static void formDeleteAccessLimit(webs_t wp, char_t *path, char_t *query)
{
char_t *url, *ok;
a_assert(wp);
url = websGetVar(wp, T("url"), T(""));
ok = websGetVar(wp, T("ok"), T(""));
websHeader(wp);
websMsgStart(wp);
if (gstricmp(ok, T("ok")) != 0) {
websWrite(wp, T("Delete Access Limit Cancelled"));
} else if (umDeleteAccessLimit(url) != 0) {
websWrite(wp, T("ERROR: Unable to delete Access Limit for [%s]"),
url);
} else {
websWrite(wp, T("Access Limit for [%s], was successfully deleted."),
url);
}
websMsgEnd(wp);
websFooter(wp);
websDone(wp, 200);
}
static void formDeleteGroup(webs_t wp, char_t *path, char_t *query)
{
char_t *group, *ok;
a_assert(wp);
group = websGetVar(wp, T("group"), T(""));
ok = websGetVar(wp, T("ok"), T(""));
websHeader(wp);
websMsgStart(wp);
if (gstricmp(ok, T("ok")) != 0) {
websWrite(wp, T("Delete Group Cancelled."));
} else if ((group == NULL) || (*group == '\0')) {
websWrite(wp, T("ERROR: No group was selected."));
} else if (umGetGroupProtected(group)) {
websWrite(wp, T("ERROR: Group, \"%s\" is delete-protected."), group);
} else if (umGetGroupInUse(group)) {
websWrite(wp, T("ERROR: Group, \"%s\" is being used."), group);
} else if (umDeleteGroup(group) != 0) {
websWrite(wp, T("ERROR: Unable to delete group, \"%s\" "), group);
} else {
websWrite(wp, T("Group, \"%s\" was successfully deleted."), group);
}
websMsgEnd(wp);
websFooter(wp);
websDone(wp, 200);
}
static void formDisplayUser(webs_t wp, char_t *path, char_t *query)
{
char_t *userid, *ok, *temp;
bool_t enabled;
a_assert(wp);
userid = websGetVar(wp, T("user"), T(""));
ok = websGetVar(wp, T("ok"), T(""));
websHeader(wp);
websWrite(wp, T("<body>"));
if (gstricmp(ok, T("ok")) != 0) {
websWrite(wp, T("Display User Cancelled"));
} else if (umUserExists(userid) == FALSE) {
websWrite(wp, T("ERROR: User <b>%s</b> not found.\n"), userid);
} else {
websWrite(wp, T("<h2>User ID: <b>%s</b></h2>\n"), userid);
temp = umGetUserGroup(userid);
websWrite(wp, T("<h3>User Group: <b>%s</b></h3>\n"), temp);
enabled = umGetUserEnabled(userid);
websWrite(wp, T("<h3>Enabled: <b>%d</b></h3>\n"), enabled);
}
websWrite(wp, T("</body>\n"));
websFooter(wp);
websDone(wp, 200);
}
static void formDeleteUser(webs_t wp, char_t *path, char_t *query)
{
char_t *userid, *ok;
a_assert(wp);
userid = websGetVar(wp, T("user"), T(""));
ok = websGetVar(wp, T("ok"), T(""));
websHeader(wp);
websMsgStart(wp);
if (gstricmp(ok, T("ok")) != 0) {
websWrite(wp, T("Delete User Cancelled"));
} else if (umUserExists(userid) == FALSE) {
websWrite(wp, T("ERROR: User \"%s\" not found"), userid);
} else if (umGetUserProtected(userid)) {
websWrite(wp, T("ERROR: User, \"%s\" is delete-protected."), userid);
} else if (umDeleteUser(userid) != 0) {
websWrite(wp, T("ERROR: Unable to delete user, \"%s\" "), userid);
} else {
websWrite(wp, T("User, \"%s\" was successfully deleted."), userid);
}
websMsgEnd(wp);
websFooter(wp);
websDone(wp, 200);
}
static void formLoadUserManagement( webs_t wp, char_t* path, char_t* query )
{
char_t* ok;
a_assert( wp );
ok = websGetVar( wp, T( "ok" ), T( "" ) );
websHeader( wp );
websMsgStart( wp );
if ( gstricmp( ok, T( "ok" ) ) != 0 )
{
websWrite( wp, T( "Load Cancelled." ) );
}
else if ( umRestore( NULL ) != 0 )
{
websWrite( wp, T( "ERROR: Unable to load user configuration." ) );
}
else
{
websWrite( wp, T( "User configuration was re-loaded successfully." ) );
}
websMsgEnd( wp );
websFooter( wp );
websDone( wp, 200 );
}
static void formAddAccessLimit(webs_t wp, char_t *path, char_t *query)
{
char_t *url, *method, *group, *secure, *ok;
int nCheck;
accessMeth_t am;
short nSecure;
a_assert(wp);
url = websGetVar(wp, T("url"), T(""));
