1 | /**********************************************************************
|
---|
2 | *
|
---|
3 | * usersaction.cpp -- managing users
|
---|
4 | * Copyright (C) 1999 DigiLib Systems Limited, New Zealand
|
---|
5 | *
|
---|
6 | * A component of the Greenstone digital library software
|
---|
7 | * from the New Zealand Digital Library Project at the
|
---|
8 | * University of Waikato, New Zealand.
|
---|
9 | *
|
---|
10 | * This program is free software; you can redistribute it and/or modify
|
---|
11 | * it under the terms of the GNU General Public License as published by
|
---|
12 | * the Free Software Foundation; either version 2 of the License, or
|
---|
13 | * (at your option) any later version.
|
---|
14 | *
|
---|
15 | * This program is distributed in the hope that it will be useful,
|
---|
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
---|
18 | * GNU General Public License for more details.
|
---|
19 | *
|
---|
20 | * You should have received a copy of the GNU General Public License
|
---|
21 | * along with this program; if not, write to the Free Software
|
---|
22 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
---|
23 | *
|
---|
24 | * $Id: usersaction.cpp 551 1999-09-08 03:44:24Z cs025 $
|
---|
25 | *
|
---|
26 | *********************************************************************/
|
---|
27 |
|
---|
28 | /*
|
---|
29 | $Log$
|
---|
30 | Revision 1.6 1999/09/08 03:44:24 cs025
|
---|
31 | Added a cast to (char *) of (..:..?..) on output to avoid type
|
---|
32 | error at compile time.
|
---|
33 |
|
---|
34 | Revision 1.5 1999/09/07 23:12:34 rjmcnab
|
---|
35 | removed some compiler warnings
|
---|
36 |
|
---|
37 | Revision 1.4 1999/09/07 04:57:01 sjboddie
|
---|
38 | added GPL notice
|
---|
39 |
|
---|
40 | Revision 1.3 1999/09/02 00:30:56 rjmcnab
|
---|
41 | added option for specifying whether the gdbm database should be locked
|
---|
42 |
|
---|
43 | Revision 1.2 1999/07/30 02:24:44 sjboddie
|
---|
44 | added collectinfo argument to some functions
|
---|
45 |
|
---|
46 | Revision 1.1 1999/07/13 23:22:05 rjmcnab
|
---|
47 | Initial revision.
|
---|
48 |
|
---|
49 |
|
---|
50 | */
|
---|
51 |
|
---|
52 |
|
---|
53 | #include "usersaction.h"
|
---|
54 | #include "fileutil.h"
|
---|
55 | #include "userdb.h"
|
---|
56 |
|
---|
57 |
|
---|
58 | ///////////////
|
---|
59 | // usersaction
|
---|
60 | ///////////////
|
---|
61 |
|
---|
62 | usersaction::usersaction () {
|
---|
63 | // this action uses cgi variable "a"
|
---|
64 | cgiarginfo arg_ainfo;
|
---|
65 | arg_ainfo.shortname = "a";
|
---|
66 | arg_ainfo.longname = "action";
|
---|
67 | arg_ainfo.multiplechar = true;
|
---|
68 | arg_ainfo.defaultstatus = cgiarginfo::weak;
|
---|
69 | arg_ainfo.argdefault = "um"; // user management
|
---|
70 | arg_ainfo.savedarginfo = cgiarginfo::must;
|
---|
71 | argsinfo.addarginfo (NULL, arg_ainfo);
|
---|
72 |
|
---|
73 | // "uma"
|
---|
74 | arg_ainfo.shortname = "uma";
|
---|
75 | arg_ainfo.longname = "user management action";
|
---|
76 | arg_ainfo.multiplechar = true;
|
---|
77 | arg_ainfo.defaultstatus = cgiarginfo::weak;
|
---|
78 | arg_ainfo.argdefault = "listusers";
|
---|
79 | arg_ainfo.savedarginfo = cgiarginfo::mustnot;
|
---|
