void CWebSock::SetVars() {
m_Template["SessionUser"] = GetUser();
m_Template["SessionIP"] = GetRemoteIP();
m_Template["Tag"] = CZNC::GetTag(GetSession()->GetUser() != NULL);
m_Template["SkinName"] = GetSkinName();
m_Template["_CSRF_Check"] = GetCSRFCheck();
if (GetSession()->IsAdmin()) {
m_Template["IsAdmin"] = "true";
}
GetSession()->FillMessageLoops(m_Template);
GetSession()->ClearMessageLoops();
// Global Mods
CGlobalModules& vgMods = CZNC::Get().GetModules();
for (unsigned int a = 0; a < vgMods.size(); a++) {
AddModLoop("GlobalModLoop", *vgMods[a]);
}
// User Mods
if (IsLoggedIn()) {
CModules& vMods = GetSession()->GetUser()->GetModules();
for (unsigned int a = 0; a < vMods.size(); a++) {
AddModLoop("UserModLoop", *vMods[a]);
}
}
if (IsLoggedIn()) {
m_Template["LoggedIn"] = "true";
}
}
VCString CWebSock::GetDirs(CModule* pModule, bool bIsTemplate) {
CString sHomeSkinsDir(CZNC::Get().GetZNCPath() + "/webskins/");
CString sSkinName(GetSkinName());
VCString vsResult;
// Module specific paths
if (pModule) {
const CString& sModName(pModule->GetModName());
// 1. ~/.znc/webskins/<user_skin_setting>/mods/<mod_name>/
//
if (!sSkinName.empty()) {
vsResult.push_back(GetSkinPath(sSkinName) + "/mods/" + sModName + "/");
}
// 2. ~/.znc/webskins/_default_/mods/<mod_name>/
//
vsResult.push_back(GetSkinPath("_default_") + "/mods/" + sModName + "/");
// 3. ./modules/<mod_name>/tmpl/
//
vsResult.push_back(pModule->GetModDataDir() + "/tmpl/");
// 4. ~/.znc/webskins/<user_skin_setting>/mods/<mod_name>/
//
if (!sSkinName.empty()) {
vsResult.push_back(GetSkinPath(sSkinName) + "/mods/" + sModName + "/");
}
// 5. ~/.znc/webskins/_default_/mods/<mod_name>/
//
vsResult.push_back(GetSkinPath("_default_") + "/mods/" + sModName + "/");
}
// 6. ~/.znc/webskins/<user_skin_setting>/
//
if (!sSkinName.empty()) {
vsResult.push_back(GetSkinPath(sSkinName) + CString(bIsTemplate ? "/tmpl/" : "/"));
}
// 7. ~/.znc/webskins/_default_/
//
vsResult.push_back(GetSkinPath("_default_") + CString(bIsTemplate ? "/tmpl/" : "/"));
return vsResult;
}
CConfig CUser::ToConfig() {
CConfig config;
CConfig passConfig;
CString sHash;
switch (m_eHashType) {
case HASH_NONE:
sHash = "Plain";
break;
case HASH_MD5:
sHash = "MD5";
break;
case HASH_SHA256:
sHash = "SHA256";
break;
}
passConfig.AddKeyValuePair("Salt", m_sPassSalt);
passConfig.AddKeyValuePair("Method", sHash);
passConfig.AddKeyValuePair("Hash", GetPass());
config.AddSubConfig("Pass", "password", passConfig);
config.AddKeyValuePair("Nick", GetNick());
config.AddKeyValuePair("AltNick", GetAltNick());
config.AddKeyValuePair("Ident", GetIdent());
config.AddKeyValuePair("RealName", GetRealName());
config.AddKeyValuePair("BindHost", GetBindHost());
config.AddKeyValuePair("DCCBindHost", GetDCCBindHost());
config.AddKeyValuePair("QuitMsg", GetQuitMsg());
if (CZNC::Get().GetStatusPrefix() != GetStatusPrefix())
config.AddKeyValuePair("StatusPrefix", GetStatusPrefix());
config.AddKeyValuePair("Skin", GetSkinName());
config.AddKeyValuePair("Language", GetLanguage());
config.AddKeyValuePair("ChanModes", GetDefaultChanModes());
config.AddKeyValuePair("Buffer", CString(GetBufferCount()));
config.AddKeyValuePair("KeepBuffer", CString(KeepBuffer()));
config.AddKeyValuePair("MultiClients", CString(MultiClients()));
