virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
if (sPageName == "index") {
for (MCString::iterator it = BeginNV(); it != EndNV(); ++it) {
CTemplate& Row = Tmpl.AddRow("NotesLoop");
Row["Key"] = it->first;
Row["Note"] = it->second;
}
return true;
} else if (sPageName == "delnote") {
DelNote(WebSock.GetParam("key", false));
WebSock.Redirect("/mods/notes/");
return true;
} else if (sPageName == "addnote") {
AddNote(WebSock.GetParam("key"), WebSock.GetParam("note"));
WebSock.Redirect("/mods/notes/");
return true;
}
return false;
}
void CWebAuth::AcceptedLogin(CUser& User) {
if (m_pWebSock) {
CSmartPtr<CWebSession> spSession = m_pWebSock->GetSession();
spSession->SetUser(&User);
m_pWebSock->SetLoggedIn(true);
m_pWebSock->UnPauseRead();
m_pWebSock->Redirect("/?cookie_check=true");
DEBUG("Successful login attempt ==> USER [" + User.GetUserName() + "] ==> SESSION [" + spSession->GetId() + "]");
}
}
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
if (sPageName == "index") {
Tmpl["Cert"] = CString(HasPemFile());
return true;
} else if (sPageName == "update") {
CFile fPemFile(PemFile());
if (fPemFile.Open(O_WRONLY | O_TRUNC | O_CREAT)) {
fPemFile.Write(WebSock.GetParam("cert", true, ""));
fPemFile.Close();
}
WebSock.Redirect("/mods/cert/");
return true;
} else if (sPageName == "delete") {
CFile::Delete(PemFile());
WebSock.Redirect("/mods/cert/");
return true;
}
return false;
}
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
CSmartPtr<CWebSession> spSession = WebSock.GetSession();
if (!m_sSalt.empty()) {
Tmpl["Verify"] = "yes";
Tmpl["Code"] = WebSock.GetParam("code", false);
Tmpl["Username"] = WebSock.GetParam("user", false);
}
if (!WebSock.GetParam("submitted").ToUInt()) {
return true;
}
CString sUsername = WebSock.GetParam("user");
if (CZNC::Get().FindUser(sUsername)) {
WebSock.PrintErrorPage("Invalid Submission [User " + sUsername + " already exists]");
return true;
}
CUser* pNewUser = GetNewUser(WebSock);
if (!pNewUser) {
return true;
}
CString sErr;
CString sAction;
// Add User Submission
if (!CZNC::Get().AddUser(pNewUser, sErr)) {
delete pNewUser;
WebSock.PrintErrorPage("Invalid submission [" + sErr + "]");
return true;
}
sAction = "added";
CTemplate TmplMod;
TmplMod["Username"] = sUsername;
TmplMod["WebadminAction"] = "change";
if (!CZNC::Get().WriteConfig()) {
WebSock.PrintErrorPage("User " + sAction + ", but config was not written");
return true;
}
spSession->SetUser(pNewUser);
WebSock.SetLoggedIn(true);
WebSock.UnPauseRead();
WebSock.Redirect("/?cookie_check=true");
return false;
}
void CWebAuth::RefusedLogin(const CString& sReason) {
if (m_pWebSock) {
CSmartPtr<CWebSession> spSession = m_pWebSock->GetSession();
spSession->AddError("Invalid login!");
spSession->SetUser(NULL);
m_pWebSock->SetLoggedIn(false);
m_pWebSock->UnPauseRead();
m_pWebSock->Redirect("/?cookie_check=true");
DEBUG("UNSUCCESSFUL login attempt ==> REASON [" + sReason + "] ==> SESSION [" + spSession->GetId() + "]");
}
}
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
CUser *pUser = WebSock.GetSession()->GetUser();
if (sPageName == "index") {
MSCString::iterator it = m_PubKeys.find(pUser->GetUserName());
if (it != m_PubKeys.end()) {
SCString::iterator it2;
for (it2 = it->second.begin(); it2 != it->second.end(); ++it2) {
CTemplate& row = Tmpl.AddRow("KeyLoop");
row["Key"] = *it2;
}
}
return true;
} else if (sPageName == "add") {
AddKey(pUser, WebSock.GetParam("key"));
WebSock.Redirect(GetWebPath());
return true;
} else if (sPageName == "delete") {
MSCString::iterator it = m_PubKeys.find(pUser->GetUserName());
if (it != m_PubKeys.end()) {
if (it->second.erase(WebSock.GetParam("key", false))) {
if (it->second.size() == 0) {
m_PubKeys.erase(it);
}
Save();
}
}
WebSock.Redirect(GetWebPath());
return true;
}
return false;
}
void CWebAuth::RefusedLogin(const CString& sReason) {
if (m_pWebSock) {
std::shared_ptr<CWebSession> spSession = m_pWebSock->GetSession();
spSession->AddError("Invalid login!");
spSession->SetUser(nullptr);
m_pWebSock->SetLoggedIn(false);
m_pWebSock->UnPauseRead();
if (m_bBasic) {
m_pWebSock->AddHeader("WWW-Authenticate", "Basic realm=\"ZNC\"");
m_pWebSock->CHTTPSock::PrintErrorPage(401, "Unauthorized", "HTTP Basic authentication attemped with invalid credentials");
// Why CWebSock makes this function protected?..