80 | argsinfo.addarginfo (NULL, arg_ainfo);
|
---|
81 |
|
---|
82 | // "umun"
|
---|
83 | arg_ainfo.shortname = "umun";
|
---|
84 | arg_ainfo.longname = "user management user name";
|
---|
85 | arg_ainfo.multiplechar = true;
|
---|
86 | arg_ainfo.defaultstatus = cgiarginfo::weak;
|
---|
87 | arg_ainfo.argdefault = "";
|
---|
88 | arg_ainfo.savedarginfo = cgiarginfo::mustnot;
|
---|
89 | argsinfo.addarginfo (NULL, arg_ainfo);
|
---|
90 |
|
---|
91 | // "umpw"
|
---|
92 | arg_ainfo.shortname = "umpw";
|
---|
93 | arg_ainfo.longname = "user management password";
|
---|
94 | arg_ainfo.multiplechar = true;
|
---|
95 | arg_ainfo.defaultstatus = cgiarginfo::weak;
|
---|
96 | arg_ainfo.argdefault = "";
|
---|
97 | arg_ainfo.savedarginfo = cgiarginfo::mustnot;
|
---|
98 | argsinfo.addarginfo (NULL, arg_ainfo);
|
---|
99 |
|
---|
100 | // "umnpw1"
|
---|
101 | arg_ainfo.shortname = "umnpw1";
|
---|
102 | arg_ainfo.longname = "user management new password 1";
|
---|
103 | arg_ainfo.multiplechar = true;
|
---|
104 | arg_ainfo.defaultstatus = cgiarginfo::weak;
|
---|
105 | arg_ainfo.argdefault = "";
|
---|
106 | arg_ainfo.savedarginfo = cgiarginfo::mustnot;
|
---|
107 | argsinfo.addarginfo (NULL, arg_ainfo);
|
---|
108 |
|
---|
109 | // "umnpw2"
|
---|
110 | arg_ainfo.shortname = "umnpw2";
|
---|
111 | arg_ainfo.longname = "user management new password 2";
|
---|
112 | arg_ainfo.multiplechar = true;
|
---|
113 | arg_ainfo.defaultstatus = cgiarginfo::weak;
|
---|
114 | arg_ainfo.argdefault = "";
|
---|
115 | arg_ainfo.savedarginfo = cgiarginfo::mustnot;
|
---|
116 | argsinfo.addarginfo (NULL, arg_ainfo);
|
---|
117 |
|
---|
118 | // "umus"
|
---|
119 | arg_ainfo.shortname = "umus";
|
---|
120 | arg_ainfo.longname = "user management account status";
|
---|
121 | arg_ainfo.multiplechar = true;
|
---|
122 | arg_ainfo.defaultstatus = cgiarginfo::weak;
|
---|
123 | arg_ainfo.argdefault = "";
|
---|
124 | arg_ainfo.savedarginfo = cgiarginfo::mustnot;
|
---|
125 | argsinfo.addarginfo (NULL, arg_ainfo);
|
---|
126 |
|
---|
127 | // "umug"
|
---|
128 | arg_ainfo.shortname = "umug";
|
---|
129 | arg_ainfo.longname = "user management groups"; // comma seperated list
|
---|
130 | arg_ainfo.multiplechar = true;
|
---|
131 | arg_ainfo.defaultstatus = cgiarginfo::weak;
|
---|
132 | arg_ainfo.argdefault = "";
|
---|
133 | arg_ainfo.savedarginfo = cgiarginfo::mustnot;
|
---|
134 | argsinfo.addarginfo (NULL, arg_ainfo);
|
---|
135 |
|
---|
136 | // "umc"
|
---|
137 | arg_ainfo.shortname = "umc";
|
---|
138 | arg_ainfo.longname = "user management comment";
|
---|
139 | arg_ainfo.multiplechar = true;
|
---|
140 | arg_ainfo.defaultstatus = cgiarginfo::weak;
|
---|
141 | arg_ainfo.argdefault = "";
|
---|
142 | arg_ainfo.savedarginfo = cgiarginfo::mustnot;
|
---|
143 | argsinfo.addarginfo (NULL, arg_ainfo);
|
---|
144 |
|
---|
145 | // "bcp"
|
---|
146 | arg_ainfo.shortname = "bcp";
|
---|
147 | arg_ainfo.longname = "change password submit button";
|
---|
148 | arg_ainfo.multiplechar = true;
|
---|
149 | arg_ainfo.defaultstatus = cgiarginfo::weak;
|
---|
150 | arg_ainfo.argdefault = "";
|
---|
151 | arg_ainfo.savedarginfo = cgiarginfo::mustnot;
|
---|
152 | argsinfo.addarginfo (NULL, arg_ainfo);
