CString CWebSock::GetSkinName() {
CSmartPtr<CWebSession> spSession = GetSession();
if (spSession->IsLoggedIn() && !spSession->GetUser()->GetSkinName().empty()) {
return spSession->GetUser()->GetSkinName();
}
return CZNC::Get().GetSkinName();
}
virtual bool OnWebRequest(CWebSock& WebSock, const CString& sPageName, CTemplate& Tmpl) {
CSmartPtr<CWebSession> spSession = WebSock.GetSession();
if (sPageName == "settings") {
// Admin Check
if (!spSession->IsAdmin()) {
return false;
}
return SettingsPage(WebSock, Tmpl);
} else if (sPageName == "adduser") {
// Admin Check
if (!spSession->IsAdmin()) {
return false;
}
return UserPage(WebSock, Tmpl);
} else if (sPageName == "editchan") {
CUser* pUser = SafeGetUserFromParam(WebSock);
// Admin||Self Check
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
return false;
}
if (!pUser) {
WebSock.PrintErrorPage("No such username");
return true;
}
CString sChan = WebSock.GetParam("name");
if(sChan.empty() && !WebSock.IsPost()) {
sChan = WebSock.GetParam("name", false);
}
CChan* pChan = pUser->FindChan(sChan);
if (!pChan) {
WebSock.PrintErrorPage("No such channel");
return true;
}
return ChanPage(WebSock, Tmpl, pUser, pChan);
} else if (sPageName == "addchan") {
CUser* pUser = SafeGetUserFromParam(WebSock);
// Admin||Self Check
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
return false;
}
if (pUser) {
return ChanPage(WebSock, Tmpl, pUser);
}
WebSock.PrintErrorPage("No such username");
return true;
} else if (sPageName == "delchan") {
CUser* pUser = CZNC::Get().FindUser(WebSock.GetParam("user", false));
// Admin||Self Check
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
return false;
}
if (pUser) {
return DelChan(WebSock, pUser);
}
WebSock.PrintErrorPage("No such username");
return true;
} else if (sPageName == "deluser") {
if (!spSession->IsAdmin()) {
return false;
}
if (!WebSock.IsPost()) {
// Show the "Are you sure?" page:
CString sUser = WebSock.GetParam("user", false);
CUser* pUser = CZNC::Get().FindUser(sUser);
if (!pUser) {
WebSock.PrintErrorPage("No such username");
return true;
}
Tmpl.SetFile("del_user.tmpl");
Tmpl["Username"] = sUser;
return true;
}
// The "Are you sure?" page has been submitted with "Yes",
// so we actually delete the user now:
CString sUser = WebSock.GetParam("user");
CUser* pUser = CZNC::Get().FindUser(sUser);
if (pUser && pUser == spSession->GetUser()) {
WebSock.PrintErrorPage("Please don't delete yourself, suicide is not the answer!");
return true;
} else if (CZNC::Get().DeleteUser(sUser)) {
WebSock.Redirect("listusers");
return true;
}
WebSock.PrintErrorPage("No such username");
return true;
} else if (sPageName == "edituser") {
CString sUserName = SafeGetUserNameParam(WebSock);
CUser* pUser = CZNC::Get().FindUser(sUserName);
if(!pUser) {
if(sUserName.empty()) {
pUser = spSession->GetUser();
} // else: the "no such user" message will be printed.
}
// Admin||Self Check
if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pUser)) {
return false;
}
if (pUser) {
return UserPage(WebSock, Tmpl, pUser);
}
WebSock.PrintErrorPage("No such username");
return true;
} else if (sPageName == "listusers" && spSession->IsAdmin()) {
return ListUsersPage(WebSock, Tmpl);
} else if (sPageName == "traffic" && spSession->IsAdmin()) {
return TrafficPage(WebSock, Tmpl);
} else if (sPageName.empty() || sPageName == "index") {
return true;
}
return false;
}
CUser* GetNewUser(CWebSock& WebSock, CUser* pUser) {
CSmartPtr<CWebSession> spSession = WebSock.GetSession();
CString sUsername = WebSock.GetParam("newuser");
if (sUsername.empty()) {
sUsername = WebSock.GetParam("user");
}
if (sUsername.empty()) {
WebSock.PrintErrorPage("Invalid Submission [Username is required]");
return NULL;
}
if (pUser) {
/* If we are editing a user we must not change the user name */
sUsername = pUser->GetUserName();
}
CString sArg = WebSock.GetParam("password");
if (sArg != WebSock.GetParam("password2")) {
WebSock.PrintErrorPage("Invalid Submission [Passwords do not match]");
return NULL;
}
CUser* pNewUser = new CUser(sUsername);
if (!sArg.empty()) {
CString sSalt = CUtils::GetSalt();
CString sHash = CUser::SaltedHash(sArg, sSalt);
pNewUser->SetPass(sHash, CUser::HASH_DEFAULT, sSalt);
}
VCString vsArgs;
WebSock.GetRawParam("servers").Split("\n", vsArgs);
unsigned int a = 0;
for (a = 0; a < vsArgs.size(); a++) {
pNewUser->AddServer(vsArgs[a].Trim_n());
}
WebSock.GetRawParam("allowedips").Split("\n", vsArgs);
if (vsArgs.size()) {