} else {
m_pWebSock->Redirect("/?cookie_check=true");
}
DEBUG("UNSUCCESSFUL login attempt ==> REASON [" + sReason + "] ==> SESSION [" + spSession->GetId() + "]");
}
}
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
CSmartPtr<CWebSession> spSession = WebSock.GetSession();
if (sPageName == "settings") {
// Admin Check
if (!spSession->IsAdmin()) {
return false;
}
return SettingsPage(WebSock, Tmpl);
} else if (sPageName == "adduser") {
// Admin Check
if (!spSession->IsAdmin()) {
return false;
}
return UserPage(WebSock, Tmpl);
} else if (sPageName == "editchan") {
CUser* pUser = SafeGetUserFromParam(WebSock);
// Admin||Self Check
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
return false;
}
if (!pUser) {
WebSock.PrintErrorPage("No such username");
return true;
}
CString sChan = WebSock.GetParam("name");
if(sChan.empty() && !WebSock.IsPost()) {
sChan = WebSock.GetParam("name", false);
}
CChan* pChan = pUser->FindChan(sChan);
if (!pChan) {
WebSock.PrintErrorPage("No such channel");
return true;
}
return ChanPage(WebSock, Tmpl, pUser, pChan);
} else if (sPageName == "addchan") {
CUser* pUser = SafeGetUserFromParam(WebSock);
// Admin||Self Check
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
return false;
}
if (pUser) {
return ChanPage(WebSock, Tmpl, pUser);
}
WebSock.PrintErrorPage("No such username");
return true;
} else if (sPageName == "delchan") {
CUser* pUser = CZNC::Get().FindUser(WebSock.GetParam("user", false));
// Admin||Self Check
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
return false;
}
if (pUser) {
return DelChan(WebSock, pUser);
}
WebSock.PrintErrorPage("No such username");
return true;
} else if (sPageName == "deluser") {
if (!spSession->IsAdmin()) {
return false;
}
if (!WebSock.IsPost()) {
// Show the "Are you sure?" page:
CString sUser = WebSock.GetParam("user", false);
CUser* pUser = CZNC::Get().FindUser(sUser);
if (!pUser) {
WebSock.PrintErrorPage("No such username");
return true;
}
Tmpl.SetFile("del_user.tmpl");
Tmpl["Username"] = sUser;
return true;
}
// The "Are you sure?" page has been submitted with "Yes",
// so we actually delete the user now:
CString sUser = WebSock.GetParam("user");
CUser* pUser = CZNC::Get().FindUser(sUser);
if (pUser && pUser == spSession->GetUser()) {
WebSock.PrintErrorPage("Please don't delete yourself, suicide is not the answer!");
return true;
} else if (CZNC::Get().DeleteUser(sUser)) {
WebSock.Redirect("listusers");
return true;
}
WebSock.PrintErrorPage("No such username");
return true;
} else if (sPageName == "edituser") {
CString sUserName = SafeGetUserNameParam(WebSock);
CUser* pUser = CZNC::Get().FindUser(sUserName);
if(!pUser) {
if(sUserName.empty()) {
pUser = spSession->GetUser();
} // else: the "no such user" message will be printed.
}
// Admin||Self Check
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
return false;
}
if (pUser) {
return UserPage(WebSock, Tmpl, pUser);
}
WebSock.PrintErrorPage("No such username");
return true;
} else if (sPageName == "listusers" && spSession->IsAdmin()) {
return ListUsersPage(WebSock, Tmpl);
} else if (sPageName == "traffic" && spSession->IsAdmin()) {
return TrafficPage(WebSock, Tmpl);
} else if (sPageName.empty() || sPageName == "index") {
return true;
}
return false;
}
