2010-08-10 18:12:50 +02:00
|
|
|
/*
|
|
|
|
* This file is a part of Winix
|
2014-10-04 20:04:03 +02:00
|
|
|
* and is distributed under the 2-Clause BSD licence.
|
|
|
|
* Author: Tomasz Sowa <t.sowa@ttmath.org>
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
2021-04-09 17:50:58 +02:00
|
|
|
* Copyright (c) 2008-2021, Tomasz Sowa
|
2010-08-10 18:12:50 +02:00
|
|
|
* All rights reserved.
|
|
|
|
*
|
2014-10-04 20:04:03 +02:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions are met:
|
|
|
|
*
|
|
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
|
|
* this list of conditions and the following disclaimer.
|
|
|
|
*
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
|
|
|
|
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*
|
2010-08-10 18:12:50 +02:00
|
|
|
*/
|
|
|
|
|
2012-02-28 22:09:44 +01:00
|
|
|
#include <cstdlib>
|
2010-08-10 18:12:50 +02:00
|
|
|
#include "adduser.h"
|
2012-02-28 22:09:44 +01:00
|
|
|
#include "core/misc.h"
|
2012-03-09 23:56:54 +01:00
|
|
|
#include "functions/functions.h"
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
|
2014-02-12 17:30:49 +01:00
|
|
|
|
|
|
|
namespace Winix
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
|
2010-08-10 18:12:50 +02:00
|
|
|
namespace Fun
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
AddUser::AddUser()
|
|
|
|
{
|
2012-09-24 20:38:35 +02:00
|
|
|
fun.url = L"adduser";
|
|
|
|
need_ssl = true;
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-06-27 23:38:19 +02:00
|
|
|
/*
|
2012-02-28 22:09:44 +01:00
|
|
|
checking whether a login consists of allowed characters
|
2011-06-27 23:38:19 +02:00
|
|
|
*/
|
|
|
|
bool AddUser::HasLoginCorrectChars(const std::wstring & login)
|
|
|
|
{
|
|
|
|
for(size_t i=0 ; i<login.size() ; ++i)
|
2012-02-28 22:09:44 +01:00
|
|
|
if( login[i] <= 32 || IsWhite(login[i]) )
|
2011-06-27 23:38:19 +02:00
|
|
|
return false;
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2012-02-28 22:09:44 +01:00
|
|
|
bool AddUser::IsLoginCorrect(const std::wstring & login, bool use_ses_log)
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2010-08-12 21:10:12 +02:00
|
|
|
if( login.empty() )
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2012-02-28 22:09:44 +01:00
|
|
|
log << log2 << "AddUser: login can't be empty" << logend;
|
|
|
|
|
|
|
|
if( use_ses_log )
|
|
|
|
slog << logerror << T("adduser_err_login_empty") << logend;
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if( login.size() > WINIX_ACCOUNT_MAX_LOGIN_SIZE )
|
|
|
|
{
|
|
|
|
log << log2 << "AddUser: login can't be longer than: " << WINIX_ACCOUNT_MAX_LOGIN_SIZE << " characters" << logend;
|
|
|
|
|
|
|
|
if( use_ses_log )
|
|
|
|
slog << logerror << T("adduser_err_login_too_big") << " " << WINIX_ACCOUNT_MAX_LOGIN_SIZE
|
|
|
|
<< " " << T("adduser_err_login_too_big2") << logend;
|
|
|
|
|
2010-08-10 18:12:50 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2011-06-27 23:38:19 +02:00
|
|
|
if( !HasLoginCorrectChars(login) )
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2012-02-28 22:09:44 +01:00
|
|
|
log << log2 << "AddUser: incorrect login characters" << logend;
|
|
|
|
|
|
|
|
if( use_ses_log )
|
|
|
|
slog << logerror << T("adduser_err_login_incorrect_chars") << logend;
|
|
|
|
|
2010-08-10 18:12:50 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2011-06-27 23:38:19 +02:00
|
|
|
if( system->users.IsUser(login) )
