Context Navigation

source: branches/z3950-branch/gsdl/src/recpt/usersaction.cpp@ 1342

Last change on this file since 1342 was 1342, checked in by johnmcp, 24 years ago
Relatively stable z39.50 implementation now, merged with the mgpp source. (Still needs a decent interface and query language though...)
Property svn:executable set to ``* Property svn:keywords set to `Author Date Id Revision`
File size: 13.4 KB

Line
1	/**********************************************************************
2	*
3	* usersaction.cpp -- managing users
4	* Copyright (C) 1999 DigiLib Systems Limited, New Zealand
5	*
6	* A component of the Greenstone digital library software
7	* from the New Zealand Digital Library Project at the
8	* University of Waikato, New Zealand.
9	*
10	* This program is free software; you can redistribute it and/or modify
11	* it under the terms of the GNU General Public License as published by
12	* the Free Software Foundation; either version 2 of the License, or
13	* (at your option) any later version.
14	*
15	* This program is distributed in the hope that it will be useful,
16	* but WITHOUT ANY WARRANTY; without even the implied warranty of
17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18	* GNU General Public License for more details.
19	*
20	* You should have received a copy of the GNU General Public License
21	* along with this program; if not, write to the Free Software
22	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23	*
24	*********************************************************************/
25
26	#include "usersaction.h"
27	#include "fileutil.h"
28	#include "userdb.h"
29
30
31	///////////////
32	// usersaction
33	///////////////
34
35	usersaction::usersaction () {
36	// this action uses cgi variable "a"
37	cgiarginfo arg_ainfo;
38	arg_ainfo.shortname = "a";
39	arg_ainfo.longname = "action";
40	arg_ainfo.multiplechar = true;
41	arg_ainfo.defaultstatus = cgiarginfo::weak;
42	arg_ainfo.argdefault = "um"; // user management
43	arg_ainfo.savedarginfo = cgiarginfo::must;
44	argsinfo.addarginfo (NULL, arg_ainfo);
45
46	// "uma"
47	arg_ainfo.shortname = "uma";
48	arg_ainfo.longname = "user management action";
49	arg_ainfo.multiplechar = true;
50	arg_ainfo.defaultstatus = cgiarginfo::weak;
51	arg_ainfo.argdefault = "listusers";
52	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
53	argsinfo.addarginfo (NULL, arg_ainfo);
54
55	// "umun"
56	arg_ainfo.shortname = "umun";
57	arg_ainfo.longname = "user management user name";
58	arg_ainfo.multiplechar = true;
59	arg_ainfo.defaultstatus = cgiarginfo::weak;
60	arg_ainfo.argdefault = "";
61	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
62	argsinfo.addarginfo (NULL, arg_ainfo);
63
64	// "umpw"
65	arg_ainfo.shortname = "umpw";
66	arg_ainfo.longname = "user management password";
67	arg_ainfo.multiplechar = true;
68	arg_ainfo.defaultstatus = cgiarginfo::weak;
69	arg_ainfo.argdefault = "";
70	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
71	argsinfo.addarginfo (NULL, arg_ainfo);
72
73	// "umnpw1"
74	arg_ainfo.shortname = "umnpw1";
75	arg_ainfo.longname = "user management new password 1";
76	arg_ainfo.multiplechar = true;
77	arg_ainfo.defaultstatus = cgiarginfo::weak;
78	arg_ainfo.argdefault = "";
79	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
80	argsinfo.addarginfo (NULL, arg_ainfo);
81
82	// "umnpw2"
83	arg_ainfo.shortname = "umnpw2";
84	arg_ainfo.longname = "user management new password 2";
85	arg_ainfo.multiplechar = true;
86	arg_ainfo.defaultstatus = cgiarginfo::weak;
87	arg_ainfo.argdefault = "";
88	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
89	argsinfo.addarginfo (NULL, arg_ainfo);
