void httpd_send403(HTTPD_STRUCT *server, HTTPD_SESSION_STRUCT *session) {
HTTPD_DEBUG(3, "http_send403\n");
session->response.file = fopen(server->params->page403, "r");
session->response.len = 0;
if (session->response.file) {
httpd_sendfile(server, session);
}
else {
httpd_sendhdr(session, 0, 0);
httpd_sendstr(session->sock, "<HTML><HEAD><TITLE>403 Forbidden</TITLE></HEAD>\n");
httpd_sendstr(session->sock, "<BODY><H1>Forbidden!</H1>\n");
httpd_sendstr(session->sock, "</BODY></HTML>\n");
}
}
void httpd_send404(HTTPD_STRUCT *server, HTTPD_SESSION_STRUCT *session) {
HTTPD_DEBUG(3, "http_send404\n");
session->response.file = fopen(server->params->page404, "r");
session->response.len = 0;
if (session->response.file) {
httpd_sendfile(server, session);
}
else {
httpd_sendhdr(session, 0, 0);
httpd_sendstr(session->sock, "<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD>\n");
httpd_sendstr(session->sock, "<BODY><H1>The request URL was not found!</H1>\n");
httpd_sendstr(session->sock, "</BODY></HTML>\n");
}
}
long httpd_client_thread(SOCKET sock)
{
static timeval tv = {30,30};
long rcv = 0;
long post = 0;
long post_len = 0;
long post_got = 0;
long ip = 0;
long ok = 0;
long fs = 0;
char* request = NULL;
char* str_tmp = NULL;
char* str_tmp2 = NULL;
char* cgi_params = NULL;
char* query_str = NULL;
char* req_page;
char buffer[1028];
sHTTPDEnv httpd_env;
cutSockf sf;
cutMemf mf;
cutMemf hdr;
cutMemf req;
sFDS fd;
mb_event mbe = {MBT_WEBPAGE, 0};
httpd_sname(sock,NULL,(DWORD*)&ip);
if(!mf.create(4*1024) || !(req.create(1024))) {
//malloc error
goto Error500;
}
////////////////////////////////////////
sf.open(sock);
////////////////////////////////////////
*fd.fd_array = sock;
fd.fd_count = 1;
////////////////////////////////////////
httpd_env.sf = &sf;
httpd_env.mf = &mf;
httpd_env.req = &req;
////////////////////////////////////////
while(select(0,(fd_set*)&fd,0,0,&tv) >= 1 && mf.tellpos() < svr_maxrequest)
{
if(!(rcv = httpd_rrecv(sock,buffer,1024,3000))) {
//recv error
httpd_logaccess((const char*)mf.getdata(),500,sf.size(),ip);
goto End;
}
if(!mf.write(buffer,rcv)) {
goto Error500;
}
mf.putc(0);
if(post == FALSE)
{
if((rcv = mf.size()) > 4 && (request = (char*)strstr((const char*)mf.getdata(),"\r\n\r\n")))
{
httpd_env.var_offset = req.written();
if(httpd_parse_headers(&mf, &httpd_env) != 1) {
goto Error;
}
req.setpos(0);
if(httpd_env.method == 1)
{
post = TRUE;
str_tmp = httpd_hdr_get((const char*)req.getdata(),"CONTENT_LENGTH");
post_len = (str_tmp)?(strtoul(str_tmp,NULL,10)):(0);
post_got = rcv - (request - ((const char*)mf.getdata()) + 4);
if(!post_len || post_got >= post_len) {
ok = TRUE;
break;
}
}
else
{
ok = TRUE;
break;
}
}
}
else
{
post_got += rcv;
if(post_got >= post_len) {
ok = TRUE;
break;
}
}
}
////////////////////////////////////////
if(!ok || mf.size() < 10 || !(request = (char*)mf.getdata())) {
goto Error;
}
////////////////////////////////////////
if(request[4 + post] != '/')goto Error;
{
str_tmp = strchr(request + 5,' ');
if(!str_tmp)goto Error;
*str_tmp = '\0';
query_str = strchr(request + 5,'?');
*str_tmp = ' ';
}
if(post == TRUE)
{
cgi_params = strstr(request,"\r\n\r\n");
if(!cgi_params)goto Error;
httpd_env.post_data = cgi_params + 4;
httpd_env.post_length = post_len;
if(post_got > post_len) {
*(httpd_env.post_data + post_len) = '\0';
}
cgi_params = NULL;
}
if(httpd_env.error_code != 200)
{
httpd_writeformatted(&sf,"HTTP/1.0 %u ERROR\r\nConnection: close\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<h4>%u ERROR</h4>",httpd_env.error_code,httpd_env.error_code);
goto End;
}
////////////////////////////////////////
if(query_str)
{
*query_str = '\0';
req_page = request + 4 + post;
//*cgi_params = '?';
}
else
{
str_tmp = strchr(request + 4 + post,' ');
if(!str_tmp)goto Error;
*str_tmp = '\0';
req_page = request + 4 + post;
//*str_tmp = ' ';
}
///////////////////////////
if(svr_auth_required && !httpd_authorize(
httpd_hdr_get((const char*)req.getdata(),"HTTP_AUTHORIZATION")
))
{
goto Error401;
}
///////////////////////////
strlwr(req_page);
httpd_unify(req_page);
rcv = strlen(req_page);