group = websGetVar(wp, T("group"), T(""));
method = websGetVar(wp, T("method"), T(""));
secure = websGetVar(wp, T("secure"), T(""));
ok = websGetVar(wp, T("ok"), T(""));
websHeader(wp);
websMsgStart(wp);
if (gstricmp(ok, T("ok")) != 0) {
websWrite(wp, T("Add Access Limit Cancelled."));
} else if ((url == NULL) || (*url == 0)) {
websWrite(wp, T("ERROR: No URL was entered."));
} else if (umAccessLimitExists(url)) {
websWrite(wp, T("ERROR: An Access Limit for [%s] already exists."),
url);
} else {
if (method && *method) {
am = (accessMeth_t) gatoi(method);
} else {
am = AM_FULL;
}
if (secure && *secure) {
nSecure = (short) gatoi(secure);
} else {
nSecure = 0;
}
nCheck = umAddAccessLimit(url, am, nSecure, group);
if (nCheck != 0) {
websWrite(wp, T("Unable to add Access Limit for [%s]"), url);
} else {
websWrite(wp, T("Access limit for [%s], was successfully added."),
url);
}
}
websMsgEnd(wp);
websFooter(wp);
websDone(wp, 200);
}
static void formSaveUserManagement(webs_t wp, char *path, char *query)
{
char *ok;
a_assert(wp);
ok = websGetVar(wp, T("ok"), T(""));
websHeader(wp);
websMsgStart(wp);
if (gstricmp(ok, T("ok")) != 0) {
websWrite(wp, T("Save Cancelled."));
} else if (umCommit(NULL) != 0) {
websWrite(wp, T("ERROR: Unable to save user configuration."));
} else {
websWrite(wp, T("User configuration was saved successfully."));
}
websMsgEnd(wp);
websFooter(wp);
websDone(wp, 200);
}
static void formAddUser(webs_t wp, char_t *path, char_t *query)
{
char_t *userid, *pass1, *pass2, *group, *enabled, *ok;
bool_t bDisable;
int nCheck;
a_assert(wp);
userid = websGetVar(wp, T("user"), T(""));
pass1 = websGetVar(wp, T("password"), T(""));
pass2 = websGetVar(wp, T("passconf"), T(""));
group = websGetVar(wp, T("group"), T(""));
enabled = websGetVar(wp, T("enabled"), T(""));
ok = websGetVar(wp, T("ok"), T(""));
websHeader(wp);
websMsgStart(wp);
if (gstricmp(ok, T("ok")) != 0) {
websWrite(wp, T("Add User Cancelled"));
} else if (gstrcmp(pass1, pass2) != 0) {
websWrite(wp, T("Confirmation Password did not match."));
} else {
if (enabled && *enabled && (gstrcmp(enabled, T("on")) == 0)) {
bDisable = FALSE;
} else {
bDisable = TRUE;
}
nCheck = umAddUser(userid, pass1, group, 0, bDisable);
if (nCheck != 0) {
char_t * strError;
switch (nCheck) {
case UM_ERR_DUPLICATE:
strError = T("User already exists.");
break;
case UM_ERR_BAD_NAME:
strError = T("Invalid user name.");
break;
case UM_ERR_BAD_PASSWORD:
strError = T("Invalid password.");
break;
case UM_ERR_NOT_FOUND:
strError = T("Invalid or unselected group.");
break;
default:
strError = T("Error writing user record.");
break;
}
websWrite(wp, T("Unable to add user, \"%s\". %s"),
userid, strError);
} else {
websWrite(wp, T("User, \"%s\" was successfully added."),
userid);
}
}
websMsgEnd(wp);
websFooter(wp);
websDone(wp, 200);
}
static void formAddGroup(webs_t wp, char_t *path, char_t *query)
{
char_t *group, *enabled, *privilege, *method, *ok, *pChar;
int nCheck;
short priv;
accessMeth_t am;
bool_t bDisable;
a_assert(wp);
group = websGetVar(wp, T("group"), T(""));
method = websGetVar(wp, T("method"), T(""));
enabled = websGetVar(wp, T("enabled"), T(""));
privilege = websGetVar(wp, T("privilege"), T(""));
ok = websGetVar(wp, T("ok"), T(""));
websHeader(wp);
websMsgStart(wp);
if (gstricmp(ok, T("ok")) != 0) {
websWrite(wp, T("Add Group Cancelled."));
} else if ((group == NULL) || (*group == 0)) {
websWrite(wp, T("No Group Name was entered."));
} else if (umGroupExists(group)) {
websWrite(wp, T("ERROR: Group, \"%s\" already exists."), group);
} else {
if (privilege && *privilege) {
/*
* privilege is a mulitple <SELECT> var, and must be parsed.