90
91	// "umus"
92	arg_ainfo.shortname = "umus";
93	arg_ainfo.longname = "user management account status";
94	arg_ainfo.multiplechar = true;
95	arg_ainfo.defaultstatus = cgiarginfo::weak;
96	arg_ainfo.argdefault = "";
97	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
98	argsinfo.addarginfo (NULL, arg_ainfo);
99
100	// "umug"
101	arg_ainfo.shortname = "umug";
102	arg_ainfo.longname = "user management groups"; // comma seperated list
103	arg_ainfo.multiplechar = true;
104	arg_ainfo.defaultstatus = cgiarginfo::weak;
105	arg_ainfo.argdefault = "";
106	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
107	argsinfo.addarginfo (NULL, arg_ainfo);
108
109	// "umc"
110	arg_ainfo.shortname = "umc";
111	arg_ainfo.longname = "user management comment";
112	arg_ainfo.multiplechar = true;
113	arg_ainfo.defaultstatus = cgiarginfo::weak;
114	arg_ainfo.argdefault = "";
115	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
116	argsinfo.addarginfo (NULL, arg_ainfo);
117
118	// "bcp"
119	arg_ainfo.shortname = "bcp";
120	arg_ainfo.longname = "change password submit button";
121	arg_ainfo.multiplechar = true;
122	arg_ainfo.defaultstatus = cgiarginfo::weak;
123	arg_ainfo.argdefault = "";
124	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
125	argsinfo.addarginfo (NULL, arg_ainfo);
126
127	// "beu"
128	arg_ainfo.shortname = "beu";
129	arg_ainfo.longname = "edit user submit button";
130	arg_ainfo.multiplechar = true;
131	arg_ainfo.defaultstatus = cgiarginfo::weak;
132	arg_ainfo.argdefault = "";
133	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
134	argsinfo.addarginfo (NULL, arg_ainfo);
135
136	// "cm"
137	arg_ainfo.shortname = "cm";
138	arg_ainfo.longname = "confirm an action";
139	arg_ainfo.multiplechar = true;
140	arg_ainfo.defaultstatus = cgiarginfo::weak;
141	arg_ainfo.argdefault = "";
142	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
143	argsinfo.addarginfo (NULL, arg_ainfo);
144	}
145
146	void usersaction::configure (const text_t &key, const text_tarray &cfgline) {
147	// get the password filename
148	if (cfgline.size() == 1) {
149	if (key == "usersfile") usersfile = cfgline[0];
150	else if (key == "gsdlhome") {
151	if (usersfile.empty())
152	usersfile = filename_cat (cfgline[0], "etc", "users.db");
153	}
154	}
155
156	action::configure (key, cfgline);
157	}
158
159	bool usersaction::check_cgiargs (cgiargsinfoclass &/argsinfo/, cgiargsclass &args,
160	ostream &/logout/) {
161	args["uan"] = "1"; // user authentication is needed
162
163	if (args["uma"] == "changepasswd") {
164	// no particular group is needed to change a password
165	args["ug"].clear();
166	} else {
167	// administrator is needed for all other management tasks
168	args["ug"] = "administrator";
169	}
170
171	return true;
172	}
173
174	void usersaction::get_cgihead_info (cgiargsclass &/args/, recptprotolistclass * /protos/,
175	response_t &response, text_t &response_data,
176	ostream &/logout/) {
177	response = content;
178	response_data = "text/html";
179	}
180
181	bool usersaction::do_action (cgiargsclass &args, recptprotolistclass * /protos/,
182	browsermapclass * /browsers/, displayclass &disp,
183	outconvertclass &outconvert, ostream &textout,
184	ostream &logout) {
185
186	if (args["uma"] == "adduser" \|\| args["uma"] == "edituser") {
187	// adduser is handled by edituser
188	return do_edituser (args, disp, outconvert, textout, logout);
189
190	} else if (args["uma"] == "deleteuser") {
191	return do_deleteuser (args, disp, outconvert, textout, logout);
192
193	} else if (args["uma"] == "changepasswd") {
194	return do_changepasswd (args, disp, outconvert, textout, logout);
195	}
196
197	// default
