/*
* This is the sending side of the chat window. The form is designed to transmit asynchronously.
*/
void chat_send(void) {
char send_this[SIZ];
char buf[SIZ];
begin_ajax_response();
if (havebstr("send_this")) {
strcpy(send_this, bstr("send_this"));
}
else {
strcpy(send_this, "");
}
if (havebstr("exit_button")) {
strcpy(send_this, "/quit");
}
if (!IsEmptyStr(send_this)) {
serv_puts("RCHT send");
serv_getln(buf, sizeof buf);
if (buf[0] == '4') {
text_to_server(send_this);
serv_puts("000");
}
}
end_ajax_response();
}
/*
* Entry point for WebCit transaction
*/
void session_loop(void)
{
int xhttp;
StrBuf *Buf;
/*
* We stuff these with the values coming from the client cookies,
* so we can use them to reconnect a timed out session if we have to.
*/
wcsession *WCC;
WCC= WC;
WCC->upload_length = 0;
WCC->upload = NULL;
WCC->Hdr->nWildfireHeaders = 0;
if (WCC->Hdr->HR.ContentLength > 0) {
if (ReadPostData() < 0) {
return;
}
}
Buf = NewStrBuf();
WCC->trailing_javascript = NewStrBuf();
/* Convert base64-encoded URL's back to plain text */
if (!strncmp(ChrPtr(WCC->Hdr->this_page), "/B64", 4)) {
StrBufCutLeft(WCC->Hdr->this_page, 4);
StrBufDecodeBase64(WCC->Hdr->this_page);
http_redirect(ChrPtr(WCC->Hdr->this_page));
goto SKIP_ALL_THIS_CRAP;
}
/* If there are variables in the URL, we must grab them now */
if (WCC->Hdr->PlainArgs != NULL)
ParseURLParams(WCC->Hdr->PlainArgs);
/* If the client sent a nonce that is incorrect, kill the request. */
if (havebstr("nonce")) {
if (verbose)
syslog(LOG_DEBUG, "Comparing supplied nonce %s to session nonce %d",
bstr("nonce"), WCC->nonce
);
if (ibstr("nonce") != WCC->nonce) {
syslog(LOG_INFO, "Ignoring request with mismatched nonce.");
hprintf("HTTP/1.1 404 Security check failed\r\n");
hprintf("Content-Type: text/plain\r\n");
begin_burst();
wc_printf("Security check failed.\r\n");
end_burst();
goto SKIP_ALL_THIS_CRAP;
}
}
/*
* If we're not connected to a Citadel server, try to hook up the connection now.
*/
if (!WCC->connected) {
if (GetConnected()) {
hprintf("HTTP/1.1 503 Service Unavailable\r\n");
hprintf("Content-Type: text/html\r\n");
begin_burst();
wc_printf("<html><head><title>503 Service Unavailable</title></head><body>\n");
wc_printf(_("This program was unable to connect or stay "
"connected to the Citadel server. Please report "
"this problem to your system administrator.")
);
wc_printf("<br>");
wc_printf("<a href=\"http://www.citadel.org/doku.php/"
"faq:generalquestions:webcit_unable_to_connect\">%s</a>",
_("Read More...")
);
wc_printf("</body></html>\n");
end_burst();
goto SKIP_ALL_THIS_CRAP;
}
}
/*
* If we're not logged in, but we have authentication data (either from
* a cookie or from http-auth), try logging in to Citadel using that.
