diff options
Diffstat (limited to 'ctl.c')
-rw-r--r-- | ctl.c | 82 |
1 files changed, 81 insertions, 1 deletions
@@ -1,3 +1,4 @@ +#include <err.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -35,7 +36,86 @@ newpost() void newuser() -{} +{ + char *confirm, *hlite, *msg, *name, *full, *p, *pass, *v; + char title[] = "New User"; + + if(!(msg = malloc(128))) + err(1, "malloc"); + + *msg = 0; + confirm = hlite = name = full = pass = NULL; + + if(query.method == GET){ + printf("Content-Type: text/html\n\n"); + #include "t/newuser.tc" + return; + } + + while(p = nextparam(POST, MAXUSERPARAM)){ + if(!(v = split(p))) continue; + + if(!confirm && strcmp(p, "confirm") == 0) + confirm = strdup(v); + else if(!name && strcmp(p, "name") == 0) + name = strdup(v); + else if(!full && strcmp(p, "full") == 0) + full = strdup(v); + else if(!pass && strcmp(p, "pass") == 0) + pass = strdup(v); + else + continue; + + if(TRUNCATED(p)){ + hlite = strdup(p); + snprintf(msg, 128, + "Input length exceeds server limitations"); + goto err; + } + } + + /* Ensure all required fields are there. */ + if(!name || !*name || !pass || !*pass){ + hlite = (!name || !*name)? strdup("name"): strdup("pass"); + snprintf(msg, 128, "Required field missing"); + goto err; + } + + /* Decode URL-encoded fields. */ + + /* Restrain lengths of decoded fields. */ + if(name && *name && strlen(name)-1 > MAXUSERNAME){ + hlite = strdup("name"); + snprintf(msg, 128, "Username longer than %d characters", + MAXUSERNAME-1); + goto err; + } + if(full && *full && strlen(full)-1 > MAXUSERFULL){ + hlite = strdup("full"); + snprintf(msg, 128, "Full name longer than %d characters", + MAXUSERFULL-1); + goto err; + } + if(pass && *pass && strlen(pass)-1 > MAXUSERPASS){ + hlite = strdup("pass"); + snprintf(msg, 128, "Password longer than %d characters", + MAXUSERPASS-1); + goto err; + } + + if(pass && confirm && strcmp(pass, confirm) != 0){ + snprintf(msg, 128, "Passwords do not match"); + goto err; + } + + printf("Content-Type: text/html\n\n"); + printf("You are valid\n"); + return; +err: + printf("Content-Type: text/html\n\n"); + #include "t/newuser.tc" + return; +} /* * The `show' functions show an existing attachment/post/user |