|
---|
153 |
|
---|
154 | // "beu"
|
---|
155 | arg_ainfo.shortname = "beu";
|
---|
156 | arg_ainfo.longname = "edit user submit button";
|
---|
157 | arg_ainfo.multiplechar = true;
|
---|
158 | arg_ainfo.defaultstatus = cgiarginfo::weak;
|
---|
159 | arg_ainfo.argdefault = "";
|
---|
160 | arg_ainfo.savedarginfo = cgiarginfo::mustnot;
|
---|
161 | argsinfo.addarginfo (NULL, arg_ainfo);
|
---|
162 |
|
---|
163 | // "cm"
|
---|
164 | arg_ainfo.shortname = "cm";
|
---|
165 | arg_ainfo.longname = "confirm an action";
|
---|
166 | arg_ainfo.multiplechar = true;
|
---|
167 | arg_ainfo.defaultstatus = cgiarginfo::weak;
|
---|
168 | arg_ainfo.argdefault = "";
|
---|
169 | arg_ainfo.savedarginfo = cgiarginfo::mustnot;
|
---|
170 | argsinfo.addarginfo (NULL, arg_ainfo);
|
---|
171 | }
|
---|
172 |
|
---|
173 | void usersaction::configure (const text_t &key, const text_tarray &cfgline) {
|
---|
174 | // get the password filename
|
---|
175 | if (cfgline.size() == 1) {
|
---|
176 | if (key == "usersfile") usersfile = cfgline[0];
|
---|
177 | else if (key == "gsdlhome") {
|
---|
178 | if (usersfile.empty())
|
---|
179 | usersfile = filename_cat (cfgline[0], "etc", "users.db");
|
---|
180 | }
|
---|
181 | }
|
---|
182 |
|
---|
183 | action::configure (key, cfgline);
|
---|
184 | }
|
---|
185 |
|
---|
186 | bool usersaction::check_cgiargs (cgiargsinfoclass &/*argsinfo*/, cgiargsclass &args,
|
---|
187 | ostream &/*logout*/) {
|
---|
188 | args["uan"] = "1"; // user authentication is needed
|
---|
189 |
|
---|
190 | if (args["uma"] == "changepasswd") {
|
---|
191 | // no particular group is needed to change a password
|
---|
192 | args["ug"].clear();
|
---|
193 | } else {
|
---|
194 | // administrator is needed for all other management tasks
|
---|
195 | args["ug"] = "administrator";
|
---|
196 | }
|
---|
197 |
|
---|
198 | return true;
|
---|
199 | }
|
---|
200 |
|
---|
201 | void usersaction::get_cgihead_info (cgiargsclass &/*args*/, response_t &response,
|
---|
202 | text_t &response_data, ostream &/*logout*/) {
|
---|
203 | response = content;
|
---|
204 | response_data = "text/html";
|
---|
205 | }
|
---|
206 |
|
---|
207 | void usersaction::define_internal_macros (const ColInfoResponse_t &/*collectinfo*/, displayclass &/*disp*/,
|
---|
208 | cgiargsclass &/*args*/, recptproto * /*collectproto*/,
|
---|
209 | ostream &/*logout*/) {
|
---|
210 | }
|
---|
211 |
|
---|
212 | void usersaction::define_external_macros (const ColInfoResponse_t &/*collectinfo*/, displayclass &/*disp*/,
|
---|
213 | cgiargsclass &/*args*/, recptproto * /*collectproto*/,
|
---|
214 | ostream &/*logout*/) {
|
---|
215 | }
|
---|
216 |
|
---|
217 | bool usersaction::do_action (cgiargsclass &args, const ColInfoResponse_t &/*collectinfo*/,
|
---|
218 | recptproto *collectproto, displayclass &disp,
|
---|
219 | outconvertclass &outconvert, ostream &textout,
|
---|
220 | ostream &logout) {
|
---|
221 | if (args["uma"] == "adduser" || args["uma"] == "edituser") {
|
---|
222 | // adduser is handled by edituser
|
---|
223 | return do_edituser (args, collectproto, disp, outconvert, textout, logout);
|
---|
224 |
|
---|
225 | } else if (args["uma"] == "deleteuser") {
|
---|