*/
if ( (!WCC->logged_in)
&& (StrLength(WCC->Hdr->c_username) > 0)
&& (StrLength(WCC->Hdr->c_password) > 0)
) {
long Status;
FlushStrBuf(Buf);
serv_printf("USER %s", ChrPtr(WCC->Hdr->c_username));
StrBuf_ServGetln(Buf);
if (GetServerStatus(Buf, &Status) == 3) {
serv_printf("PASS %s", ChrPtr(WCC->Hdr->c_password));
StrBuf_ServGetln(Buf);
if (GetServerStatus(Buf, NULL) == 2) {
become_logged_in(WCC->Hdr->c_username,
WCC->Hdr->c_password, Buf);
} else {
/* Should only display when password is wrong */
WCC->ImportantMsg = NewStrBufPlain(ChrPtr(Buf) + 4, StrLength(Buf) - 4);
authorization_required();
FreeStrBuf(&Buf);
goto SKIP_ALL_THIS_CRAP;
}
}
else if (Status == 541) {
WCC->logged_in = 1;
}
}
xhttp = (WCC->Hdr->HR.eReqType != eGET) &&
(WCC->Hdr->HR.eReqType != ePOST) &&
(WCC->Hdr->HR.eReqType != eHEAD);
/*
* If a 'go' (or 'gotofirst') parameter has been specified, attempt to goto that room
* prior to doing anything else.
*/
if (havebstr("go")) {
int ret;
if (verbose)
syslog(LOG_DEBUG, "Explicit room selection: %s", bstr("go"));
ret = gotoroom(sbstr("go")); /* do quietly to avoid session output! */
if ((ret/100) != 2) {
if (verbose)
syslog(LOG_DEBUG, "Unable to change to [%s]; Reason: %d", bstr("go"), ret);
}
}
else if (havebstr("gotofirst")) {
int ret;
if (verbose)
syslog(LOG_DEBUG, "Explicit room selection: %s", bstr("gotofirst"));
ret = gotoroom(sbstr("gotofirst")); /* do quietly to avoid session output! */
if ((ret/100) != 2) {
syslog(LOG_INFO, "Unable to change to [%s]; Reason: %d", bstr("gotofirst"), ret);
}
}
/*
* If we aren't in any room yet, but we have cookie data telling us where we're
* supposed to be, and 'go' was not specified, then go there.
*/
else if ( (StrLength(WCC->CurRoom.name) == 0) && ( (StrLength(WCC->Hdr->c_roomname) > 0) )) {
int ret;
if (verbose)
syslog(LOG_DEBUG, "We are in '%s' but cookie indicates '%s', going there...",
ChrPtr(WCC->CurRoom.name),
ChrPtr(WCC->Hdr->c_roomname)
);
ret = gotoroom(WCC->Hdr->c_roomname); /* do quietly to avoid session output! */
if ((ret/100) != 2) {
if (verbose)
syslog(LOG_DEBUG, "COOKIEGOTO: Unable to change to [%s]; Reason: %d",
ChrPtr(WCC->Hdr->c_roomname), ret);
}
}
if (WCC->Hdr->HR.Handler != NULL) {
if ( (!WCC->logged_in)
&& ((WCC->Hdr->HR.Handler->Flags & ANONYMOUS) == 0)
&& (WCC->serv_info != NULL)
&& (WCC->serv_info->serv_supports_guest == 0)
) {
display_login();
}
else {
if ((WCC->Hdr->HR.Handler->Flags & AJAX) != 0) {
begin_ajax_response();
}
WCC->Hdr->HR.Handler->F();
if ((WCC->Hdr->HR.Handler->Flags & AJAX) != 0) {
end_ajax_response();
}
}
}
/* When all else fails, display the default landing page or a main menu. */
else {
/*
* ordinary browser users get a nice login screen, DAV etc. requsets
* are given a 401 so they can handle it appropriate.
*/
if (!WCC->logged_in) {
if (xhttp) {
authorization_required();
}
else {
display_default_landing_page();
}
}
/*
* Toplevel dav requests? or just a flat browser request?
*/
else {
if (xhttp) {
dav_main();
}
else {
display_main_menu();
}
}
}
SKIP_ALL_THIS_CRAP:
FreeStrBuf(&Buf);
fflush(stdout);
}
/*
* Wraps a Citadel server command in an AJAX transaction.
