void httpd_send403(HTTPD_STRUCT *server, HTTPD_SESSION_STRUCT *session) { HTTPD_DEBUG(3, "http_send403\n"); session->response.file = fopen(server->params->page403, "r"); session->response.len = 0; if (session->response.file) { httpd_sendfile(server, session); } else { httpd_sendhdr(session, 0, 0); httpd_sendstr(session->sock, "<HTML><HEAD><TITLE>403 Forbidden</TITLE></HEAD>\n"); httpd_sendstr(session->sock, "<BODY><H1>Forbidden!</H1>\n"); httpd_sendstr(session->sock, "</BODY></HTML>\n"); } }
void httpd_send404(HTTPD_STRUCT *server, HTTPD_SESSION_STRUCT *session) { HTTPD_DEBUG(3, "http_send404\n"); session->response.file = fopen(server->params->page404, "r"); session->response.len = 0; if (session->response.file) { httpd_sendfile(server, session); } else { httpd_sendhdr(session, 0, 0); httpd_sendstr(session->sock, "<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD>\n"); httpd_sendstr(session->sock, "<BODY><H1>The request URL was not found!</H1>\n"); httpd_sendstr(session->sock, "</BODY></HTML>\n"); } }
long httpd_client_thread(SOCKET sock) { static timeval tv = {30,30}; long rcv = 0; long post = 0; long post_len = 0; long post_got = 0; long ip = 0; long ok = 0; long fs = 0; char* request = NULL; char* str_tmp = NULL; char* str_tmp2 = NULL; char* cgi_params = NULL; char* query_str = NULL; char* req_page; char buffer[1028]; sHTTPDEnv httpd_env; cutSockf sf; cutMemf mf; cutMemf hdr; cutMemf req; sFDS fd; mb_event mbe = {MBT_WEBPAGE, 0}; httpd_sname(sock,NULL,(DWORD*)&ip); if(!mf.create(4*1024) || !(req.create(1024))) { //malloc error goto Error500; } //////////////////////////////////////// sf.open(sock); //////////////////////////////////////// *fd.fd_array = sock; fd.fd_count = 1; //////////////////////////////////////// httpd_env.sf = &sf; httpd_env.mf = &mf; httpd_env.req = &req; //////////////////////////////////////// while(select(0,(fd_set*)&fd,0,0,&tv) >= 1 && mf.tellpos() < svr_maxrequest) { if(!(rcv = httpd_rrecv(sock,buffer,1024,3000))) { //recv error httpd_logaccess((const char*)mf.getdata(),500,sf.size(),ip); goto End; } if(!mf.write(buffer,rcv)) { goto Error500; } mf.putc(0); if(post == FALSE) { if((rcv = mf.size()) > 4 && (request = (char*)strstr((const char*)mf.getdata(),"\r\n\r\n"))) { httpd_env.var_offset = req.written(); if(httpd_parse_headers(&mf, &httpd_env) != 1) { goto Error; } req.setpos(0); if(httpd_env.method == 1) { post = TRUE; str_tmp = httpd_hdr_get((const char*)req.getdata(),"CONTENT_LENGTH"); post_len = (str_tmp)?(strtoul(str_tmp,NULL,10)):(0); post_got = rcv - (request - ((const char*)mf.getdata()) + 4); if(!post_len || post_got >= post_len) { ok = TRUE; break; } } else { ok = TRUE; break; } } } else { post_got += rcv; if(post_got >= post_len) { ok = TRUE; break; } } } //////////////////////////////////////// if(!ok || mf.size() < 10 || !(request = (char*)mf.getdata())) { goto Error; } //////////////////////////////////////// if(request[4 + post] != '/')goto Error; { str_tmp = strchr(request + 5,' '); if(!str_tmp)goto Error; *str_tmp = '\0'; query_str = strchr(request + 5,'?'); *str_tmp = ' '; } if(post == TRUE) { cgi_params = strstr(request,"\r\n\r\n"); if(!cgi_params)goto Error; httpd_env.post_data = cgi_params + 4; httpd_env.post_length = post_len; if(post_got > post_len) { *(httpd_env.post_data + post_len) = '\0'; } cgi_params = NULL; } if(httpd_env.error_code != 200) { httpd_writeformatted(&sf,"HTTP/1.0 %u ERROR\r\nConnection: close\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<h4>%u ERROR</h4>",httpd_env.error_code,httpd_env.error_code); goto End; } //////////////////////////////////////// if(query_str) { *query_str = '\0'; req_page = request + 4 + post; //*cgi_params = '?'; } else { str_tmp = strchr(request + 4 + post,' '); if(!str_tmp)goto Error; *str_tmp = '\0'; req_page = request + 4 + post; //*str_tmp = ' '; } /////////////////////////// if(svr_auth_required && !httpd_authorize( httpd_hdr_get((const char*)req.getdata(),"HTTP_AUTHORIZATION") )) { goto Error401; } /////////////////////////// strlwr(req_page); httpd_unify(req_page); rcv = strlen(req_page); str_tmp = httpd_hdr_get((const char*)req.getdata(),"HTTP_AUTHORIZATION"); str_tmp2 = inet_ntoa(*(in_addr*)&ip); strncpy(buffer,req_page,sizeof(buffer)-1); ok = httpd_unify(buffer); if(ok && buffer[ok-1]!