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2012-02-28 22:09:44 +01:00
|
|
|
log << log2 << "AddUser: such user already exists" << logend;
|
|
|
|
|
|
|
|
if( use_ses_log )
|
|
|
|
slog << logerror << T("adduser_err_user_exists") << logend;
|
|
|
|
|
2010-08-10 18:12:50 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2011-06-27 23:38:19 +02:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2012-02-28 22:09:44 +01:00
|
|
|
bool AddUser::IsEmailCorrect(const std::wstring & email, bool use_ses_log)
|
|
|
|
{
|
|
|
|
if( email.size() > WINIX_ACCOUNT_MAX_EMAIL_SIZE )
|
|
|
|
{
|
|
|
|
log << log2 << "AddUser: email can't be longer than: " << WINIX_ACCOUNT_MAX_EMAIL_SIZE << " characters" << logend;
|
|
|
|
|
|
|
|
if( use_ses_log )
|
|
|
|
slog << logerror << T("adduser_err_email_too_big") << " " << WINIX_ACCOUNT_MAX_EMAIL_SIZE
|
|
|
|
<< " " << T("adduser_err_email_too_big2") << logend;
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2012-03-09 03:36:25 +01:00
|
|
|
if( !ValidateEmail(email) )
|
|
|
|
{
|
|
|
|
log << log2 << "AddUser: email: " << email << " does not seem to be correct" << logend;
|
|
|
|
|
|
|
|
if( use_ses_log )
|
|
|
|
slog << logerror << T(L"adduser_err_email_incorrect") << logend;
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2012-02-28 22:09:44 +01:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2012-03-09 23:56:54 +01:00
|
|
|
// !! IMPROVE ME
|
|
|
|
// may it should be moved to passwd winix function
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
|
2012-02-28 22:09:44 +01:00
|
|
|
/*
|
|
|
|
adding a new account
|
|
|
|
this method doesn't check whether the login or password is correct
|
|
|
|
(consist of allowed characters)
|
|
|
|
|
|
|
|
input:
|
|
|
|
user - all fields from User struct without 'id'
|
|
|
|
pass - user's password
|
|
|
|
|
|
|
|
output:
|
|
|
|
result: true when the account has been successfully created
|
|
|
|
and user.id will be set
|
|
|
|
*/
|
|
|
|
bool AddUser::AddNewUser(User & user, const std::wstring & pass)
|
|
|
|
{
|
2021-04-30 01:34:48 +02:00
|
|
|
user.has_pass = true;
|
|
|
|
user.password = pass;
|
|
|
|
system->crypt.PassHashCrypt(user);
|
2012-02-28 22:09:44 +01:00
|
|
|
|
2021-04-30 01:34:48 +02:00
|
|
|
if( user.insert() )
|
2012-02-28 22:09:44 +01:00
|
|
|
{
|
|
|
|
if( system->users.AddUser(user) )
|
|
|
|
{
|
2021-06-27 23:31:50 +02:00
|
|
|
log << log2 << "AddUser: added a new user: " << user.login << logend;
|
2012-02-28 22:09:44 +01:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2021-06-27 23:31:50 +02:00
|
|
|
log << log1 << "AddUser: I can't add to system->users: " << user.login
|
2012-02-28 22:09:44 +01:00
|
|
|
<< " but the user was added to the db correctly" << logend;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
log << log1 << "AddUser: I cannot add a user -- database error" << logend;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
|
2012-04-22 15:30:07 +02:00
|
|
|
/*
|
|
|
|
adding a new account
|
|
|
|
this method doesn't check whether the login or password is correct
|
|
|
|
(consist of allowed characters)
|
|
|
|
|
|
|
|
input:
|
|
|
|
login - account login name
|
|
|
|
pass - password
|
|
|
|
email - email address
|
|
|
|
autoactivate - if true then the account will be created with WINIX_ACCOUNT_READY flag
|
|
|
|
(an email will not be sent)
|
|
|
|
if false then the flag depends on config->account_need_email_verification