226 | return do_deleteuser (args, collectproto, disp, outconvert, textout, logout);
|
---|
227 |
|
---|
228 | } else if (args["uma"] == "changepasswd") {
|
---|
229 | return do_changepasswd (args, collectproto, disp, outconvert, textout, logout);
|
---|
230 | }
|
---|
231 |
|
---|
232 | // default
|
---|
233 | return do_listusers (args, collectproto, disp, outconvert, textout, logout);
|
---|
234 | }
|
---|
235 |
|
---|
236 | bool usersaction::do_listusers (cgiargsclass &/*args*/, recptproto * /*collectproto*/,
|
---|
237 | displayclass &disp, outconvertclass &outconvert,
|
---|
238 | ostream &textout, ostream &/*logout*/) {
|
---|
239 | textout << outconvert << disp
|
---|
240 | << "_userslistusers:header_\n_userslistusers:contentstart_\n";
|
---|
241 |
|
---|
242 |
|
---|
243 | // open the user database (it will be used a lot)
|
---|
244 | gdbmclass userdb;
|
---|
245 | text_tarray userlist;
|
---|
246 | if (userdb.opendatabase(usersfile, GDBM_READER, 1000, true)) {
|
---|
247 | // get user list
|
---|
248 | get_user_list (userdb, userlist);
|
---|
249 | }
|
---|
250 |
|
---|
251 | // sort the list
|
---|
252 | sort(userlist.begin(), userlist.end());
|
---|
253 |
|
---|
254 | // output the information for each user
|
---|
255 | userinfo_t userinfo;
|
---|
256 | text_tarray::iterator users_here = userlist.begin();
|
---|
257 | text_tarray::iterator users_end = userlist.end();
|
---|
258 | while (users_here != users_end) {
|
---|
259 | if (get_user_info (userdb, *users_here, userinfo)) {
|
---|
260 | textout << outconvert << disp
|
---|
261 | << "<tr><td bgcolor=\"\\#eeeeee\">" << userinfo.username << "</td>\n"
|
---|
262 | << "<td bgcolor=\"\\#eeeeee\">" << (char *) (userinfo.enabled ? "enabled" : "disabled") << "</td>\n"
|
---|
263 | << "<td bgcolor=\"\\#eeeeee\">" << userinfo.groups << " </td>\n"
|
---|
264 | << "<td bgcolor=\"\\#eeeeee\">" << userinfo.comment << " </td>\n"
|
---|
265 | << "<td><a href=\"_httpcurrentdocument_&a=um&uma=edituser&umun="
|
---|
266 | << userinfo.username << "\">_userslistusers:textedituser_</a> "
|
---|
267 | << "<a href=\"_httpcurrentdocument_&a=um&uma=deleteuser&umun="
|
---|
268 | << userinfo.username << "\">_userslistusers:textdeleteuser_</a>"
|
---|
269 | << "</td></tr>\n\n";
|
---|
270 |
|
---|
271 | } else {
|
---|
272 | textout << outconvert << disp
|
---|
273 | << "<tr><td bgcolor=\"\\#eeeeee\">" << *users_here << "</td>\n"
|
---|
274 | << "<td bgcolor=\"\\#eeeeee\"> </td>\n"
|
---|
275 | << "<td bgcolor=\"\\#eeeeee\"> </td>\n"
|
---|
276 | << "<td bgcolor=\"\\#eeeeee\"> </td>\n"
|
---|
277 | << "<td> </td></tr>\n\n";
|
---|
278 | }
|
---|
279 |
|
---|
280 | users_here++;
|
---|
281 | }
|
---|
282 |
|
---|
283 | userdb.closedatabase();
|
---|
284 |
|
---|
285 | textout << outconvert << disp
|
---|
286 | << "_userslistusers:contentend_\n_userslistusers:footer_\n";
|
---|
287 | return true;
|
---|
288 | }
|
---|
289 |
|
---|
290 | void usersaction::define_user_macros (cgiargsclass &args, displayclass &disp) {
|
---|
291 | disp.setmacro ("usersargun", "users", args["umun"]);
|
---|
292 | disp.setmacro ("usersargpw", "users", args["umpw"]);
|
---|
293 | disp.setmacro ("usersargus", "users", args["umus"]);
|
---|
