self,fname,source);
 /*
 RunReportF(self->argv0,self->htmlout,source,self->Params,0,0,1,"database",AdminFunctions);

 ini = ReadINIFileSection(iniName,"DATABASE",0);
 RunReportF(self->argv0,self->htmlout,source,ini,self->Params,0,1,"access",AdminFunctions);
 DeleteNVP(ini);
 ini = ReadINIFileSection(iniName,"ACCESS",0);
 RunReportF(self->argv0,self->htmlout,source,ini,self->Params,0,1,0,AdminFunctions);
 DeleteNVP(ini);*/
 fclose(source);
}

int GetProjectExtra(AdminInfo* self,char* name)
{
 char rName[MAXPATH];
 struct stat info;
 char* dbname = strdup(name);
 char* c = (char*)stristr(dbname,".ini");
 if (c)
 {
  char temp[32];
  *c =0;
  ExpandLocalPath(self->argv0,rName,dbname,".respcount");
  if (!stat(rName,&info)) /* response count file */
    DoSetValue(self->Params,"LASTSAVEDATE",ctime(&info.st_mtime));
  sprintf(temp,"%d",GetRespcount(self->argv0,dbname));
  DoSetValue(self->Params,"RESPONSES",temp);
 }
 free(dbname);
 return (c != NULL);
}

void Index(AdminInfo *self,char* directory)
{
 DIR* d;
 struct stat info;
 char* name;
 CGINameValue* ini;
 char iniName[MAXPATH];
 int dirstart=-1,filestart=-1,footerstart=0;

 FILE* source = OpenPage(self->argv0,"projects.html");
 if (!source) return;

 RunReportF(self->argv0,self->htmlout,source,self->Params,0,0,1,"directory",0,AdminFunctions);
 dirstart = ftell(source);
 ReadUntilWordS(source,0,"<file>");
 filestart= ftell(source);
 ReadUntilWordS(source,0,"</file>");
 footerstart = ftell(source);

 name = directory;
 if (!name || !*name) name = ".";
 d = opendir(name);

 while (d)
 {
  struct dirent* f = readdir(d);
  if (!f) break;
  if (f->d_name[0] == '.') continue; /* hidden or system file */

  name = RelativeName(directory,f->d_name);

  ExpandLocalPath(self->argv0,iniName,name,0);
  if (!stat(iniName,&info))
  {
   if (!(info.st_mode & S_IFREG) && dirstart > 0)
   {/* directory */
    ExpandLocalPath(self->argv0,iniName,name,"/" "cgi.ini");
    ini = ReadINIFileSection(iniName,"admin",0);
    if (ini)
    {
     DoSetValue(self->Params, "NAME", name);
     fseek(source,dirstart,0);
     RunReportF(self->argv0,self->htmlout,source,ini,self->Params,0,1,"/directory",0,AdminFunctions);
     DeleteNVP(ini);
    }
   }
   else if (stristr(f->d_name,".ini") && filestart > 0)
   {/* file */
    ExpandLocalPath(self->argv0,iniName,name,0);

    if (info.st_ctime)
     DoSetValue(self->Params,"CREATIONDATE",ctime(&info.st_ctime));

    ini = ReadINIFileSection(iniName,"DATABASE",0);
    if (ini)
    {
     fseek(source,filestart,0);
     GetProjectExtra(self,name);
     name=strdup(f->d_name);
     *stristr(name,".ini") = 0;
     DoSetValue(self->Params, "NAME", name);
     RunReportF(self->argv0,self->htmlout,source,ini,self->Params,0,1,"/file",0,AdminFunctions);
     DeleteNVP(ini);
    }
   }
  }
  free(name);
 }

 fseek(source,footerstart,0);
 RunReportF(self->argv0,self->htmlout,source,self->Params,0,0,0,0,0,AdminFunctions);
 fclose(source);

 if (d) closedir(d);
}

void UserList(AdminInfo *self)
{
 DIR* d;
 struct stat info;
 char* name=0, *c;
 CGINameValue* ini;
 char iniName[MAXPATH];
 int pos;

 FILE* source = OpenPage(self->argv0,"users.html");

 if (!source)
  return;

