diff options
Diffstat (limited to 'ctl.c')
-rw-r--r-- | ctl.c | 91 |
1 files changed, 78 insertions, 13 deletions
@@ -37,19 +37,6 @@ printhtml(char *s) } } -void -login() -{ - char *hlite, msg[MAXMSG], *name; - char title[] = "Log In"; - - *msg = 0; - hlite = name = NULL; - - printf("Content-Type: text/html\n\n"); - #include "t/login.tc" -} - /* * The `new' functions provide a way to add a new attachment/post/user. * On GET, they show a form. On POST, they insert the posted information @@ -64,6 +51,84 @@ newpost() {} void +newsession() +{ + char *hlite, msg[MAXMSG], *p, *v; + char *name, *pass, *remember; + char title[] = "Log In"; + struct user *user; + sqlite3_stmt *stmt; + + *msg = 0; + hlite = name = pass = remember = NULL; + + if(query.method == GET){ + printf("Content-Type: text/html\n\n"); + #include "t/login.tc" + return; + } + + if(query.length > MAXSESSIONDATA){ + snprintf(msg, MAXMSG, "Input exceeded server limitations"); + printf("Status: 431 Request Header Fields Too Large\n"); + printf("Content-Type: text/html\n\n"); + #include "t/login.tc" + return; + } + + while(p = nextparam(POST, NULL, MAXSESSIONDATA)){ + if(!(v = split(p))) continue; + + if(!name && strcmp(p, "name") == 0) + name = strdup(v); + else if(!pass && strcmp(p, "pass") == 0) + pass = strdup(v); + else if(!remember && strcmp(p, "remember") == 0) + remember = strdup(v); + else + continue; + } + + if(!name || !*name){ + snprintf(msg, MAXMSG, "Username may not be empty"); + printf("Status: 400 Bad Request\n"); + printf("Content-Type: text/html\n\n"); + #include "t/login.tc" + return; + } + + if(sqlite3_prepare(db, "SELECT oid, * from users WHERE name = ?", + -1, &stmt, 0) != SQLITE_OK) + goto fail; + + if(sqlite3_bind_text(stmt, 1, name, -1, SQLITE_STATIC) != SQLITE_OK) + goto dberr; + + if(!(user = getuser(stmt))) + goto fail; + + if(!haspass(user, pass)) + goto fail; + + printf("Content-Type: text/plain\n\n"); + printf("Success!\n"); + return; + +dberr: + snprintf(msg, MAXMSG, "Could not retrieve user: %s", + sqlite3_errmsg(db)); + printf("Status: 500 Internal Server Errror\n"); + printf("Content-Type: text/html\n\n"); + #include "t/login.tc" + return; +fail: + snprintf(msg, MAXMSG, "Invalid username or password"); + printf("Status: 400 Bad Request\n"); + printf("Content-Type: text/html\n\n"); + #include "t/login.tc" +} + +void newuser() { char *captcha, *confirm, *name, *full, *pass; |