294 | disp.setmacro ("usersargug", "users", args["umug"]);
|
---|
295 | disp.setmacro ("usersargc", "users", args["umc"]);
|
---|
296 | }
|
---|
297 |
|
---|
298 |
|
---|
299 | bool usersaction::do_edituser (cgiargsclass &args, recptproto *collectproto,
|
---|
300 | displayclass &disp, outconvertclass &outconvert,
|
---|
301 | ostream &textout, ostream &logout) {
|
---|
302 | userinfo_t userinfo;
|
---|
303 | text_t messagestatus;
|
---|
304 | bool noproblems = true;
|
---|
305 |
|
---|
306 | // fill in defaults from user database (if appropriate)
|
---|
307 | if (args["umun"].empty()) {
|
---|
308 | noproblems = false;
|
---|
309 |
|
---|
310 | } else if (!username_ok (args["umun"])) {
|
---|
311 | // problem with username
|
---|
312 | noproblems = false;
|
---|
313 | messagestatus += "_users:messageinvalidusername_";
|
---|
314 |
|
---|
315 | } else if (get_user_info (usersfile, args["umun"], userinfo)) {
|
---|
316 | if (args["uma"] == "adduser") {
|
---|
317 | // must not add a user that has the same name as another user
|
---|
318 | noproblems = false;
|
---|
319 | messagestatus += "_users:messageuserexists_";
|
---|
320 |
|
---|
321 | } else {
|
---|
322 | // only fill in the data if there is no user status defined
|
---|
323 | if (args["umus"].empty()) {
|
---|
324 | args["umus"] = userinfo.enabled ? "enabled" : "disabled";
|
---|
325 | if (args["umug"].empty()) args["umug"] = userinfo.groups;
|
---|
326 | if (args["umc"].empty()) args["umc"] = userinfo.comment;
|
---|
327 | }
|
---|
328 | }
|
---|
329 | }
|
---|
330 |
|
---|
331 | // fill in the user status default
|
---|
332 | if (args["umus"].empty()) {
|
---|
333 | noproblems = false;
|
---|
334 | args["umus"] = "enabled";
|
---|
335 | }
|
---|
336 |
|
---|
337 | // make sure the password is ok
|
---|
338 | if (args["umpw"].empty()) {
|
---|
339 | // password must not be empty if none were supplied from database
|
---|
340 | // and we have had no other problems
|
---|
341 | if (userinfo.password.empty() && noproblems) {
|
---|
342 | noproblems = false;
|
---|
343 | messagestatus += "_users:messageemptypassword_";
|
---|
344 | }
|
---|
345 |
|
---|
346 | } else if (!password_ok(args["umpw"])) {
|
---|
347 | noproblems = false;
|
---|
348 | messagestatus += "_users:messageinvalidpassword_";
|
---|
349 | }
|
---|
350 |
|
---|
351 | // set this info if no problems have been encounted
|
---|
352 | // and the submit button was pressed
|
---|
353 | if (noproblems && !args["beu"].empty()) {
|
---|
354 | userinfo.username = args["umun"];
|
---|
355 | if (!args["umpw"].empty()) {
|
---|
356 | // only set the password if it is not empty
|
---|
357 | userinfo.password = crypt_text(args["umpw"]);
|
---|
358 | }
|
---|
359 | userinfo.enabled = (args["umus"] == "enabled");
|
---|
360 | userinfo.groups = args["umug"];
|
---|
361 | userinfo.comment = args["umc"];
|
---|
362 |
|
---|
363 | set_user_info (usersfile, args["umun"], userinfo);
|
---|
364 |
|
---|
365 | // show list of users
|
---|
366 | return do_listusers (args, collectproto, disp, outconvert, textout, logout);
|
---|
367 | }
|
---|
368 |
|
---|
369 | // define the macros for the user
|
---|
370 | define_user_macros (args, disp);
|
---|
371 | disp.setmacro ("messagestatus", "users", messagestatus);