198	return do_listusers (args, disp, outconvert, textout, logout);
199	}
200
201	bool usersaction::do_listusers (cgiargsclass &/args/, displayclass &disp,
202	outconvertclass &outconvert, ostream &textout,
203	ostream &/logout/) {
204
205	textout << outconvert << disp
206	<< "_userslistusers:header_\n_userslistusers:contentstart_\n";
207
208
209	// open the user database (it will be used a lot)
210	gdbmclass userdb;
211	text_tarray userlist;
212	if (userdb.opendatabase(usersfile, GDBM_READER, 1000, true)) {
213	// get user list
214	get_user_list (userdb, userlist);
215	}
216
217	// sort the list
218	sort(userlist.begin(), userlist.end());
219
220	// output the information for each user
221	userinfo_t userinfo;
222	text_tarray::iterator users_here = userlist.begin();
223	text_tarray::iterator users_end = userlist.end();
224	while (users_here != users_end) {
225	if (get_user_info (userdb, *users_here, userinfo)) {
226	textout << outconvert << disp
227	<< "<tr><td bgcolor=\"\\#eeeeee\">" << userinfo.username << "</td>\n"
228	<< "<td bgcolor=\"\\#eeeeee\">" << (char *) (userinfo.enabled ? "enabled" : "disabled") << "</td>\n"
229	<< "<td bgcolor=\"\\#eeeeee\">" << userinfo.groups << " </td>\n"
230	<< "<td bgcolor=\"\\#eeeeee\">" << userinfo.comment << " </td>\n"
231	<< "<td><a href=\"_httpcurrentdocument_&a=um&uma=edituser&umun="
232	<< userinfo.username << "\">_userslistusers:textedituser_</a> "
233	<< "<a href=\"_httpcurrentdocument_&a=um&uma=deleteuser&umun="
234	<< userinfo.username << "\">_userslistusers:textdeleteuser_</a>"
235	<< "</td></tr>\n\n";
236
237	} else {
238	textout << outconvert << disp
239	<< "<tr><td bgcolor=\"\\#eeeeee\">" << *users_here << "</td>\n"
240	<< "<td bgcolor=\"\\#eeeeee\"> </td>\n"
241	<< "<td bgcolor=\"\\#eeeeee\"> </td>\n"
242	<< "<td bgcolor=\"\\#eeeeee\"> </td>\n"
243	<< "<td> </td></tr>\n\n";
244	}
245
246	users_here++;
247	}
248
249	userdb.closedatabase();
250
251	textout << outconvert << disp
252	<< "_userslistusers:contentend_\n_userslistusers:footer_\n";
253	return true;
254	}
255
256	void usersaction::define_user_macros (cgiargsclass &args, displayclass &disp) {
257	disp.setmacro ("usersargun", "users", args["umun"]);
258	disp.setmacro ("usersargpw", "users", args["umpw"]);
259	disp.setmacro ("usersargus", "users", args["umus"]);
260	disp.setmacro ("usersargug", "users", args["umug"]);
261	disp.setmacro ("usersargc", "users", args["umc"]);
262	}
263
264
265	bool usersaction::do_edituser (cgiargsclass &args, displayclass &disp,
266	outconvertclass &outconvert, ostream &textout,
267	ostream &logout) {
268	userinfo_t userinfo;
269	text_t messagestatus;
270	bool noproblems = true;
271
272	// fill in defaults from user database (if appropriate)
273	if (args["umun"].empty()) {
274	noproblems = false;
275
276	} else if (!username_ok (args["umun"])) {
277	// problem with username
278	noproblems = false;
279	messagestatus += "_users:messageinvalidusername_";
280
281	} else if (get_user_info (usersfile, args["umun"], userinfo)) {
282	if (args["uma"] == "adduser") {
283	// must not add a user that has the same name as another user
284	noproblems = false;
285	messagestatus += "_users:messageuserexists_";
286
287	} else {
288	// only fill in the data if there is no user status defined
289	if (args["umus"].empty()) {
290	args["umus"] = userinfo.enabled ? "enabled" : "disabled";
291	if (args["umug"].empty()) args["umug"] = userinfo.groups;
292	if (args["umc"].empty()) args["umc"] = userinfo.comment;
293	}
294	}
295	}
296
297	// fill in the user status default
298	if (args["umus"].empty()) {
299	noproblems = false;
300	args["umus"] = "enabled";
301	}
302
