bool OnEmbeddedWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
if (sPageName == "webadmin/user" && WebSock.GetSession()->IsAdmin()) {
CString sAction = Tmpl["WebadminAction"];
if (sAction == "display") {
Tmpl["Blocked"] = CString(IsBlocked(Tmpl["Username"]));
Tmpl["Self"] = CString(Tmpl["Username"].Equals(WebSock.GetSession()->GetUser()->GetUserName()));
return true;
}
if (sAction == "change" && WebSock.GetParam("embed_blockuser_presented").ToBool()) {
if (Tmpl["Username"].Equals(WebSock.GetSession()->GetUser()->GetUserName()) &&
WebSock.GetParam("embed_blockuser_block").ToBool()) {
WebSock.GetSession()->AddError("You can't block yourself");
} else if (WebSock.GetParam("embed_blockuser_block").ToBool()) {
if (!WebSock.GetParam("embed_blockuser_old").ToBool()) {
if (Block(Tmpl["Username"])) {
WebSock.GetSession()->AddSuccess("Blocked [" + Tmpl["Username"] + "]");
} else {
WebSock.GetSession()->AddError("Couldn't block [" + Tmpl["Username"] + "]");
}
}
} else if (WebSock.GetParam("embed_blockuser_old").ToBool()){
if (DelNV(Tmpl["Username"])) {
WebSock.GetSession()->AddSuccess("Unblocked [" + Tmpl["Username"] + "]");
} else {
WebSock.GetSession()->AddError("User [" + Tmpl["Username"] + "is not blocked");
}
}
return true;
}
}
return false;
}
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
if (sPageName == "index") {
if (WebSock.IsPost()) {
CUser *pUser = CZNC::Get().FindUser(WebSock.GetParam("user"));
bool bOutgoing = WebSock.GetParam("direction") == "out";
const CString sLine = WebSock.GetParam("line");
if (!pUser) {
Tmpl["user"] = WebSock.GetParam("user");
Tmpl[bOutgoing ? "direction_out" : "direction_in"] = "true";
Tmpl["line"] = sLine;
WebSock.GetSession()->AddError("User not found");
return true;
}
if (bOutgoing) {
pUser->PutIRC(sLine);
} else {
pUser->PutUser(sLine);
}
WebSock.GetSession()->AddSuccess("Line sent");
}
const map<CString,CUser*>& msUsers = CZNC::Get().GetUserMap();
for (map<CString,CUser*>::const_iterator it = msUsers.begin(); it != msUsers.end(); ++it) {
CTemplate& l = Tmpl.AddRow("UserLoop");
l["Username"] = (*it->second).GetUserName();
}
return true;
}
return false;
}
bool OnWebRequest(CWebSock& WebSock, const CString& sPageName,
CTemplate& Tmpl) override {
if (sPageName != "index") {
// only accept requests to index
return false;
}
if (WebSock.IsPost()) {
SetNV("username", WebSock.GetParam("username"));
CString sPassword = WebSock.GetParam("password");
if (!sPassword.empty()) {
SetNV("password", sPassword);
}
SetNV(NV_REQUIRE_AUTH, WebSock.GetParam("require_auth"));
SetNV(NV_MECHANISMS, WebSock.GetParam("mechanisms"));
}
Tmpl["Username"] = GetNV("username");
Tmpl["Password"] = GetNV("password");
Tmpl["RequireAuth"] = GetNV(NV_REQUIRE_AUTH);
Tmpl["Mechanisms"] = GetMechanismsString();
for (const auto& it : SupportedMechanisms) {
CTemplate& Row = Tmpl.AddRow("MechanismLoop");
CString sName(it.szName);
Row["Name"] = sName;
Row["Description"] = CString(it.szDescription);
}
return true;
}
bool OnEmbeddedWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
if (sPageName == "webadmin/network" && WebSock.GetSession()->IsAdmin()) {
CString sAction = Tmpl["WebadminAction"];
CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
if(pNetwork) {
if (sAction == "display") {
Tmpl["CGIEnabled"] = CString(IsEnabled(Tmpl["Username"], pNetwork->GetName()));
return true;
}
if (sAction == "change" && WebSock.GetParam("embed_cgiirc_presented").ToBool()) {
if (WebSock.GetParam("embed_cgiirc_enable").ToBool()) {
if (!WebSock.GetParam("embed_cgiirc_old").ToBool()) {
if (Enable(Tmpl["Username"], pNetwork)) {
WebSock.GetSession()->AddSuccess("CGI:IRC Enabled [" + Tmpl["Username"] + "/" + pNetwork->GetName() + "]");