|
---|
372 |
|
---|
373 | textout << outconvert << disp
|
---|
374 | << "_usersedituser:header_\n_usersedituser:content_\n_usersedituser:footer_\n";
|
---|
375 |
|
---|
376 | return true;
|
---|
377 | }
|
---|
378 |
|
---|
379 | bool usersaction::do_deleteuser (cgiargsclass &args, recptproto *collectproto,
|
---|
380 | displayclass &disp, outconvertclass &outconvert,
|
---|
381 | ostream &textout, ostream &logout) {
|
---|
382 | if (!args["cm"].empty()) {
|
---|
383 | if (args["cm"] == "yes" && !args["umun"].empty()) {
|
---|
384 | // user confirmed the deletion of the user
|
---|
385 | delete_user (usersfile, args["umun"]);
|
---|
386 | }
|
---|
387 |
|
---|
388 | // redirect the user back to the listusers page
|
---|
389 | return do_listusers (args, collectproto, disp, outconvert, textout, logout);
|
---|
390 | }
|
---|
391 |
|
---|
392 | define_user_macros (args, disp);
|
---|
393 | textout << outconvert << disp
|
---|
394 | << "_usersdeleteuser:header_\n_usersdeleteuser:content_\n_usersdeleteuser:footer_\n";
|
---|
395 |
|
---|
396 | return true;
|
---|
397 | }
|
---|
398 |
|
---|
399 | bool usersaction::do_changepasswd (cgiargsclass &args, recptproto * /*collectproto*/,
|
---|
400 | displayclass &disp, outconvertclass &outconvert,
|
---|
401 | ostream &textout, ostream &/*logout*/) {
|
---|
402 | text_t messagestatus;
|
---|
403 |
|
---|
404 | if (!args["bcp"].empty()) {
|
---|
405 | if (args["un"].empty()) {
|
---|
406 | messagestatus = "_users:messageusernameempty_";
|
---|
407 | } else if (args["umpw"].empty()) {
|
---|
408 | messagestatus = "_users:messagepasswordempty_";
|
---|
409 | } else if (args["umnpw1"].empty()) {
|
---|
410 | messagestatus = "_users:messagenewpass1empty_";
|
---|
411 | } else if (args["umnpw2"].empty()) {
|
---|
412 | messagestatus = "_users:messagenewpass2empty_";
|
---|
413 | } else if (args["umnpw1"] != args["umnpw2"]) {
|
---|
414 | messagestatus = "_users:messagenewpassmismatch_";
|
---|
415 | } else if (!password_ok(args["umnpw1"])) {
|
---|
416 | messagestatus = "_users:messageinvalidpassword_";
|
---|
417 | } else {
|
---|
418 | userinfo_t userinfo;
|
---|
419 | if (get_user_info (usersfile, args["un"], userinfo)) {
|
---|
420 | // check old password
|
---|
421 | if (userinfo.password != crypt_text(args["umpw"])) {
|
---|
422 | messagestatus = "_users:messagefailed_";
|
---|
423 |
|
---|
424 | } else {
|
---|
425 | userinfo.password = crypt_text(args["umnpw1"]);
|
---|
426 | if (set_user_info (usersfile, args["un"], userinfo)) {
|
---|
427 | // everything is ok
|
---|
428 | textout << outconvert << disp
|
---|
429 | << "_userschangepasswdok:header_\n"
|
---|
430 | "_userschangepasswdok:content_\n"
|
---|
431 | "_userschangepasswdok:footer_\n";
|
---|
432 | return true;
|
---|
433 | }
|
---|
434 | }
|
---|
435 | }
|
---|
436 | }
|
---|
437 | }
|
---|
438 |
|
---|
439 | disp.setmacro ("messagestatus", "users", messagestatus);
|
---|
440 |
|
---|
441 | textout << outconvert << disp
|
---|
442 | << "_userschangepasswd:header_\n"
|
---|
443 | "_userschangepasswd:content_\n"
|
---|
444 | "_userschangepasswd:footer_\n";
|
---|
445 |
|
---|
446 | return true;
|
---|
447 | }
|
---|
448 |
|
---|