 RunReportF(self->argv0,self->htmlout,source,self->Params,0,0,1,"user",0,AdminFunctions);
 pos = ftell(source);
 d = opendir("admin");
 // look for all .ini files in admin, and report on [USER] sections
 while (d)
 {
  struct dirent* f = readdir(d);
  if (!f) break;
  if (f->d_name[0] == '.') continue; /* hidden or system file */

  if (stristr(f->d_name,".ini"))
  {

    ExpandLocalPath(self->argv0,iniName,"admin" "/",f->d_name);
    ini = ReadINIFileSection(iniName,"USER",16);
    if (ini)
    {
     name = strdup(f->d_name);
     *stristr(name,".ini") = 0;
     DoSetValue(self->Params, "NAME", name);

     if (!stat(iniName,&info))
     {
      if (info.st_ctime)
       DoSetValue(self->Params,"CREATIONDATE",ctime(&info.st_ctime));
      if (info.st_mtime)
       DoSetValue(self->Params,"LASTSAVEDATE",ctime(&info.st_mtime));
     }

     RunReportF(self->argv0,self->htmlout,source,ini,self->Params,0,1,"/user",0,AdminFunctions);
     fseek(source,pos,0);
     DeleteNVP(ini);
     free(name);
    }

  }
 }
 if (source)
 {
  ReadUntilWordS(source,0,"</user>");
  RunReportF(self->argv0,self->htmlout,source,self->Params,0,0,1,0,0,AdminFunctions);
  fclose(source);
 }
 if (d) closedir(d);
}

int SendImage(AdminInfo *self,char* image)
{
 char fname[MAXPATH];
 char header[1024];
 if (image[strcspn(image,"\\/")] || strstr(image,".."))
  return 0; /* invalid name */

 ExpandLocalPath(self->argv0,fname,"admin" "/",image);

 if (stristr(image,".png"))
  SendCGIHeader(self->htmlout,"Content-Type: image/png\n\n");
 else if (stristr(image,".gif"))
  SendCGIHeader(self->htmlout,"Content-Type: image/gif\n\n");
 else if (stristr(image,".ico"))
  SendCGIHeader(self->htmlout,"Content-Type: image/x-icon\n\n");
 else
  return 0;

 return HTMLWriteFile(self->htmlout,fname);
}

int ShowAdmin(AdminInfo *self,char*name,char*page)
{
/* log in as administrator */
 if (!strnicmp(page,"USER",4))
 {
  int i = strcspn(name,"\\/.");
  if (name[i] || i > 32)
    return 4; /* too long or invalid character */
 }

 if (!stricmp(page,"USER") && *name)
  {
   User(self,name,"user.html");
   return 3;
  }

 if (!stricmp(page,"USERADD"))
  {
   if (UserAdd(self,name))
   {
    UserUpdate(self,name,0,0);
    User(self,name,"user.html");
    return 3;
   }
  }
 else if (!stricmp(page,"USERUPDATE"))
  {
   UserUpdate(self,name,0,"user.js");
   return 2;
  }

 return 0;
}


int ShowPage(AdminInfo *self,char*directory,char*name,char*page)
{
 char * user = GetFieldValue(self->Params,"USER"); /* current user name */
 int i = strcspn(user,"\\/.");
 if (user[i] || i > 32)
   return 4; /* too long or invalid character */

 if (!strnicmp(page,"PASSWORD",8)) /* log in as admin or as yourself */
 {
  if (!*user)
    return 4; /* not logged in */

  if (!stricmp(page,"PASSWORD")) /* change my password or info*/
  {
   User(self,user,"password.html");
   return 3;
  }
  else if (!stricmp(page,"PASSWORDUPDATE")) /* change my password */
  {
   UserUpdate(self,user,"DISPLAY,PASSWORD,EMAIL","user.js");
   SetFieldValue(self->Params,"DIRECTORY",0);
   return 1;
  }
 }

 if (!stricmp(page,"PROJECT") && *name)
 {
  Project(self,directory,name);
  return 3;
 }
 else if (!stricmp(page,"PROJECTUPDATE")&& *name)
 {
  ProjectUpdate(self,directory,name);
  return 1;
 }
 else if (!stricmp(page,"SPACE"))
 {
  Space(self,directory,"space.html");
  return 3;
 }
 else if (!stricmp(page,"SPACEADD"))
 {
  if (!strnicmp(directory,"admin",5))
   return 4; /* can't create directories in the admin section */