*/
void ajax_servcmd(void)
{
wcsession *WCC = WC;
int Done = 0;
StrBuf *Buf;
char *junk;
size_t len;
if (verbose)
syslog(LOG_DEBUG, "ajax_servcmd() g_cmd=\"%s\"", bstr("g_cmd") );
begin_ajax_response();
Buf = NewStrBuf();
serv_puts(bstr("g_cmd"));
StrBuf_ServGetln(Buf);
StrBufAppendBuf(WCC->WBuf, Buf, 0);
StrBufAppendBufPlain(WCC->WBuf, HKEY("\n"), 0);
switch (GetServerStatus(Buf, NULL)) {
case 8:
serv_puts("\n\n000");
if ( (StrLength(Buf)==3) &&
!strcmp(ChrPtr(Buf), "000")) {
StrBufAppendBufPlain(WCC->WBuf, HKEY("\000"), 0);
break;
}
case 1:
while (!Done) {
if (StrBuf_ServGetln(Buf) < 0)
break;
if ( (StrLength(Buf)==3) &&
!strcmp(ChrPtr(Buf), "000")) {
Done = 1;
}
StrBufAppendBuf(WCC->WBuf, Buf, 0);
StrBufAppendBufPlain(WCC->WBuf, HKEY("\n"), 0);
}
break;
case 4:
text_to_server(bstr("g_input"));
serv_puts("000");
break;
case 6:
len = atol(&ChrPtr(Buf)[4]);
StrBuf_ServGetBLOBBuffered(Buf, len);
break;
case 7:
len = atol(&ChrPtr(Buf)[4]);
junk = malloc(len);
memset(junk, 0, len);
serv_write(junk, len);
free(junk);
}
end_ajax_response();
/*
* This is kind of an ugly hack, but this is the only place it can go.
* If the command was GEXP, then the instant messenger window must be
* running, so reset the "last_pager_check" watchdog timer so
* that page_popup() doesn't try to open it a second time. TODO: page_popup isn't with us anymore.
*/
if (!strncasecmp(bstr("g_cmd"), "GEXP", 4)) {
WCC->last_pager_check = time(NULL);
}
FreeStrBuf(&Buf);
}
/*
* Background ajax call to receive updates from the browser when a note is moved, resized, or updated.
*/
void ajax_update_note(void) {
char buf[1024];
int msgnum;
struct vnote *v = NULL;
if (!havebstr("note_uid")) {
begin_ajax_response();
wc_printf("Received ajax_update_note() request without a note UID.");
end_ajax_response();
return;
}
serv_printf("EUID %s", bstr("note_uid"));
serv_getln(buf, sizeof buf);
if (buf[0] != '2') {
begin_ajax_response();
wc_printf("Cannot find message containing vNote with the requested uid!");
end_ajax_response();
return;
}
msgnum = atol(&buf[4]);
/* Was this request a delete operation? If so, nuke it... */
if (havebstr("deletenote")) {
if (!strcasecmp(bstr("deletenote"), "yes")) {
serv_printf("DELE %d", msgnum);
serv_getln(buf, sizeof buf);
begin_ajax_response();
wc_printf("%s", buf);
end_ajax_response();
return;
}
}
/* If we get to this point it's an update, not a delete */
v = vnote_new_from_msg(msgnum, 0);
if (!v) {
begin_ajax_response();
wc_printf("Cannot locate a vNote within message %d\n", msgnum);
end_ajax_response();
return;
}
/* Make any requested changes */
if (havebstr("top")) {
v->pos_top = atoi(bstr("top"));
}
if (havebstr("left")) {
v->pos_left = atoi(bstr("left"));
}
if (havebstr("height")) {
v->pos_height = atoi(bstr("height"));
}
if (havebstr("width")) {
v->pos_width = atoi(bstr("width"));
}
if (havebstr("red")) {
v->color_red = atoi(bstr("red"));
}
if (havebstr("green")) {
v->color_green = atoi(bstr("green"));
}
if (havebstr("blue")) {
v->color_blue = atoi(bstr("blue"));
}
if (havebstr("value")) { /* I would have preferred 'body' but InPlaceEditor hardcodes 'value' */
if (v->body) free(v->body);
v->body = strdup(bstr("value"));
}
/* Serialize it and save it to the message base. Server will delete the old one. */
write_vnote_to_server(v);
begin_ajax_response();
if (v->body) {
escputs(v->body);
}
end_ajax_response();
vnote_free(v);
}