='/') { buffer[ok]='/'; buffer[ok+1]='\0'; } if((ok = httpd_authorize_host(buffer,str_tmp2?str_tmp2:"0.0.0.0",str_tmp?str_tmp:"")) < 1) { if(ok < 0) { goto Error403; } else { goto Error401; } } /////////////////////////// if(!(*req_page)) { _snprintf(buffer,MAX_PATH,"%s/index.php",svr_wwwroot); req_page = "/index.php"; } else if(req_page[rcv-1]=='/') { _snprintf(buffer,MAX_PATH,"%s%sindex.php",svr_wwwroot,req_page); req_page = buffer + strlen(svr_wwwroot); } else { _snprintf(buffer,MAX_PATH,"%s%s",svr_wwwroot,req_page); } httpd_unify(buffer); ok = help_fileexists(buffer,&fs); if(!ok) { ok = help_direxists(buffer); if(!ok) { goto Error404; } else { httpd_writeformatted(&sf,"HTTP/1.0 301 Moved Permanently\r\nConnection: close\r\nLocation: %s/\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<h4>301 Document moved permanently!</h4>",req_page); goto End; } } else { //do the authorization for vhosts str_tmp = httpd_getextension(buffer); if(str_tmp && true == ut_str_match(".php*", str_tmp)) { if(query_str) { *query_str = '?'; if((str_tmp2 = strchr(query_str+1,' ')) || (str_tmp2 = strchr(query_str,'\r'))) { *str_tmp2 = '\0'; } } mbe.t1 = MBE_HTTPDENV; mbe.p1 = (void*)&httpd_env; if(!httpd_init_hdr(&hdr)) { goto Error500; } httpd_sname(sock,&req,NULL); req.write("SERVER_SOFTWARE\0MBot (c) Piotr Pawluczuk (www.piopawlu.net)",60); //SCRIPT_NAME req.write("SCRIPT_NAME",12); req.write(req_page,strlen(req_page)+1); //PHP_SELF req_page = strrchr(req_page,'/'); if(!req_page) { goto Error404; } req_page++; req.write("PHP_SELF",9); req.write(req_page,strlen(req_page)+1); //END OF VARIABLES req.putc(0); if(!LPHP_ExecutePage(buffer,(query_str)?(query_str+1):NULL, (const char**)&sf,(void*)&mbe,(LPHP_ENVCB)httpd_php_cb,1)) { goto Error500; } if(httpd_env.out_started == 0) { httpd_send_headers(&httpd_env); } httpd_logaccess((const char*)mf.getdata(),200,sf.size(),ip); goto End; } else { if(httpd_sendfile(buffer,&httpd_env,buffer)) { httpd_logaccess((const char*)mf.getdata(),200,sf.size(),ip); } else { httpd_logaccess((const char*)mf.getdata(),404,sf.size(),ip); } goto End; } } /////////////////////////// Error: /////////////////////////// httpd_logaccess((const char*)mf.getdata(),400,sf.size(),ip); httpd_writestring(&sf,"HTTP/1.0 400 Bad Request\r\nConnection: close\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<h4>400 Bad Request</h4>"); goto End; /////////////////////////// Error500: /////////////////////////// httpd_logaccess((const char*)mf.getdata(),500,sf.size(),ip); if(httpd_env.out_started == 0) { httpd_writestring(&sf,"HTTP/1.0 500 Internal Server Error\r\nConnection: close\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<h4>500 Internal Server Error</h4>"); } goto End; /////////////////////////// Error401: /////////////////////////// httpd_logaccess((const char*)mf.getdata(),401,sf.size(),ip); httpd_writestring(&sf,"HTTP/1.0 401 Authorization Required\r\nWWW-Authenticate: Basic realm=\"MSP Server HTTPD\"\r\nstatus: 401 Unauthorized\r\nConnection: close\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<h4>401 Authorization Required</h4>"); goto End; /////////////////////////// Error403: /////////////////////////// httpd_logaccess((const char*)mf.getdata(),401,sf.size(),ip); httpd_writestring(&sf,"HTTP/1.0 403 Access DENIED\r\nWWW-Authenticate: Basic realm=\"MSP Server HTTPD\"\r\nstatus: 403 Access DENIED\r\nConnection: close\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<h4>403 Access DENIED</h4>"); goto End; /////////////////////////// Error404: /////////////////////////// httpd_logaccess((const char*)mf.getdata(),404,sf.size(),ip); httpd_writestring(&sf,"HTTP/1.0 404 Not Found\r\nConnection: close\r\nPragma: no-cache\r\nContent-Type: text/html\r\n\r\n<h4>404 Not Found</h4>"); /////////////////////////// End: /////////////////////////// sf.close(); mf.close(); svr_cur_clients --; return 0; }