diff options
Diffstat (limited to 'cforum.c')
| -rw-r--r-- | cforum.c | 73 |
1 files changed, 57 insertions, 16 deletions
@@ -10,10 +10,11 @@ int main(int argc, char *argv[]) { - char msg[MAXMSG], *new, *p, *v; - int attid, postid, userid; + char *delete, *home, *k, msg[MAXMSG], *new, *ssecret, *v; + int attid, postid, suser, userid; + struct session *session; sqlite3_stmt *stmt; - + /* * The database is opened or a server error is generated. * In the rest of the program, the database is always @@ -27,7 +28,7 @@ main(int argc, char *argv[]) sqlite3_close(db); return 1; } - + /* * The site name is retrieved from the database. This early on, * it is appropriate to die with a server error on failure. @@ -52,30 +53,60 @@ main(int argc, char *argv[]) return 1; } sqlite3_finalize(stmt); - + /* * The global struct query is set, or the program dies. * From now on, query is assumed to be set. */ setquery(); - + + /* Check session. */ + curuser = NULL; + ssecret = NULL; + suser = -1; + while(k = nextcookie(MAXCOOKIE+20)){ + v = split(k); + if(!ssecret && strcmp(k, "session") == 0) ssecret = strdup(v); + else if(suser == -1 && strcmp(k, "user") == 0) suser = atoi(v); + } + + if(sqlite3_prepare(db, + "SELECT oid, * FROM sessions WHERE user = ? AND string = ?", + -1, &stmt, 0) != SQLITE_OK) + goto skip; + + if(sqlite3_bind_int(stmt, 1, suser) != SQLITE_OK) + goto skip; + + if(sqlite3_bind_text(stmt, 2, ssecret, -1, SQLITE_STATIC) != SQLITE_OK) + goto skip; + + if(!(session = getsession(stmt))) + goto skip; + + /* Session is valid. */ + cursession = session; + curuser = getuser(selectbyint("users", "oid", suser)); + +skip: /* Handle empty request. */ if(!*query.string){ showfront(); goto end; } - + /* Parse query string. */ - new = NULL; + new = delete = NULL; attid = postid = userid = 0; - while(p = nextparam(GET, NULL, 128)){ - v = split(p); - if(!attid && strcmp(p, "att") == 0) attid = atoi(v); - else if(!postid && strcmp(p, "post") == 0) postid = atoi(v); - else if(!userid && strcmp(p, "user") == 0) userid = atoi(v); - else if(!new && strcmp(p, "new") == 0) new = strdup(v); + while(k = nextparam(GET, NULL, 128)){ + v = split(k); + if(!attid && strcmp(k, "att") == 0) attid = atoi(v); + else if(!postid && strcmp(k, "post") == 0) postid = atoi(v); + else if(!userid && strcmp(k, "user") == 0) userid = atoi(v); + else if(!new && strcmp(k, "new") == 0) new = strdup(v); + else if(!delete && strcmp(k,"delete") == 0) delete = strdup(v); } - + /* Handle request. */ if(attid) showatt(attid); @@ -89,9 +120,19 @@ main(int argc, char *argv[]) else if(strcmp(v, "user") == 0) newuser(); else if(strcmp(v, "session") == 0) newsession(); else showfront(); /* TODO */ + } + else if(delete){ + if(strcmp(v, "session") == 0){ + if(cursession) + deletesession(cursession); + home = getenv("REQUEST_URI"); + home[strcspn(home, "?")] = 0; + printf("Status: 303 See Other\n"); + printf("Location: %s\n\n", home); + } }else showfront(); - + end: sqlite3_close(db); return 0; |