/* * This is the sending side of the chat window. The form is designed to transmit asynchronously. */ void chat_send(void) { char send_this[SIZ]; char buf[SIZ]; begin_ajax_response(); if (havebstr("send_this")) { strcpy(send_this, bstr("send_this")); } else { strcpy(send_this, ""); } if (havebstr("exit_button")) { strcpy(send_this, "/quit"); } if (!IsEmptyStr(send_this)) { serv_puts("RCHT send"); serv_getln(buf, sizeof buf); if (buf[0] == '4') { text_to_server(send_this); serv_puts("000"); } } end_ajax_response(); }
/* * Entry point for WebCit transaction */ void session_loop(void) { int xhttp; StrBuf *Buf; /* * We stuff these with the values coming from the client cookies, * so we can use them to reconnect a timed out session if we have to. */ wcsession *WCC; WCC= WC; WCC->upload_length = 0; WCC->upload = NULL; WCC->Hdr->nWildfireHeaders = 0; if (WCC->Hdr->HR.ContentLength > 0) { if (ReadPostData() < 0) { return; } } Buf = NewStrBuf(); WCC->trailing_javascript = NewStrBuf(); /* Convert base64-encoded URL's back to plain text */ if (!strncmp(ChrPtr(WCC->Hdr->this_page), "/B64", 4)) { StrBufCutLeft(WCC->Hdr->this_page, 4); StrBufDecodeBase64(WCC->Hdr->this_page); http_redirect(ChrPtr(WCC->Hdr->this_page)); goto SKIP_ALL_THIS_CRAP; } /* If there are variables in the URL, we must grab them now */ if (WCC->Hdr->PlainArgs != NULL) ParseURLParams(WCC->Hdr->PlainArgs); /* If the client sent a nonce that is incorrect, kill the request. */ if (havebstr("nonce")) { if (verbose) syslog(LOG_DEBUG, "Comparing supplied nonce %s to session nonce %d", bstr("nonce"), WCC->nonce ); if (ibstr("nonce") != WCC->nonce) { syslog(LOG_INFO, "Ignoring request with mismatched nonce."); hprintf("HTTP/1.1 404 Security check failed\r\n"); hprintf("Content-Type: text/plain\r\n"); begin_burst(); wc_printf("Security check failed.\r\n"); end_burst(); goto SKIP_ALL_THIS_CRAP; } } /* * If we're not connected to a Citadel server, try to hook up the connection now. */ if (!WCC->connected) { if (GetConnected()) { hprintf("HTTP/1.1 503 Service Unavailable\r\n"); hprintf("Content-Type: text/html\r\n"); begin_burst(); wc_printf("<html><head><title>503 Service Unavailable</title></head><body>\n"); wc_printf(_("This program was unable to connect or stay " "connected to the Citadel server. Please report " "this problem to your system administrator.") ); wc_printf("<br>"); wc_printf("<a href=\"http://www.citadel.org/doku.php/" "faq:generalquestions:webcit_unable_to_connect\">%s</a>", _("Read More...") ); wc_printf("</body></html>\n"); end_burst(); goto SKIP_ALL_THIS_CRAP; } } /* * If we're not logged in, but we have authentication data (either from * a cookie or from http-auth), try logging in to Citadel using that. */ if ( (!WCC->logged_in) && (StrLength(WCC->Hdr->c_username) > 0) && (StrLength(WCC->Hdr->c_password) > 0) ) { long Status; FlushStrBuf(Buf); serv_printf("USER %s", ChrPtr(WCC->Hdr->c_username)); StrBuf_ServGetln(Buf); if (GetServerStatus(Buf, &Status) == 3) { serv_printf("PASS %s", ChrPtr(WCC->Hdr->c_password)); StrBuf_ServGetln(Buf); if (GetServerStatus(Buf, NULL) == 2) { become_logged_in(WCC->Hdr->c_username, WCC->Hdr->c_password, Buf); } else { /* Should only display when password is wrong */ WCC->ImportantMsg = NewStrBufPlain(ChrPtr(Buf) + 4, StrLength(Buf) - 4); authorization_required(); FreeStrBuf(&Buf); goto SKIP_ALL_THIS_CRAP; } } else if (Status == 541) { WCC->logged_in = 1; } } xhttp = (WCC->Hdr->HR.eReqType != eGET) && (WCC->Hdr->HR.eReqType != ePOST) && (WCC->Hdr->HR.eReqType != eHEAD); /* * If a 'go' (or 'gotofirst') parameter has been specified, attempt to goto that room * prior to doing anything else. */ if (havebstr("go")) { int ret; if (verbose) syslog(LOG_DEBUG, "Explicit room selection: %s", bstr("go")); ret = gotoroom(sbstr("go")); /* do quietly to avoid session output! */ if ((ret/100) != 2) { if (verbose) syslog(LOG_DEBUG, "Unable to change to [%s]; Reason: %d", bstr("go"), ret); } } else if (havebstr("gotofirst")) { int ret; if (verbose) syslog(LOG_DEBUG, "Explicit room selection: %s", bstr("gotofirst")); ret = gotoroom(sbstr("gotofirst")); /* do quietly to avoid session output! */ if ((ret/100) != 2) { syslog(LOG_INFO, "Unable to change to [%s]; Reason: %d", bstr("gotofirst"), ret); } } /* * If we aren't in any room yet, but we have cookie data telling us where we're * supposed to be, and 'go' was not specified, then go there. */ else if ( (StrLength(WCC->CurRoom.name) == 0) && ( (StrLength(WCC->Hdr->c_roomname) > 0) )) { int ret; if (verbose) syslog(LOG_DEBUG, "We are in '%s' but cookie indicates '%s', going