config.AddKeyValuePair("DenyLoadMod", CString(DenyLoadMod()));
config.AddKeyValuePair("Admin", CString(IsAdmin()));
config.AddKeyValuePair("DenySetBindHost", CString(DenySetBindHost()));
config.AddKeyValuePair("TimestampFormat", GetTimestampFormat());
config.AddKeyValuePair("AppendTimestamp", CString(GetTimestampAppend()));
config.AddKeyValuePair("PrependTimestamp", CString(GetTimestampPrepend()));
config.AddKeyValuePair("TimezoneOffset", CString(m_fTimezoneOffset));
config.AddKeyValuePair("JoinTries", CString(m_uMaxJoinTries));
config.AddKeyValuePair("MaxJoins", CString(m_uMaxJoins));
config.AddKeyValuePair("IRCConnectEnabled", CString(GetIRCConnectEnabled()));
// Allow Hosts
if (!m_ssAllowedHosts.empty()) {
for (set<CString>::iterator it = m_ssAllowedHosts.begin(); it != m_ssAllowedHosts.end(); ++it) {
config.AddKeyValuePair("Allow", *it);
}
}
// CTCP Replies
if (!m_mssCTCPReplies.empty()) {
for (MCString::const_iterator itb = m_mssCTCPReplies.begin(); itb != m_mssCTCPReplies.end(); ++itb) {
config.AddKeyValuePair("CTCPReply", itb->first.AsUpper() + " " + itb->second);
}
}
// Modules
CModules& Mods = GetModules();
if (!Mods.empty()) {
for (unsigned int a = 0; a < Mods.size(); a++) {
CString sArgs = Mods[a]->GetArgs();
if (!sArgs.empty()) {
sArgs = " " + sArgs;
}
config.AddKeyValuePair("LoadModule", Mods[a]->GetModName() + sArgs);
}
}
// Networks
for (unsigned int d = 0; d < m_vIRCNetworks.size(); d++) {
CIRCNetwork *pNetwork = m_vIRCNetworks[d];
config.AddSubConfig("Network", pNetwork->GetName(), pNetwork->ToConfig());
}
return config;
}
CWebSock::EPageReqResult CWebSock::OnPageRequestInternal(const CString& sURI, CString& sPageRet) {
if (CZNC::Get().GetProtectWebSessions() && GetSession()->GetIP() != GetRemoteIP()) {
DEBUG("Expected IP: " << GetSession()->GetIP());
DEBUG("Remote IP: " << GetRemoteIP());
PrintErrorPage(403, "Access denied", "This session does not belong to your IP.");
return PAGE_DONE;
}
// Check that they really POSTed from one our forms by checking if they
// know the "secret" CSRF check value. Don't do this for login since
// CSRF against the login form makes no sense and the login form does a
// cookies-enabled check which would break otherwise.
if (IsPost() && GetParam("_CSRF_Check") != GetCSRFCheck() && sURI != "/login") {
DEBUG("Expected _CSRF_Check: " << GetCSRFCheck());
DEBUG("Actual _CSRF_Check: " << GetParam("_CSRF_Check"));
PrintErrorPage(403, "Access denied", "POST requests need to send "
"a secret token to prevent cross-site request forgery attacks.");
return PAGE_DONE;
}
SendCookie("SessionId", GetSession()->GetId());
if (GetSession()->IsLoggedIn()) {
m_sUser = GetSession()->GetUser()->GetUserName();
m_bLoggedIn = true;
}
// Handle the static pages that don't require a login
if (sURI == "/") {
if(!m_bLoggedIn && GetParam("cookie_check", false).ToBool() && GetRequestCookie("SessionId").empty()) {
GetSession()->AddError("Your browser does not have cookies enabled for this site!");
}
return PrintTemplate("index", sPageRet);
} else if (sURI == "/favicon.ico") {
return PrintStaticFile("/pub/favicon.ico", sPageRet);
} else if (sURI == "/robots.txt") {
return PrintStaticFile("/pub/robots.txt", sPageRet);
} else if (sURI == "/logout") {
GetSession()->SetUser(NULL);
