1 files changed, 81 insertions, 1 deletions

diff --git a/ctl.c b/ctl.c
index 64934cc..e4b25a7 100644
--- a/ctl.c
+++ b/ctl.c
@@ -1,3 +1,4 @@
+#include <err.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -35,7 +36,86 @@ newpost()
 
 void
 newuser()
-{}
+{
+	char *confirm, *hlite, *msg, *name, *full, *p, *pass, *v;
+	char title[] = "New User";
+	
+	if(!(msg = malloc(128)))
+		err(1, "malloc");
+	
+	*msg = 0;
+	confirm = hlite = name = full = pass = NULL;
+	
+	if(query.method == GET){
+		printf("Content-Type: text/html\n\n");
+		#include "t/newuser.tc"
+		return;
+	}
+	
+	while(p = nextparam(POST, MAXUSERPARAM)){
+		if(!(v = split(p))) continue;
+		
+		if(!confirm && strcmp(p, "confirm") == 0)
+			confirm = strdup(v);
+		else if(!name && strcmp(p, "name") == 0)
+			name = strdup(v);
+		else if(!full && strcmp(p, "full") == 0)
+		 	full = strdup(v);
+		else if(!pass && strcmp(p, "pass") == 0)
+		 	pass = strdup(v);
+		else
+			continue;
+		
+		if(TRUNCATED(p)){
+			hlite = strdup(p);
+			snprintf(msg, 128,
+			    "Input length exceeds server limitations");
+			goto err;
+		}
+	}
+	
+	/* Ensure all required fields are there. */
+	if(!name || !*name || !pass || !*pass){
+		hlite = (!name || !*name)? strdup("name"): strdup("pass");
+		snprintf(msg, 128, "Required field missing");
+		goto err;
+	}
+	
+	/* Decode URL-encoded fields. */
+	
+	/* Restrain lengths of decoded fields. */
+	if(name && *name && strlen(name)-1 > MAXUSERNAME){
+		hlite = strdup("name");
+		snprintf(msg, 128, "Username longer than %d characters",
+		    MAXUSERNAME-1);
+		goto err;
+	}
+	if(full && *full && strlen(full)-1 > MAXUSERFULL){
+		hlite = strdup("full");
+		snprintf(msg, 128, "Full name longer than %d characters",
+		    MAXUSERFULL-1);
+		goto err;
+	}
+	if(pass && *pass && strlen(pass)-1 > MAXUSERPASS){
+		hlite = strdup("pass");
+		snprintf(msg, 128, "Password longer than %d characters",
+		    MAXUSERPASS-1);
+		goto err;
+	}
+	
+	if(pass && confirm && strcmp(pass, confirm) != 0){
+		snprintf(msg, 128, "Passwords do not match");
+		goto err;
+	}
+	
+	printf("Content-Type: text/html\n\n");
+	printf("You are valid\n");
+	return;
+err:
+	printf("Content-Type: text/html\n\n");
+	#include "t/newuser.tc"
+	return;
+}
 
 /*
  * The `show' functions show an existing attachment/post/user