} else {
WebSock.GetSession()->AddError("Couldn't enable CGI:IRC [" + Tmpl["Username"] + "/" + pNetwork->GetName() + "]");
}
}
} else if (WebSock.GetParam("embed_cgiirc_old").ToBool()){
if (DelNV("Enabled_" + Tmpl["Username"] + "/" + pNetwork->GetName())) {
WebSock.GetSession()->AddSuccess("CGI:IRC Disabled [" + Tmpl["Username"] + "/" + pNetwork->GetName() + "]");
} else {
WebSock.GetSession()->AddError("User [" + Tmpl["Username"] + "/" + pNetwork->GetName() + "] does not have CGI:IRC enabled");
}
}
return true;
}
}
}
return false;
}
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
if (sPageName.empty() || sPageName == "index") {
bool bSubmitted = (WebSock.GetParam("submitted").ToInt() != 0);
const vector<CChan*>& Channels = m_pUser->GetChans();
for (unsigned int c = 0; c < Channels.size(); c++) {
const CString sChan = Channels[c]->GetName();
bool bStick = FindNV(sChan) != EndNV();
if(bSubmitted) {
bool bNewStick = WebSock.GetParam("stick_" + sChan).ToBool();
if(bNewStick && !bStick)
SetNV(sChan, ""); // no password support for now unless chansaver is active too
else if(!bNewStick && bStick) {
MCString::iterator it = FindNV(sChan);
if(it != EndNV())
DelNV(it);
}
bStick = bNewStick;
}
CTemplate& Row = Tmpl.AddRow("ChannelLoop");
Row["Name"] = sChan;
Row["Sticky"] = CString(bStick);
}
if(bSubmitted) {
WebSock.GetSession()->AddSuccess("Changes have been saved!");
}
return true;
}
return false;
}
CString SafeGetUserNameParam(CWebSock& WebSock) {
CString sUserName = WebSock.GetParam("user"); // check for POST param
if(sUserName.empty() && !WebSock.IsPost()) {
// if no POST param named user has been given and we are not
// saving this form, fall back to using the GET parameter.
sUserName = WebSock.GetParam("user", false);
}
return sUserName;
}
CString SafeGetNetworkParam(CWebSock& WebSock) {
CString sNetwork = WebSock.GetParam("network"); // check for POST param
if(sNetwork.empty() && !WebSock.IsPost()) {
// if no POST param named user has been given and we are not
// saving this form, fall back to using the GET parameter.
sNetwork = WebSock.GetParam("network", false);
}
return sNetwork;
}
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
CSmartPtr<CWebSession> spSession = WebSock.GetSession();
if (!m_sSalt.empty()) {
Tmpl["Verify"] = "yes";
Tmpl["Code"] = WebSock.GetParam("code", false);
Tmpl["Username"] = WebSock.GetParam("user", false);
}
if (!WebSock.GetParam("submitted").ToUInt()) {
return true;
}
CString sUsername = WebSock.GetParam("user");
if (CZNC::Get().FindUser(sUsername)) {
WebSock.PrintErrorPage("Invalid Submission [User " + sUsername + " already exists]");
return true;
}
CUser* pNewUser = GetNewUser(WebSock);
if (!pNewUser) {
return true;
}
CString sErr;
CString sAction;
// Add User Submission
if (!CZNC::Get().AddUser(pNewUser, sErr)) {
delete pNewUser;
WebSock.PrintErrorPage("Invalid submission [" + sErr + "]");
return true;
}
sAction = "added";
CTemplate TmplMod;
TmplMod["Username"] = sUsername;
TmplMod["WebadminAction"] = "change";
if (!CZNC::Get().WriteConfig()) {
WebSock.PrintErrorPage("User " + sAction + ", but config was not written");
return true;
}
spSession->SetUser(pNewUser);
WebSock.SetLoggedIn(true);
WebSock.UnPauseRead();
WebSock.Redirect("/?cookie_check=true");
return false;
}
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
if (sPageName == "index") {
if (WebSock.IsPost()) {
CUser *pUser = CZNC::Get().FindUser(WebSock.GetParam("user").Token(0, false, "/"));
if (!pUser) {
WebSock.GetSession()->AddError("User not found");
return true;
}
CIRCNetwork *pNetwork = pUser->FindNetwork(WebSock.GetParam("user").Token(1, false, "/"));
if (!pNetwork) {
WebSock.GetSession()->AddError("Network not found");