303	// make sure the password is ok
304	if (args["umpw"].empty()) {
305	// password must not be empty if none were supplied from database
306	// and we have had no other problems
307	if (userinfo.password.empty() && noproblems) {
308	noproblems = false;
309	messagestatus += "_users:messageemptypassword_";
310	}
311
312	} else if (!password_ok(args["umpw"])) {
313	noproblems = false;
314	messagestatus += "_users:messageinvalidpassword_";
315	}
316
317	// set this info if no problems have been encounted
318	// and the submit button was pressed
319	if (noproblems && !args["beu"].empty()) {
320	userinfo.username = args["umun"];
321	if (!args["umpw"].empty()) {
322	// only set the password if it is not empty
323	userinfo.password = crypt_text(args["umpw"]);
324	}
325	userinfo.enabled = (args["umus"] == "enabled");
326	userinfo.groups = args["umug"];
327	userinfo.comment = args["umc"];
328
329	set_user_info (usersfile, args["umun"], userinfo);
330
331	// show list of users
332	return do_listusers (args, disp, outconvert, textout, logout);
333	}
334
335	// define the macros for the user
336	define_user_macros (args, disp);
337	disp.setmacro ("messagestatus", "users", messagestatus);
338
339	textout << outconvert << disp
340	<< "_usersedituser:header_\n_usersedituser:content_\n_usersedituser:footer_\n";
341
342	return true;
343	}
344
345	bool usersaction::do_deleteuser (cgiargsclass &args, displayclass &disp,
346	outconvertclass &outconvert, ostream &textout,
347	ostream &logout) {
348	if (!args["cm"].empty()) {
349	if (args["cm"] == "yes" && !args["umun"].empty()) {
350	// user confirmed the deletion of the user
351	delete_user (usersfile, args["umun"]);
352	}
353
354	// redirect the user back to the listusers page
355	return do_listusers (args, disp, outconvert, textout, logout);
356	}
357
358	define_user_macros (args, disp);
359	textout << outconvert << disp
360	<< "_usersdeleteuser:header_\n_usersdeleteuser:content_\n_usersdeleteuser:footer_\n";
361
362	return true;
363	}
364
365	bool usersaction::do_changepasswd (cgiargsclass &args, displayclass &disp,
366	outconvertclass &outconvert, ostream &textout,
367	ostream &/logout/) {
368	text_t messagestatus;
369
370	if (!args["bcp"].empty()) {
371	if (args["un"].empty()) {
372	messagestatus = "_users:messageusernameempty_";
373	} else if (args["umpw"].empty()) {
374	messagestatus = "_users:messagepasswordempty_";
375	} else if (args["umnpw1"].empty()) {
376	messagestatus = "_users:messagenewpass1empty_";
377	} else if (args["umnpw2"].empty()) {
378	messagestatus = "_users:messagenewpass2empty_";
379	} else if (args["umnpw1"] != args["umnpw2"]) {
380	messagestatus = "_users:messagenewpassmismatch_";
381	} else if (!password_ok(args["umnpw1"])) {
382	messagestatus = "_users:messageinvalidpassword_";
383	} else {
384	userinfo_t userinfo;
385	if (get_user_info (usersfile, args["un"], userinfo)) {
386	// check old password
387	if (userinfo.password != crypt_text(args["umpw"])) {
388	messagestatus = "_users:messagefailed_";
389
390	} else {
391	userinfo.password = crypt_text(args["umnpw1"]);
392	if (set_user_info (usersfile, args["un"], userinfo)) {
393	// everything is ok
394	textout << outconvert << disp
395	<< "_userschangepasswdok:header_\n"
396	"_userschangepasswdok:content_\n"
397	"_userschangepasswdok:footer_\n";
398	return true;
399	}
400	}
401	}
402	}
403	}
404
405	disp.setmacro ("messagestatus", "users", messagestatus);
406
407	textout << outconvert << disp
408	<< "_userschangepasswd:header_\n"
409	"_userschangepasswd:content_\n"
410	"_userschangepasswd:footer_\n";
411
412	return true;
413	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: