virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) { if (sPageName == "index") { for (MCString::iterator it = BeginNV(); it != EndNV(); ++it) { CTemplate& Row = Tmpl.AddRow("NotesLoop"); Row["Key"] = it->first; Row["Note"] = it->second; } return true; } else if (sPageName == "delnote") { DelNote(WebSock.GetParam("key", false)); WebSock.Redirect("/mods/notes/"); return true; } else if (sPageName == "addnote") { AddNote(WebSock.GetParam("key"), WebSock.GetParam("note")); WebSock.Redirect("/mods/notes/"); return true; } return false; }
void CWebAuth::AcceptedLogin(CUser& User) { if (m_pWebSock) { CSmartPtr<CWebSession> spSession = m_pWebSock->GetSession(); spSession->SetUser(&User); m_pWebSock->SetLoggedIn(true); m_pWebSock->UnPauseRead(); m_pWebSock->Redirect("/?cookie_check=true"); DEBUG("Successful login attempt ==> USER [" + User.GetUserName() + "] ==> SESSION [" + spSession->GetId() + "]"); } }
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) { if (sPageName == "index") { Tmpl["Cert"] = CString(HasPemFile()); return true; } else if (sPageName == "update") { CFile fPemFile(PemFile()); if (fPemFile.Open(O_WRONLY | O_TRUNC | O_CREAT)) { fPemFile.Write(WebSock.GetParam("cert", true, "")); fPemFile.Close(); } WebSock.Redirect("/mods/cert/"); return true; } else if (sPageName == "delete") { CFile::Delete(PemFile()); WebSock.Redirect("/mods/cert/"); return true; } return false; }
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) { CSmartPtr<CWebSession> spSession = WebSock.GetSession(); if (!m_sSalt.empty()) { Tmpl["Verify"] = "yes"; Tmpl["Code"] = WebSock.GetParam("code", false); Tmpl["Username"] = WebSock.GetParam("user", false); } if (!WebSock.GetParam("submitted").ToUInt()) { return true; } CString sUsername = WebSock.GetParam("user"); if (CZNC::Get().FindUser(sUsername)) { WebSock.PrintErrorPage("Invalid Submission [User " + sUsername + " already exists]"); return true; } CUser* pNewUser = GetNewUser(WebSock); if (!pNewUser) { return true; } CString sErr; CString sAction; // Add User Submission if (!CZNC::Get().AddUser(pNewUser, sErr)) { delete pNewUser; WebSock.PrintErrorPage("Invalid submission [" + sErr + "]"); return true; } sAction = "added"; CTemplate TmplMod; TmplMod["Username"] = sUsername; TmplMod["WebadminAction"] = "change"; if (!CZNC::Get().WriteConfig()) { WebSock.PrintErrorPage("User " + sAction + ", but config was not written"); return true; } spSession->SetUser(pNewUser); WebSock.SetLoggedIn(true); WebSock.UnPauseRead(); WebSock.Redirect("/?cookie_check=true"); return false; }
void CWebAuth::RefusedLogin(const CString& sReason) { if (m_pWebSock) { CSmartPtr<CWebSession> spSession = m_pWebSock->GetSession(); spSession->AddError("Invalid login!"); spSession->SetUser(NULL); m_pWebSock->SetLoggedIn(false); m_pWebSock->UnPauseRead(); m_pWebSock->Redirect("/?cookie_check=true"); DEBUG("UNSUCCESSFUL login attempt ==> REASON [" + sReason + "] ==> SESSION [" + spSession->GetId() + "]"); } }
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) { CUser *pUser = WebSock.GetSession()->GetUser(); if (sPageName == "index") { MSCString::iterator it = m_PubKeys.find(pUser->GetUserName()); if (it != m_PubKeys.end()) { SCString::iterator it2; for (it2 = it->second.begin(); it2 != it->second.end(); ++it2) { CTemplate& row = Tmpl.AddRow("KeyLoop"); row["Key"] = *it2; } } return true; } else if (sPageName == "add") { AddKey(pUser, WebSock.GetParam("key")); WebSock.Redirect(GetWebPath()); return true; } else if (sPageName == "delete") { MSCString::iterator it = m_PubKeys.find(pUser->GetUserName()); if (it != m_PubKeys.end()) { if (it->second.erase(WebSock.GetParam("key", false))) { if (it->second.size() == 0) { m_PubKeys.erase(it); } Save(); } } WebSock.Redirect(GetWebPath()); return true; } return false; }