* Values for these variables are space delimited.
*/
priv = 0;
for (pChar = privilege; *pChar; pChar++) {
if (*pChar == ' ') {
*pChar = '\0';
priv |= gatoi(privilege);
*pChar = ' ';
privilege = pChar + 1;
}
}
priv |= gatoi(privilege);
} else {
priv = 0;
}
if (method && *method) {
am = (accessMeth_t) gatoi(method);
} else {
am = AM_FULL;
}
if (enabled && *enabled && (gstrcmp(enabled, T("on")) == 0)) {
bDisable = FALSE;
} else {
bDisable = TRUE;
}
nCheck = umAddGroup(group, priv, am, 0, bDisable);
if (nCheck != 0) {
websWrite(wp, T("Unable to add group, \"%s\", code: %d "),
group, nCheck);
} else {
websWrite(wp, T("Group, \"%s\" was successfully added."),
group);
}
}
websMsgEnd(wp);
websFooter(wp);
websDone(wp, 200);
}
int serveconnection(int sockfd)
{
FILE *in;
char tempdata[8192], *ptr, *ptr2, *host_ptr1, *host_ptr2;
char tempstring[8192], mimetype[50];
char filename[255];
unsigned int loop=0, flag=0;
int numbytes=0;
struct sockaddr_in sa;
int addrlen = sizeof(struct sockaddr_in);
t_vhost *thehost;
thehost = &defaulthost;
// tempdata is the full header, tempstring is just the command
while(!strstr(tempdata, "\r\n\r\n") && !strstr(tempdata, "\n\n"))
{
if((numbytes=recv(sockfd, tempdata+numbytes, 4096-numbytes, 0))==-1)
return -1;
}
for(loop=0; loop<4096 && tempdata[loop]!='\n' && tempdata[loop]!='\r'; loop++)
tempstring[loop] = tempdata[loop];
tempstring[loop] = '\0';
ptr = strtok(tempstring, " ");
if(ptr == 0) return -1;
if(strcmp(ptr, "GET"))
{
strcpy(filename, SERVERROOT);
strcat(filename, "/cmderror.html");
goto sendpage;
}
ptr = strtok(NULL, " ");
if(ptr == NULL)
{
strcpy(filename, SERVERROOT);
strcat(filename, "/cmderror.html");
goto sendpage;
}
host_ptr1 = strstr(tempdata, "Host:");
if(host_ptr1)
{
host_ptr2 = strtok(host_ptr1+6, " \r\n\t");
for(loop=0; loop<no_vhosts; loop++)
if(!gstricmp(vhosts[loop].host, host_ptr2))
thehost = &vhosts[loop];
}
else
thehost = &defaulthost;
if(strstr(ptr, "/.."))