return true;
}
bool bToServer = WebSock.GetParam("send_to") == "server";
const CString sLine = WebSock.GetParam("line");
Tmpl["user"] = pUser->GetUserName();
Tmpl[bToServer ? "to_server" : "to_client"] = "true";
Tmpl["line"] = sLine;
if (bToServer) {
pNetwork->PutIRC(sLine);
} else {
pNetwork->PutUser(sLine);
}
WebSock.GetSession()->AddSuccess("Line sent");
}
const map<CString,CUser*>& msUsers = CZNC::Get().GetUserMap();
for (map<CString,CUser*>::const_iterator it = msUsers.begin(); it != msUsers.end(); ++it) {
CTemplate& l = Tmpl.AddRow("UserLoop");
l["Username"] = (*it->second).GetUserName();
vector<CIRCNetwork*> vNetworks = (*it->second).GetNetworks();
for (vector<CIRCNetwork*>::const_iterator it2 = vNetworks.begin(); it2 != vNetworks.end(); ++it2) {
CTemplate& NetworkLoop = l.AddRow("NetworkLoop");
NetworkLoop["Username"] = (*it->second).GetUserName();
NetworkLoop["Network"] = (*it2)->GetName();
}
}
return true;
}
return false;
}
bool ChanPage(CWebSock& WebSock, CTemplate& Tmpl, CIRCNetwork* pNetwork, CChan* pChan = NULL) {
CSmartPtr<CWebSession> spSession = WebSock.GetSession();
Tmpl.SetFile("add_edit_chan.tmpl");
CUser* pUser = pNetwork->GetUser();
if (!pUser) {
WebSock.PrintErrorPage("That user doesn't exist");
return true;
}
if (!WebSock.GetParam("submitted").ToUInt()) {
Tmpl["User"] = pUser->GetUserName();
Tmpl["Network"] = pNetwork->GetName();
if (pChan) {
Tmpl["Action"] = "editchan";
Tmpl["Edit"] = "true";
Tmpl["Title"] = "Edit Channel" + CString(" [" + pChan->GetName() + "]");
Tmpl["ChanName"] = pChan->GetName();
Tmpl["BufferCount"] = CString(pChan->GetBufferCount());
Tmpl["DefModes"] = pChan->GetDefaultModes();
Tmpl["Key"] = pChan->GetKey();
if (pChan->InConfig()) {
Tmpl["InConfig"] = "true";
}
} else {
Tmpl["Action"] = "addchan";
Tmpl["Title"] = "Add Channel" + CString(" for User [" + pUser->GetUserName() + "]");
Tmpl["BufferCount"] = CString(pUser->GetBufferCount());
Tmpl["DefModes"] = CString(pUser->GetDefaultChanModes());
Tmpl["InConfig"] = "true";
}
// o1 used to be AutoCycle which was removed
CTemplate& o2 = Tmpl.AddRow("OptionLoop");
o2["Name"] = "keepbuffer";
o2["DisplayName"] = "Keep Buffer";
if ((pChan && pChan->KeepBuffer()) || (!pChan && pUser->KeepBuffer())) { o2["Checked"] = "true"; }
CTemplate& o3 = Tmpl.AddRow("OptionLoop");
o3["Name"] = "detached";
o3["DisplayName"] = "Detached";
if (pChan && pChan->IsDetached()) { o3["Checked"] = "true"; }
FOR_EACH_MODULE(i, pUser) {
CTemplate& mod = Tmpl.AddRow("EmbeddedModuleLoop");
mod.insert(Tmpl.begin(), Tmpl.end());
mod["WebadminAction"] = "display";
if ((*i)->OnEmbeddedWebRequest(WebSock, "webadmin/channel", mod)) {
mod["Embed"] = WebSock.FindTmpl(*i, "WebadminChan.tmpl");
mod["ModName"] = (*i)->GetModName();
}
}
virtual bool OnEmbeddedWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
if (sPageName == "webadmin/channel") {
CString sChan = Tmpl["ChanName"];
bool bStick = FindNV(sChan) != EndNV();
if (Tmpl["WebadminAction"].Equals("display")) {
Tmpl["Sticky"] = CString(bStick);
} else if (WebSock.GetParam("embed_stickychan_presented").ToBool()) {
bool bNewStick = WebSock.GetParam("embed_stickychan_sticky").ToBool();
if(bNewStick && !bStick) {
SetNV(sChan, ""); // no password support for now unless chansaver is active too
WebSock.GetSession()->AddSuccess("Channel become sticky!");
} else if(!bNewStick && bStick) {
DelNV(sChan);
WebSock.GetSession()->AddSuccess("Channel stopped being sticky!");
}
}
return true;
}
return false;
}
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
if (sPageName == "index") {
for (MCString::iterator it = BeginNV(); it != EndNV(); ++it) {
CTemplate& Row = Tmpl.AddRow("NotesLoop");
Row["Key"] = it->first;