void CWebAuth::RefusedLogin(const CString& sReason) { if (m_pWebSock) { std::shared_ptr<CWebSession> spSession = m_pWebSock->GetSession(); spSession->AddError("Invalid login!"); spSession->SetUser(nullptr); m_pWebSock->SetLoggedIn(false); m_pWebSock->UnPauseRead(); if (m_bBasic) { m_pWebSock->AddHeader("WWW-Authenticate", "Basic realm=\"ZNC\""); m_pWebSock->CHTTPSock::PrintErrorPage(401, "Unauthorized", "HTTP Basic authentication attemped with invalid credentials"); // Why CWebSock makes this function protected?.. } else { m_pWebSock->Redirect("/?cookie_check=true"); } DEBUG("UNSUCCESSFUL login attempt ==> REASON [" + sReason + "] ==> SESSION [" + spSession->GetId() + "]"); } }
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) { CSmartPtr<CWebSession> spSession = WebSock.GetSession(); if (sPageName == "settings") { // Admin Check if (!spSession->IsAdmin()) { return false; } return SettingsPage(WebSock, Tmpl); } else if (sPageName == "adduser") { // Admin Check if (!spSession->IsAdmin()) { return false; } return UserPage(WebSock, Tmpl); } else if (sPageName == "editchan") { CUser* pUser = SafeGetUserFromParam(WebSock); // Admin||Self Check if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) { return false; } if (!pUser) { WebSock.PrintErrorPage("No such username"); return true; } CString sChan = WebSock.GetParam("name"); if(sChan.empty() && !WebSock.IsPost()) { sChan = WebSock.GetParam("name", false); } CChan* pChan = pUser->FindChan(sChan); if (!pChan) { WebSock.PrintErrorPage("No such channel"); return true; } return ChanPage(WebSock, Tmpl, pUser, pChan); } else if (sPageName == "addchan") { CUser* pUser = SafeGetUserFromParam(WebSock); // Admin||Self Check if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) { return false; } if (pUser) { return ChanPage(WebSock, Tmpl, pUser); } WebSock.PrintErrorPage("No such username"); return true; } else if (sPageName == "delchan") { CUser* pUser = CZNC::Get().FindUser(WebSock.GetParam("user", false)); // Admin||Self Check if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) { return false; } if (pUser) { return DelChan(WebSock, pUser); } WebSock.PrintErrorPage("No such username"); return true; } else if (sPageName == "deluser") { if (!spSession->IsAdmin()) { return false; } if (!WebSock.IsPost()) { // Show the "Are you sure?" page: CString sUser = WebSock.GetParam("user", false); CUser* pUser = CZNC::Get().FindUser(sUser); if (!pUser) { WebSock.PrintErrorPage("No such username"); return true; } Tmpl.SetFile("del_user.tmpl"); Tmpl["Username"] = sUser; return true; } // The "Are you sure?" page has been submitted with "Yes", // so we actually delete the user now: CString sUser = WebSock.GetParam("user"); CUser* pUser = CZNC::Get().FindUser(sUser); if (pUser && pUser == spSession->GetUser()) { WebSock.PrintErrorPage("Please don't delete yourself, suicide is not the answer!"); return true; } else if (CZNC::Get().DeleteUser(sUser)) { WebSock.Redirect("listusers"); return true; } WebSock.PrintErrorPage("No such username"); return true; } else if (sPageName == "edituser") { CString sUserName = SafeGetUserNameParam(WebSock); CUser* pUser = CZNC::Get().FindUser(sUserName); if(!pUser) { if(sUserName.empty()) { pUser = spSession->GetUser(); } // else: the "no such user" message will be printed. } // Admin||Self Check if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) { return false; } if (pUser) { return UserPage(WebSock, Tmpl, pUser); } WebSock.PrintErrorPage("No such username"); return true; } else if (sPageName == "listusers" && spSession->IsAdmin()) { return ListUsersPage(WebSock, Tmpl); } else if (sPageName == "traffic" && spSession->IsAdmin()) { return TrafficPage(WebSock, Tmpl); } else if (sPageName.empty() || sPageName == "index") { return true; } return false; }