for (a = 0; a < vsArgs.size(); a++) {
pNewUser->AddAllowedHost(vsArgs[a].Trim_n());
}
} else {
pNewUser->AddAllowedHost("*");
}
WebSock.GetRawParam("ctcpreplies").Split("\n", vsArgs);
for (a = 0; a < vsArgs.size(); a++) {
CString sReply = vsArgs[a].TrimRight_n("\r");
pNewUser->AddCTCPReply(sReply.Token(0).Trim_n(), sReply.Token(1, true).Trim_n());
}
sArg = WebSock.GetParam("nick"); if (!sArg.empty()) { pNewUser->SetNick(sArg); }
sArg = WebSock.GetParam("altnick"); if (!sArg.empty()) { pNewUser->SetAltNick(sArg); }
sArg = WebSock.GetParam("statusprefix"); if (!sArg.empty()) { pNewUser->SetStatusPrefix(sArg); }
sArg = WebSock.GetParam("ident"); if (!sArg.empty()) { pNewUser->SetIdent(sArg); }
sArg = WebSock.GetParam("skin"); if (!sArg.empty()) { pNewUser->SetSkinName(sArg); }
sArg = WebSock.GetParam("realname"); if (!sArg.empty()) { pNewUser->SetRealName(sArg); }
sArg = WebSock.GetParam("quitmsg"); if (!sArg.empty()) { pNewUser->SetQuitMsg(sArg); }
sArg = WebSock.GetParam("chanmodes"); if (!sArg.empty()) { pNewUser->SetDefaultChanModes(sArg); }
sArg = WebSock.GetParam("timestampformat"); if (!sArg.empty()) { pNewUser->SetTimestampFormat(sArg); }
sArg = WebSock.GetParam("bindhost");
// To change BindHosts be admin or don't have DenySetBindHost
if (spSession->IsAdmin() || !spSession->GetUser()->DenySetBindHost()) {
if (!sArg.empty()) {
pNewUser->SetBindHost(sArg);
}
} else if (pUser){
pNewUser->SetBindHost(pUser->GetBindHost());
}
// First apply the old limit in case the new one is too high
if (pUser)
pNewUser->SetBufferCount(pUser->GetBufferCount(), true);
pNewUser->SetBufferCount(WebSock.GetParam("bufsize").ToUInt());
pNewUser->SetSkinName(WebSock.GetParam("skin"));
pNewUser->SetKeepBuffer(WebSock.GetParam("keepbuffer").ToBool());
pNewUser->SetMultiClients(WebSock.GetParam("multiclients").ToBool());
pNewUser->SetBounceDCCs(WebSock.GetParam("bouncedccs").ToBool());
pNewUser->SetUseClientIP(WebSock.GetParam("useclientip").ToBool());
pNewUser->SetTimestampAppend(WebSock.GetParam("appendtimestamp").ToBool());
pNewUser->SetTimestampPrepend(WebSock.GetParam("prependtimestamp").ToBool());
pNewUser->SetTimezoneOffset(WebSock.GetParam("timezoneoffset").ToDouble());
pNewUser->SetJoinTries(WebSock.GetParam("jointries").ToUInt());
pNewUser->SetMaxJoins(WebSock.GetParam("maxjoins").ToUInt());
pNewUser->SetIRCConnectEnabled(WebSock.GetParam("doconnect").ToBool());
if (spSession->IsAdmin()) {
pNewUser->SetDenyLoadMod(WebSock.GetParam("denyloadmod").ToBool());
pNewUser->SetDenySetBindHost(WebSock.GetParam("denysetbindhost").ToBool());
} else if (pUser) {
pNewUser->SetDenyLoadMod(pUser->DenyLoadMod());
pNewUser->SetDenySetBindHost(pUser->DenySetBindHost());
}
// If pUser is not NULL, we are editing an existing user.
// Users must not be able to change their own admin flag.
if (pUser != CZNC::Get().FindUser(WebSock.GetUser())) {
pNewUser->SetAdmin(WebSock.GetParam("isadmin").ToBool());
} else if (pUser) {
pNewUser->SetAdmin(pUser->IsAdmin());
}
WebSock.GetParamValues("channel", vsArgs);
for (a = 0; a < vsArgs.size(); a++) {
const CString& sChan = vsArgs[a];
pNewUser->AddChan(sChan.TrimRight_n("\r"), WebSock.GetParam("save_" + sChan).ToBool());
}
if (spSession->IsAdmin() || (pUser && !pUser->DenyLoadMod())) {
WebSock.GetParamValues("loadmod", vsArgs);
for (a = 0; a < vsArgs.size(); a++) {
CString sModRet;
CString sModName = vsArgs[a].TrimRight_n("\r");
CString sModLoadError;
if (!sModName.empty()) {
CString sArgs = WebSock.GetParam("modargs_" + sModName);
try {
if (!pNewUser->GetModules().LoadModule(sModName, sArgs, pNewUser, sModRet)) {
sModLoadError = "Unable to load module [" + sModName + "] [" + sModRet + "]";
}
} catch (...) {
sModLoadError = "Unable to load module [" + sModName + "] [" + sArgs + "]";
}
if (!sModLoadError.empty()) {
DEBUG(sModLoadError);
spSession->AddError(sModLoadError);
}
}
}
} else if (pUser) {
CModules& Modules = pUser->GetModules();
for (a = 0; a < Modules.size(); a++) {
CString sModName = Modules[a]->GetModName();
CString sArgs = Modules[a]->GetArgs();
CString sModRet;
CString sModLoadError;
try {
if (!pNewUser->GetModules().LoadModule(sModName, sArgs, pNewUser, sModRet)) {
sModLoadError = "Unable to load module [" + sModName + "] [" + sModRet + "]";
}
} catch (...) {
sModLoadError = "Unable to load module [" + sModName + "]";
}
if (!sModLoadError.empty()) {
DEBUG(sModLoadError);
spSession->AddError(sModLoadError);
}
}
}
return pNewUser;
}