Row["Note"] = it->second;
}
return true;
} else if (sPageName == "delnote") {
DelNote(WebSock.GetParam("key", false));
WebSock.Redirect("/mods/notes/");
return true;
} else if (sPageName == "addnote") {
AddNote(WebSock.GetParam("key"), WebSock.GetParam("note"));
WebSock.Redirect("/mods/notes/");
return true;
}
return false;
}
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
CUser *pUser = WebSock.GetSession()->GetUser();
if (sPageName == "index") {
MSCString::iterator it = m_PubKeys.find(pUser->GetUserName());
if (it != m_PubKeys.end()) {
SCString::iterator it2;
for (it2 = it->second.begin(); it2 != it->second.end(); ++it2) {
CTemplate& row = Tmpl.AddRow("KeyLoop");
row["Key"] = *it2;
}
}
return true;
} else if (sPageName == "add") {
AddKey(pUser, WebSock.GetParam("key"));
WebSock.Redirect(GetWebPath());
return true;
} else if (sPageName == "delete") {
MSCString::iterator it = m_PubKeys.find(pUser->GetUserName());
if (it != m_PubKeys.end()) {
if (it->second.erase(WebSock.GetParam("key", false))) {
if (it->second.size() == 0) {
m_PubKeys.erase(it);
}
Save();
}
}
WebSock.Redirect(GetWebPath());
return true;
}
return false;
}
bool CLogMod::OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
CFile LogFile(m_sLogPath);
CDir LogDir (LogFile.GetDir());
for(std::vector<CFile*>::iterator it = LogDir.begin(); it != LogDir.end(); ++it) {
CTemplate& Row = Tmpl.AddRow("LogsLoop");
Row["File"] = (**it).GetShortName();
}
if (WebSock.HasParam("file", false)) {
CString path = CDir::CheckPathPrefix(GetSavePath(), LogFile.GetDir() + WebSock.GetParam("file", false));
if (path.empty()) {
WebSock.PrintErrorPage("Invalid Path");
return true;
}
CFile DisplayFile(path);
CString content;
DisplayFile.Open();
int PageSize = 1024 * 1024;
int Page = 0;
if (WebSock.HasParam("page", false)) {
Page = WebSock.GetParam("page", false).ToInt();
DisplayFile.Seek(Page * PageSize);
}
Tmpl["Prev"] = CString(Page - 1);
Tmpl["Next"] = CString(Page + 1);
Tmpl["Curr"] = WebSock.GetParam("file", false);
DisplayFile.ReadFile(content, PageSize);
DisplayFile.Close();
Tmpl["Log"] = content;
}
return true;
}
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
if (sPageName == "index") {
bool bSubmitted = (WebSock.GetParam("submitted").ToInt() != 0);
if (bSubmitted) {
CString FormUsername = WebSock.GetParam("user");
if (!FormUsername.empty())
SetUsername(FormUsername);
CString FormPassword = WebSock.GetParam("password");
if (!FormPassword.empty())
SetPassword(FormPassword);
SetUseCloakedHost(WebSock.GetParam("usecloakedhost").ToBool());
SetUseChallenge(WebSock.GetParam("usechallenge").ToBool());
SetRequestPerms(WebSock.GetParam("requestperms").ToBool());
SetJoinOnInvite(WebSock.GetParam("joinoninvite").ToBool());
}
Tmpl["Username"] = m_sUsername;
CTemplate& o1 = Tmpl.AddRow("OptionLoop");
o1["Name"] = "usecloakedhost";
o1["DisplayName"] = "UseCloakedHost";
o1["Tooltip"] = "Whether to cloak your hostname (+x) automatically on connect.";
o1["Checked"] = CString(m_bUseCloakedHost);
CTemplate& o2 = Tmpl.AddRow("OptionLoop");
o2["Name"] = "usechallenge";
o2["DisplayName"] = "UseChallenge";
o2["Tooltip"] = "Whether to use the CHALLENGEAUTH mechanism to avoid sending passwords in cleartext.";
o2["Checked"] = CString(m_bUseChallenge);
CTemplate& o3 = Tmpl.AddRow("OptionLoop");
o3["Name"] = "requestperms";
o3["DisplayName"] = "RequestPerms";
o3["Tooltip"] = "Whether to request voice/op from Q on join/devoice/deop.";
o3["Checked"] = CString(m_bRequestPerms);
CTemplate& o4 = Tmpl.AddRow("OptionLoop");
o4["Name"] = "joinoninvite";
o4["DisplayName"] = "JoinOnInvite";
o4["Tooltip"] = "Whether to join channels when Q invites you.";
o4["Checked"] = CString(m_bJoinOnInvite);
