98 lines
2.3 KiB
C
98 lines
2.3 KiB
C
#include "cgic.h"
|
|
#include "auth.h"
|
|
#include "config.h"
|
|
#include "utils.h"
|
|
|
|
#define UUID_SIZE 37
|
|
|
|
/* TODO: place cookie normally */
|
|
char *
|
|
validate_credentials()
|
|
{
|
|
char username[RA_USER_MAX_LENGTH + 1], password[RA_PASSWORD_MAX_LENGTH + 1];
|
|
char session_id[UUID_SIZE];
|
|
cgiFormResultType err;
|
|
int auth;
|
|
|
|
err = cgiFormString("username", username, RA_USER_MAX_LENGTH + 1);
|
|
if (err == cgiFormTruncated) {
|
|
return "Username too long\n";
|
|
}
|
|
if (err == cgiFormNotFound) {
|
|
return "Username not provided\n";
|
|
}
|
|
|
|
err = cgiFormString("password", password, RA_PASSWORD_MAX_LENGTH + 1);
|
|
if (err == cgiFormTruncated) {
|
|
return "Password too long\n";
|
|
}
|
|
if (err == cgiFormNotFound) {
|
|
return "Password not provided\n";
|
|
}
|
|
|
|
if (!is_valid_username(username)) {
|
|
return "Username must be [A-Za-z0-9_]\n";
|
|
}
|
|
|
|
if (!is_valid_password(password)) {
|
|
return "Password must be a sequence of bytes in range 32-255\n";
|
|
}
|
|
|
|
auth = authenticate(username, password, session_id);
|
|
if (auth < 0) {
|
|
return "Some error occured, contact system administrator\n";
|
|
}
|
|
|
|
if (auth) {
|
|
cgiHeaderCookieSet(SESSION_COOKIE_NAME, session_id, RA_SESSION_EXPIRE, "/", HOSTNAME, 0);
|
|
return "You've successfully logged in!\n";
|
|
} else {
|
|
return "Failed to log in, check credentials\n";
|
|
}
|
|
}
|
|
|
|
void
|
|
print_login_form()
|
|
{
|
|
fputs("<form action=\"\" method=\"POST\">\n"
|
|
"<label>Username:</label>\n"
|
|
"<input type=\"text\" name=\"username\"><br>\n"
|
|
"<label>Password: </label>\n"
|
|
"<input type=\"password\" name=\"password\"><br>\n"
|
|
"<input type=\"submit\" name=\"login\" value=\"Submit\">\n"
|
|
"</form>\n", cgiOut);
|
|
}
|
|
|
|
int
|
|
cgiMain()
|
|
{
|
|
char *message;
|
|
if (cgiFormSubmitClicked("login") == cgiFormSuccess) {
|
|
message = validate_credentials();
|
|
} else {
|
|
message = "";
|
|
}
|
|
|
|
|
|
cgiHeaderContentType("text/html; charset=utf-8");
|
|
|
|
fprintf(cgiOut, "<html>\n");
|
|
|
|
fprintf(cgiOut, "<head>\n");
|
|
fprintf(cgiOut, "<title> Simple discuss powered by qments </title>\n");
|
|
fprintf(cgiOut, "</head>\n");
|
|
|
|
fprintf(cgiOut, "<body>\n");
|
|
|
|
fputs(message, cgiOut);
|
|
|
|
print_login_form();
|
|
|
|
fprintf(cgiOut, "</body>\n");
|
|
|
|
fprintf(cgiOut, "</html>\n");
|
|
|
|
return 0;
|
|
|
|
}
|