{
strcpy(filename, SERVERROOT);
strcat(filename, "/404.html");
goto sendpage;
}
getpeername(sockfd, (struct sockaddr *)&sa, &addrlen);
Log("Connection from %s, request = \"GET %s\"", inet_ntoa(sa.sin_addr), ptr);
if(!strncmp(ptr, thehost->CGIBINDIR, strlen(thehost->CGIBINDIR)))
{/* Trying to execute a cgi-bin file ? lets check */
ptr2 = strstr(ptr, "?");
if(ptr2!=NULL) { ptr2[0] = '\0'; flag = 1; }
strcpy(filename, thehost->CGIBINROOT);
ptr += strlen(thehost->CGIBINDIR);
strcat(filename, ptr);
// Filename = program to execute
// ptr = filename in cgi-bin dir
// ptr2+1 = parameters
if(does_file_exist(filename)==TRUE && isDirectory(filename)==FALSE)
{
if(send(sockfd, "HTTP/1.1 200 OK\n", 16, 0)==-1)
{
fclose(in);
return -1;
}
if(send(sockfd, "Server: "SERVERNAME"\n", strlen("Server: "SERVERNAME"\n"), 0)==-1)
{
fclose(in);
return -1;
}
// Is a CGI-program that needs executing
if(0 != dup2(sockfd, 0) || 1 != dup2(sockfd, 1))
return -1;
setbuf(stdin, 0);
setbuf(stdout, 0);
if(flag==1) setenv("QUERY_STRING", ptr2+1, 1);
chdir(thehost->CGIBINROOT);
execl(filename, "");
}
strcpy(filename, SERVERROOT);
strcat(filename, "/cgierror.html");
goto sendpage;
}
strcpy(filename, thehost->DOCUMENTROOT);
strcat(filename, ptr);
if(does_file_exist(filename)==FALSE)
{
if(filename[strlen(filename)-1] == '/')
strcat(filename, thehost->DEFAULTPAGE);
else
{
strcat(filename, "/");
strcat(filename, thehost->DEFAULTPAGE);
}
if(does_file_exist(filename) == FALSE)
{
filename[strlen(filename)-strlen(thehost->DEFAULTPAGE)-1] = '\0'; // Get rid of the /index..
if(isDirectory(filename) == TRUE) { showdir(filename, sockfd, thehost); return 0; }
// File does not exist, so we need to display the 404 error page..
strcpy(filename, SERVERROOT);
strcat(filename, "/404.html");
}
}
sendpage:
if((in = fopen(filename, "rb"))==NULL)
return -1;
fseek(in, 0, SEEK_END);
if(send(sockfd, "HTTP/1.1 200 OK\n", 16, 0)==-1)
{
fclose(in);
return -1;
}
if(send(sockfd, "Server: "SERVERNAME"\n", strlen("Server: "SERVERNAME"\n"), 0)==-1)
{
fclose(in);
return -1;
}
sprintf(tempstring, "Content-Length: %d\n", ftell(in));
if(send(sockfd, tempstring, strlen(tempstring), 0)==-1)
{
fclose(in);
return -1;
}
getmimetype(filename, mimetype);
sprintf(tempstring, "Content-Type: %s\n\n", mimetype);
if(send(sockfd, tempstring, strlen(tempstring), 0)==-1)
{
fclose(in);
return -1;
}
fseek(in, 0, SEEK_SET);
while(!feof(in))
{
numbytes = fread(tempdata, 1, 1024, in);
if(send(sockfd, tempdata, numbytes, 0)==-1)
{
fclose(in);
return -1;
}
}
fclose(in);
close(sockfd);
return 0;
}
int dbSearchStr(int did, char_t *tablename,
char_t *colName, char_t *value, int flags)
{
int tid, nRows, nColumns, column;
int match = 0;
dbTable_t *pTable;
a_assert(tablename);
a_assert(colName);
a_assert(value);
tid = dbGetTableId(0, tablename);
a_assert(tid >= 0);
if ((tid >= 0) && (tid < dbMaxTables) && (dbListTables[tid] != NULL)) {
pTable = dbListTables[tid];
} else {
return DB_ERR_TABLE_NOT_FOUND;
}
nColumns = pTable->nColumns;
nRows = pTable->nRows;
column = GetColumnIndex(tid, colName);
a_assert (column >= 0);
if (column >= 0) {
char_t *compareVal;
int row, *pRow;
/*
* Scan through rows until we find a match.
* Note that some of these rows may be deleted!
*/
row = 0;
while (row < nRows) {
pRow = pTable->rows[row];
if (pRow) {
compareVal = (char_t *)(pRow[column]);
if (NULL != compareVal)
{
if (DB_CASE_INSENSITIVE == flags)
{
match = gstricmp(compareVal, value);
}
else
{
match = gstrcmp(compareVal, value);
}
if (0 == match)
{
return row;
}
}
}
row++;
}
} else {
/*
* Return -2 if search column was not found
*/
trace(3, T("DB: Unable to find column <%s> in table <%s>\n"),
colName, tablename);
return DB_ERR_COL_NOT_FOUND;
}
return -1;
}