str_tmp = httpd_hdr_get((const char*)req.getdata(),"HTTP_AUTHORIZATION");
str_tmp2 = inet_ntoa(*(in_addr*)&ip);
strncpy(buffer,req_page,sizeof(buffer)-1);
ok = httpd_unify(buffer);
if(ok && buffer[ok-1]!='/') {
buffer[ok]='/';
buffer[ok+1]='\0';
}
if((ok = httpd_authorize_host(buffer,str_tmp2?str_tmp2:"0.0.0.0",str_tmp?str_tmp:"")) < 1) {
if(ok < 0) {
goto Error403;
} else {
goto Error401;
}
}
///////////////////////////
if(!(*req_page)) {
_snprintf(buffer,MAX_PATH,"%s/index.php",svr_wwwroot);
req_page = "/index.php";
} else if(req_page[rcv-1]=='/') {
_snprintf(buffer,MAX_PATH,"%s%sindex.php",svr_wwwroot,req_page);
req_page = buffer + strlen(svr_wwwroot);
} else {
_snprintf(buffer,MAX_PATH,"%s%s",svr_wwwroot,req_page);
}
httpd_unify(buffer);
ok = help_fileexists(buffer,&fs);
if(!ok) {
ok = help_direxists(buffer);
if(!ok) {
goto Error404;
} else {
httpd_writeformatted(&sf,"HTTP/1.0 301 Moved Permanently\r\nConnection: close\r\nLocation: %s/\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<h4>301 Document moved permanently!</h4>",req_page);
goto End;
}
} else {
//do the authorization for vhosts
str_tmp = httpd_getextension(buffer);
if(str_tmp && true == ut_str_match(".php*", str_tmp))
{
if(query_str) {
*query_str = '?';
if((str_tmp2 = strchr(query_str+1,' ')) || (str_tmp2 = strchr(query_str,'\r'))) {
*str_tmp2 = '\0';
}
}
mbe.t1 = MBE_HTTPDENV;
mbe.p1 = (void*)&httpd_env;
if(!httpd_init_hdr(&hdr)) {
goto Error500;
}
httpd_sname(sock,&req,NULL);
req.write("SERVER_SOFTWARE\0MBot (c) Piotr Pawluczuk (www.piopawlu.net)",60);
//SCRIPT_NAME
req.write("SCRIPT_NAME",12);
req.write(req_page,strlen(req_page)+1);
//PHP_SELF
req_page = strrchr(req_page,'/');
if(!req_page) {
goto Error404;
}
req_page++;
req.write("PHP_SELF",9);
req.write(req_page,strlen(req_page)+1);
//END OF VARIABLES
req.putc(0);
if(!LPHP_ExecutePage(buffer,(query_str)?(query_str+1):NULL,
(const char**)&sf,(void*)&mbe,(LPHP_ENVCB)httpd_php_cb,1)) {
goto Error500;
}
if(httpd_env.out_started == 0) {
httpd_send_headers(&httpd_env);
}
httpd_logaccess((const char*)mf.getdata(),200,sf.size(),ip);
goto End;
}
else
{
if(httpd_sendfile(buffer,&httpd_env,buffer)) {
httpd_logaccess((const char*)mf.getdata(),200,sf.size(),ip);
} else {
httpd_logaccess((const char*)mf.getdata(),404,sf.size(),ip);
}
goto End;
}
}
///////////////////////////
Error:
///////////////////////////
httpd_logaccess((const char*)mf.getdata(),400,sf.size(),ip);
httpd_writestring(&sf,"HTTP/1.0 400 Bad Request\r\nConnection: close\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<h4>400 Bad Request</h4>");
goto End;
///////////////////////////
Error500:
///////////////////////////
httpd_logaccess((const char*)mf.getdata(),500,sf.size(),ip);
if(httpd_env.out_started == 0)
{
httpd_writestring(&sf,"HTTP/1.0 500 Internal Server Error\r\nConnection: close\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<h4>500 Internal Server Error</h4>");
}
goto End;
///////////////////////////
Error401:
///////////////////////////
httpd_logaccess((const char*)mf.getdata(),401,sf.size(),ip);
httpd_writestring(&sf,"HTTP/1.0 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"MSP Server HTTPD\"\r\nstatus: 401 Unauthorized\r\nConnection: close\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<h4>401 Authorization Required</h4>");
goto End;
///////////////////////////
Error403:
///////////////////////////
httpd_logaccess((const char*)mf.getdata(),401,sf.size(),ip);
httpd_writestring(&sf,"HTTP/1.0 403 Access DENIED\r\nWWW-Authenticate: Basic realm=\"MSP Server HTTPD\"\r\nstatus: 403 Access DENIED\r\nConnection: close\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<h4>403 Access DENIED</h4>");
goto End;
///////////////////////////
Error404:
///////////////////////////
httpd_logaccess((const char*)mf.getdata(),404,sf.size(),ip);
httpd_writestring(&sf,"HTTP/1.0 404 Not Found\r\nConnection: close\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<h4>404 Not Found</h4>");
///////////////////////////
End:
///////////////////////////
sf.close();
mf.close();
svr_cur_clients --;
return 0;
}