there...", ChrPtr(WCC->CurRoom.name), ChrPtr(WCC->Hdr->c_roomname) ); ret = gotoroom(WCC->Hdr->c_roomname); /* do quietly to avoid session output! */ if ((ret/100) != 2) { if (verbose) syslog(LOG_DEBUG, "COOKIEGOTO: Unable to change to [%s]; Reason: %d", ChrPtr(WCC->Hdr->c_roomname), ret); } } if (WCC->Hdr->HR.Handler != NULL) { if ( (!WCC->logged_in) && ((WCC->Hdr->HR.Handler->Flags & ANONYMOUS) == 0) && (WCC->serv_info != NULL) && (WCC->serv_info->serv_supports_guest == 0) ) { display_login(); } else { if ((WCC->Hdr->HR.Handler->Flags & AJAX) != 0) { begin_ajax_response(); } WCC->Hdr->HR.Handler->F(); if ((WCC->Hdr->HR.Handler->Flags & AJAX) != 0) { end_ajax_response(); } } } /* When all else fails, display the default landing page or a main menu. */ else { /* * ordinary browser users get a nice login screen, DAV etc. requsets * are given a 401 so they can handle it appropriate. */ if (!WCC->logged_in) { if (xhttp) { authorization_required(); } else { display_default_landing_page(); } } /* * Toplevel dav requests? or just a flat browser request? */ else { if (xhttp) { dav_main(); } else { display_main_menu(); } } } SKIP_ALL_THIS_CRAP: FreeStrBuf(&Buf); fflush(stdout); }
/* * Wraps a Citadel server command in an AJAX transaction. */ void ajax_servcmd(void) { wcsession *WCC = WC; int Done = 0; StrBuf *Buf; char *junk; size_t len; if (verbose) syslog(LOG_DEBUG, "ajax_servcmd() g_cmd=\"%s\"", bstr("g_cmd") ); begin_ajax_response(); Buf = NewStrBuf(); serv_puts(bstr("g_cmd")); StrBuf_ServGetln(Buf); StrBufAppendBuf(WCC->WBuf, Buf, 0); StrBufAppendBufPlain(WCC->WBuf, HKEY("\n"), 0); switch (GetServerStatus(Buf, NULL)) { case 8: serv_puts("\n\n000"); if ( (StrLength(Buf)==3) && !strcmp(ChrPtr(Buf), "000")) { StrBufAppendBufPlain(WCC->WBuf, HKEY("\000"), 0); break; } case 1: while (!Done) { if (StrBuf_ServGetln(Buf) < 0) break; if ( (StrLength(Buf)==3) && !strcmp(ChrPtr(Buf), "000")) { Done = 1; } StrBufAppendBuf(WCC->WBuf, Buf, 0); StrBufAppendBufPlain(WCC->WBuf, HKEY("\n"), 0); } break; case 4: text_to_server(bstr("g_input")); serv_puts("000"); break; case 6: len = atol(&ChrPtr(Buf)[4]); StrBuf_ServGetBLOBBuffered(Buf, len); break; case 7: len = atol(&ChrPtr(Buf)[4]); junk = malloc(len); memset(junk, 0, len); serv_write(junk, len); free(junk); } end_ajax_response(); /* * This is kind of an ugly hack, but this is the only place it can go. * If the command was GEXP, then the instant messenger window must be * running, so reset the "last_pager_check" watchdog timer so * that page_popup() doesn't try to open it a second time. TODO: page_popup isn't with us anymore. */ if (!strncasecmp(bstr("g_cmd"), "GEXP", 4)) { WCC->last_pager_check = time(NULL); } FreeStrBuf(&Buf); }
/* * Background ajax call to receive updates from the browser when a note is moved, resized, or updated. */ void ajax_update_note(void) { char buf[1024]; int msgnum; struct vnote *v = NULL; if (!havebstr("note_uid")) { begin_ajax_response(); wc_printf("Received ajax_update_note() request without a note UID."); end_ajax_response(); return; } serv_printf("EUID %s", bstr("note_uid")); serv_getln(buf, sizeof buf); if (buf[0] != '2') { begin_ajax_response(); wc_printf("Cannot find message containing vNote with the requested uid!"); end_ajax_response(); return; } msgnum = atol(&buf[4]); /* Was this request a delete operation? If so, nuke it... */ if (havebstr("deletenote")) { if (!strcasecmp(bstr("deletenote"), "yes")) { serv_printf("DELE %d", msgnum); serv_getln(buf, sizeof buf); begin_ajax_response(); wc_printf("%s", buf); end_ajax_response(); return; } } /* If we get to this point it's an update, not a delete */ v = vnote_new_from_msg(msgnum, 0); if (!v) { begin_ajax_response(); wc_printf("Cannot locate a vNote within message %d\n", msgnum); end_ajax_response(); return; } /* Make any requested changes */ if (havebstr("top")) { v->pos_top = atoi(bstr("top")); } if (havebstr("left")) { v->pos_left = atoi(bstr("left")); } if (havebstr("height")) { v->pos_height = atoi(bstr("height")); } if (havebstr("width")) { v->pos_width = atoi(bstr("width")); } if (havebstr("red")) { v->color_red = atoi(bstr("red")); } if (havebstr("green")) { v->color_green = atoi(bstr("green")); } if (havebstr("blue")) { v->color_blue = atoi(bstr("blue")); } if (havebstr("value")) { /* I would have preferred 'body' but InPlaceEditor hardcodes 'value' */ if (v->body) free(v->body); v->body = strdup(bstr("value")); } /* Serialize it and save it to the message base. Server will delete the old one. */ write_vnote_to_server(v); begin_ajax_response(); if (v->body) { escputs(v->body); } end_ajax_response(); vnote_free(v); }