SetLoggedIn(false);
Redirect("/");
// We already sent a reply
return PAGE_DONE;
} else if (sURI == "/login") {
if (GetParam("submitted").ToBool()) {
m_sUser = GetParam("user");
m_sPass = GetParam("pass");
m_bLoggedIn = OnLogin(m_sUser, m_sPass);
// AcceptedLogin()/RefusedLogin() will call Redirect()
return PAGE_DEFERRED;
}
Redirect("/"); // the login form is here
return PAGE_DONE;
} else if (sURI.Left(5) == "/pub/") {
return PrintStaticFile(sURI, sPageRet);
} else if (sURI.Left(11) == "/skinfiles/") {
CString sSkinName = sURI.substr(11);
CString::size_type uPathStart = sSkinName.find("/");
if (uPathStart != CString::npos) {
CString sFilePath = sSkinName.substr(uPathStart + 1);
sSkinName.erase(uPathStart);
m_Template.ClearPaths();
m_Template.AppendPath(GetSkinPath(sSkinName) + "pub");
if (PrintFile(m_Template.ExpandFile(sFilePath))) {
return PAGE_DONE;
} else {
return PAGE_NOTFOUND;
}
}
return PAGE_NOTFOUND;
} else if (sURI.Left(6) == "/mods/" || sURI.Left(10) == "/modfiles/") {
ParsePath();
// Make sure modules are treated as directories
if (sURI.Right(1) != "/" && sURI.find(".") == CString::npos && sURI.TrimLeft_n("/mods/").TrimLeft_n("/").find("/") == CString::npos) {
Redirect(sURI + "/");
return PAGE_DONE;
}
CModule *pModule = CZNC::Get().GetModules().FindModule(m_sModName);
if (!pModule) {
// Check if GetSession()->GetUser() is NULL and display
// an error in that case
if (!ForceLogin())
return PAGE_DONE;
pModule = GetSession()->GetUser()->GetModules().FindModule(m_sModName);
}
if (!pModule) {
return PAGE_NOTFOUND;
} else if (pModule->WebRequiresLogin() && !ForceLogin()) {
return PAGE_PRINT;
} else if (pModule->WebRequiresAdmin() && !GetSession()->IsAdmin()) {
PrintErrorPage(403, "Forbidden", "You need to be an admin to access this module");
return PAGE_DONE;
} else if (!pModule->IsGlobal() && pModule->GetUser() != GetSession()->GetUser()) {
PrintErrorPage(403, "Forbidden", "You must login as " + pModule->GetUser()->GetUserName() + " in order to view this page");
return PAGE_DONE;
} else if (pModule->OnWebPreRequest(*this, m_sPage)) {
return PAGE_DEFERRED;
}
VWebSubPages& vSubPages = pModule->GetSubPages();
for (unsigned int a = 0; a < vSubPages.size(); a++) {
TWebSubPage& SubPage = vSubPages[a];
bool bActive = (m_sModName == pModule->GetModName() && m_sPage == SubPage->GetName());
if (bActive && SubPage->RequiresAdmin() && !GetSession()->IsAdmin()) {
PrintErrorPage(403, "Forbidden", "You need to be an admin to access this page");
return PAGE_DONE;
}
}
if (pModule && !pModule->IsGlobal() && (!IsLoggedIn() || pModule->GetUser() != GetSession()->GetUser())) {
AddModLoop("UserModLoop", *pModule);
}
if (sURI.Left(10) == "/modfiles/") {
m_Template.AppendPath(GetSkinPath(GetSkinName()) + "/mods/" + m_sModName + "/files/");
m_Template.AppendPath(pModule->GetModDataDir() + "/files/");
if (PrintFile(m_Template.ExpandFile(m_sPage.TrimLeft_n("/")))) {
return PAGE_PRINT;
} else {
return PAGE_NOTFOUND;
}
} else {
SetPaths(pModule, true);
/* if a module returns false from OnWebRequest, it does not
want the template to be printed, usually because it did a redirect. */
if (pModule->OnWebRequest(*this, m_sPage, m_Template)) {
// If they already sent a reply, let's assume
// they did what they wanted to do.