if (bSubmitted) {
WebSock.GetSession()->AddSuccess("Changes have been saved!");
}
return true;
}
return false;
}
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
if (sPageName == "index") {
Tmpl["Cert"] = CString(HasPemFile());
return true;
} else if (sPageName == "update") {
CFile fPemFile(PemFile());
if (fPemFile.Open(O_WRONLY | O_TRUNC | O_CREAT)) {
fPemFile.Write(WebSock.GetParam("cert", true, ""));
fPemFile.Close();
}
WebSock.Redirect("/mods/cert/");
return true;
} else if (sPageName == "delete") {
CFile::Delete(PemFile());
WebSock.Redirect("/mods/cert/");
return true;
}
return false;
}
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
CSmartPtr<CWebSession> spSession = WebSock.GetSession();
if (sPageName == "settings") {
// Admin Check
if (!spSession->IsAdmin()) {
return false;
}
return SettingsPage(WebSock, Tmpl);
} else if (sPageName == "adduser") {
// Admin Check
if (!spSession->IsAdmin()) {
return false;
}
return UserPage(WebSock, Tmpl);
} else if (sPageName == "editchan") {
CUser* pUser = SafeGetUserFromParam(WebSock);
// Admin||Self Check
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
return false;
}
if (!pUser) {
WebSock.PrintErrorPage("No such username");
return true;
}
CString sChan = WebSock.GetParam("name");
if(sChan.empty() && !WebSock.IsPost()) {
sChan = WebSock.GetParam("name", false);
}
CChan* pChan = pUser->FindChan(sChan);
if (!pChan) {
WebSock.PrintErrorPage("No such channel");
return true;
}
return ChanPage(WebSock, Tmpl, pUser, pChan);
} else if (sPageName == "addchan") {
CUser* pUser = SafeGetUserFromParam(WebSock);
// Admin||Self Check
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
return false;
}
if (pUser) {
return ChanPage(WebSock, Tmpl, pUser);
}
WebSock.PrintErrorPage("No such username");
return true;
} else if (sPageName == "delchan") {
CUser* pUser = CZNC::Get().FindUser(WebSock.GetParam("user", false));
// Admin||Self Check
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
return false;
}
if (pUser) {
return DelChan(WebSock, pUser);
}
WebSock.PrintErrorPage("No such username");
return true;
} else if (sPageName == "deluser") {
if (!spSession->IsAdmin()) {
return false;
}
if (!WebSock.IsPost()) {
// Show the "Are you sure?" page:
CString sUser = WebSock.GetParam("user", false);
CUser* pUser = CZNC::Get().FindUser(sUser);
if (!pUser) {
WebSock.PrintErrorPage("No such username");
return true;
}
Tmpl.SetFile("del_user.tmpl");
Tmpl["Username"] = sUser;
return true;
}
// The "Are you sure?" page has been submitted with "Yes",
// so we actually delete the user now:
CString sUser = WebSock.GetParam("user");
CUser* pUser = CZNC::Get().FindUser(sUser);
if (pUser && pUser == spSession->GetUser()) {
WebSock.PrintErrorPage("Please don't delete yourself, suicide is not the answer!");
return true;
} else if (CZNC::Get().DeleteUser(sUser)) {
WebSock.Redirect("listusers");
return true;
}
WebSock.PrintErrorPage("No such username");
return true;
} else if (sPageName == "edituser") {
CString sUserName = SafeGetUserNameParam(WebSock);
CUser* pUser = CZNC::Get().FindUser(sUserName);
if(!pUser) {
if(sUserName.empty()) {
pUser = spSession->GetUser();
} // else: the "no such user" message will be printed.
}
// Admin||Self Check
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
return false;
}
if (pUser) {
return UserPage(WebSock, Tmpl, pUser);
}
WebSock.PrintErrorPage("No such username");
return true;
} else if (sPageName == "listusers" && spSession->IsAdmin()) {
return ListUsersPage(WebSock, Tmpl);
} else if (sPageName == "traffic" && spSession->IsAdmin()) {
return TrafficPage(WebSock, Tmpl);
} else if (sPageName.empty() || sPageName == "index") {
return true;
}
return false;
}