  switch (SpaceAdd(self,directory,name,"spaceadd.html"))
  {
   case 1:
   {
    char * c = RelativeName(directory,name);
    SetFieldValue(self->Params,"DIRECTORY",c);
    SpaceUpdate(self,c,"LOGLEVEL,PASSWORD,DISPLAY","space.js");
    Space(self,c,"space.html");
    if (*user) /* add myself to the new directory */
      UserAddSpace(self,user,c);
    else
      SetFieldValue(self->Params,"AUTHENTICATION",GetFieldValue(self->Params,"PASSWORD"));
    free(c);
   }
   case 2: return 3;
  }
 }
 else if (!stricmp(page,"SPACEUPDATE"))
 {
  SpaceUpdate(self,directory,"LOGLEVEL,PASSWORD,DISPLAY","space.js");
  return 1;
 }


 return 0;
}

void Error(AdminInfo* self)
{
 HTMLWrite(self->htmlout,"<HTML><body><h1>Error</h1><hr><pre>");
 DebugShowNVP(self->htmlout,self->Params);
}

int CGImain(char * argv0,CGINameValue* Params,STREAM htmlout)
{
 char * directory = GetFieldValue(Params,"DIRECTORY");
 char * name      = GetFieldValue(Params,"NAME");
 char * page      = GetFieldValue(Params,"PAGE");
 char * image     = GetFieldValue(Params,"IMAGE");
 char * cookie    = GetEnvironment(htmlout,"HTTP_COOKIE");//"USER=newuser; SESSION=; PASSWORD=5678," ; //
 char fname[MAXPATH];
 int ret, r2;
 AdminInfo Self;
 Self.argv0 = argv0;
 Self.Config = 0;
 Self.Params = Params;
 Self.htmlout= htmlout;

 if (strchr(name,'/') || strchr(name,'\\')
     || stristr(name,".ini") ||
     !stricmp(page,"LOGOUT"))
 {/* access error -- kick 'em out! */
    SendCGIHeader(htmlout,"Set-Cookie: USER=;\nSet-Cookie: SESSION=;\nSet-Cookie: PASSWORD=;\n" CGI_DEFAULT_HEADER);
    Self.Params = 0;
    Login(&Self);
    return 0;
 }

 if (!strnicmp(page,"USER",4) && !*directory)
  directory = "admin";

 if (*image)
 {
  SendImage(&Self,image);
  return 0;
 }

 ExpandLocalPath(argv0,fname,"admin",SLASH "cgi.ini");
 Self.Config= ReadINIFileSection(fname,"admin",0);

 ret = Authenticate(&Self,directory,&cookie);
 if (ret == 2 && !*page && !*directory) /* new login, go to the home directory */
   directory = GetFieldValue(Params,"DIRECTORY");

 if (ret) /* login valid, maybe write a new cookie */
 {
  if (cookie)
  {
   char* header = strdup3(cookie, "\n", CGI_DEFAULT_HEADER);
   SendCGIHeader(htmlout,header);
   free(header);
   free(cookie);
  }
  else
     SendCGIHeader(htmlout,0);
 }
 else
 {
  if (*directory) SetFieldValue(Self.Params,"DIRECTORY",directory);
  SendCGIHeader(htmlout,0);
  Login(&Self);
  goto atexit;
 }
 /* must be logged in! */

 ret = 0;
 r2 = 0;
 if (!stricmp(directory,"admin"))
 {
  ret = ShowAdmin(&Self,name,page);
  r2 = 2;
 }

 if (!ret)
 {
  ret =ShowPage(&Self,directory,name,page);
  if (!ret) ret = r2;
 }

 switch (ret)
 {
  case 0:
  case 1: Index(&Self,directory); break;
  case 2: UserList(&Self);
  case 3: break;
  default: Error(&Self);
 }

 atexit:
 DeleteNVP(Self.Config);
 return 0;
}

Raosoft EZReport, EZSurvey, InterForm, RapidReport, Raosoft, and SurveyWin are registered trademarks of Raosoft, Inc. Page contents © 1996-2007 by Raosoft, Inc. You may use and modify this file for your own use, but may not distribute it or derivative works without the prior written consent of Raosoft, Inc. This software is provided "as is," and Raosoft makes no warranty, express or implied, of fitness for a particular application. Every measure has been taken to anticipate risks inherent to computer networks, but we cannot guarantee safety or reliability of this program in every situation.

Tel: 206-525-4025 (US) Email: raosoft@raosoft.com
http://www.raosoft.com/