if (SentHeader()) {
return PAGE_DONE;
}
return PrintTemplate(m_sPage, sPageRet, pModule);
}
if (!SentHeader()) {
PrintErrorPage(404, "Not Implemented", "The requested module does not acknowledge web requests");
}
return PAGE_DONE;
}
} else {
CString sPage(sURI.Trim_n("/"));
if (sPage.length() < 32) {
for (unsigned int a = 0; a < sPage.length(); a++) {
unsigned char c = sPage[a];
if ((c < '0' || c > '9') && (c < 'a' || c > 'z') && (c < 'A' || c > 'Z') && c != '_') {
return PAGE_NOTFOUND;
}
}
return PrintTemplate(sPage, sPageRet);
}
}
return PAGE_NOTFOUND;
}
bool CUser::WriteConfig(CFile& File) {
File.Write("<User " + GetUserName().FirstLine() + ">\n");
if (m_eHashType != HASH_NONE) {
CString sHash = "md5";
if (m_eHashType == HASH_SHA256)
sHash = "sha256";
if (m_sPassSalt.empty()) {
PrintLine(File, "Pass", sHash + "#" + GetPass());
} else {
PrintLine(File, "Pass", sHash + "#" + GetPass() + "#" + m_sPassSalt + "#");
}
} else {
PrintLine(File, "Pass", "plain#" + GetPass());
}
PrintLine(File, "Nick", GetNick());
PrintLine(File, "AltNick", GetAltNick());
PrintLine(File, "Ident", GetIdent());
PrintLine(File, "RealName", GetRealName());
PrintLine(File, "BindHost", GetBindHost());
PrintLine(File, "DCCBindHost", GetDCCBindHost());
PrintLine(File, "QuitMsg", GetQuitMsg());
if (CZNC::Get().GetStatusPrefix() != GetStatusPrefix())
PrintLine(File, "StatusPrefix", GetStatusPrefix());
PrintLine(File, "Skin", GetSkinName());
PrintLine(File, "ChanModes", GetDefaultChanModes());
PrintLine(File, "Buffer", CString(GetBufferCount()));
PrintLine(File, "KeepBuffer", CString(KeepBuffer()));
PrintLine(File, "MultiClients", CString(MultiClients()));
PrintLine(File, "BounceDCCs", CString(BounceDCCs()));
PrintLine(File, "DenyLoadMod", CString(DenyLoadMod()));
PrintLine(File, "Admin", CString(IsAdmin()));
PrintLine(File, "DenySetBindHost", CString(DenySetBindHost()));
PrintLine(File, "DCCLookupMethod", CString((UseClientIP()) ? "client" : "default"));
PrintLine(File, "TimestampFormat", GetTimestampFormat());
PrintLine(File, "AppendTimestamp", CString(GetTimestampAppend()));
PrintLine(File, "PrependTimestamp", CString(GetTimestampPrepend()));
PrintLine(File, "TimezoneOffset", CString(m_fTimezoneOffset));
PrintLine(File, "JoinTries", CString(m_uMaxJoinTries));
PrintLine(File, "MaxJoins", CString(m_uMaxJoins));
PrintLine(File, "IRCConnectEnabled", CString(GetIRCConnectEnabled()));
File.Write("\n");
// Allow Hosts
if (!m_ssAllowedHosts.empty()) {
for (set<CString>::iterator it = m_ssAllowedHosts.begin(); it != m_ssAllowedHosts.end(); ++it) {
PrintLine(File, "Allow", *it);
}
File.Write("\n");
}
// CTCP Replies
if (!m_mssCTCPReplies.empty()) {
for (MCString::const_iterator itb = m_mssCTCPReplies.begin(); itb != m_mssCTCPReplies.end(); ++itb) {
PrintLine(File, "CTCPReply", itb->first.AsUpper() + " " + itb->second);
}
File.Write("\n");
}
// Modules
CModules& Mods = GetModules();
if (!Mods.empty()) {
for (unsigned int a = 0; a < Mods.size(); a++) {
CString sArgs = Mods[a]->GetArgs();
if (!sArgs.empty()) {
sArgs = " " + sArgs;
}
PrintLine(File, "LoadModule", Mods[a]->GetModName() + sArgs);
}
File.Write("\n");
}
// Servers
for (unsigned int b = 0; b < m_vServers.size(); b++) {
PrintLine(File, "Server", m_vServers[b]->GetString());
}
// Chans
for (unsigned int c = 0; c < m_vChans.size(); c++) {
CChan* pChan = m_vChans[c];
if (pChan->InConfig()) {
File.Write("\n");
if (!pChan->WriteConfig(File)) {
return false;
}
}
}
File.Write("</User>\n");
return true;
}