|
|
|
|
try_login - if true then if there is no a user logged (in this session)
|
|
|
|
and if the account is ready (has WINIX_ACCOUNT_READY flag)
|
|
|
|
the the new user will be logged in
|
|
|
|
use_ses_log - when true the session logger will be used (info about sending an email)
|
|
|
|
*/
|
|
|
|
bool AddUser::AddNewUser(const std::wstring & login,
|
|
|
|
const std::wstring & pass,
|
|
|
|
const std::wstring & email,
|
|
|
|
bool autoactivate,
|
|
|
|
bool try_login,
|
|
|
|
bool use_ses_log)
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2021-04-30 01:34:48 +02:00
|
|
|
user.set_connector(model_connector);
|
|
|
|
user.clear();
|
|
|
|
|
|
|
|
//user.Clear();
|
2021-06-27 23:31:50 +02:00
|
|
|
user.login = login;
|
2012-06-27 01:19:19 +02:00
|
|
|
user.email = email;
|
2021-06-27 23:31:50 +02:00
|
|
|
user.is_super_user = false;
|
2012-06-27 01:19:19 +02:00
|
|
|
user.notify = 0;
|
|
|
|
user.locale_id = config->locale_default_id;
|
|
|
|
user.time_zone_id = config->time_zone_default_id;
|
|
|
|
user.status = (config->account_need_email_verification)? WINIX_ACCOUNT_NOT_ACTIVATED : WINIX_ACCOUNT_READY;
|
2012-04-22 15:30:07 +02:00
|
|
|
long code = 0;
|
2010-08-10 18:12:50 +02:00
|
|
|
|
2012-04-22 15:30:07 +02:00
|
|
|
if( autoactivate )
|
|
|
|
user.status = WINIX_ACCOUNT_READY;
|
2012-01-25 00:03:36 +01:00
|
|
|
|
2012-02-28 22:09:44 +01:00
|
|
|
if( user.status == WINIX_ACCOUNT_NOT_ACTIVATED )
|
|
|
|
{
|
|
|
|
code = std::rand();
|
2021-06-27 23:31:50 +02:00
|
|
|
user.admin_env.add(L"activation_code", code);
|
2012-02-28 22:09:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if( AddNewUser(user, pass) )
|
|
|
|
{
|
2012-04-22 15:30:07 +02:00
|
|
|
if( try_login && !cur->session->puser && user.status == WINIX_ACCOUNT_READY )
|
2012-02-28 22:09:44 +01:00
|
|
|
{
|
|
|
|
system->users.LoginUser(user.id, false);
|
2021-06-27 23:31:50 +02:00
|
|
|
log << log2 << "AddUser: now logged as: " << user.login << logend;
|
2018-11-21 12:03:53 +01:00
|
|
|
plugin->Call(WINIX_USER_LOGGED);
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
2012-02-28 22:09:44 +01:00
|
|
|
|
|
|
|
if( user.status == WINIX_ACCOUNT_NOT_ACTIVATED )
|
2010-08-10 18:12:50 +02:00
|
|
|
{
|
2021-06-27 23:31:50 +02:00
|
|
|
system->notify.ActivateAccount(user.login, user.email, code);
|
2012-04-22 15:30:07 +02:00
|
|
|
|
|
|
|
if( use_ses_log )
|
|
|
|
slog << loginfo << T(L"account_email_sent") << logend;
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
|
|
|
|
2012-04-22 15:30:07 +02:00
|
|
|
return true;
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
2012-04-22 15:30:07 +02:00
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void AddUser::MakePost()
|
|
|
|
{
|
|
|
|
const std::wstring & login = cur->request->PostVar(L"login");
|
|
|
|
const std::wstring & pass = cur->request->PostVar(L"password");
|
|
|
|
const std::wstring & conf_pass = cur->request->PostVar(L"passwordconfirm");
|
|
|
|
const std::wstring & email = cur->request->PostVar(L"email");
|
|
|
|
bool autoactivate = false;
|
|
|
|
|
2021-01-25 18:41:28 +01:00
|
|
|
// for slog and locale from fun_passwd to work correctly
|
|
|
|
// but in the future IsPasswordCorrect will be moved to User class
|
|
|
|
// or some other place
|
|
|
|
functions->fun_passwd.set_dependency(this);
|
|
|
|
|
2012-04-22 15:30:07 +02:00
|
|
|
if( !IsLoginCorrect(login, true) ||
|
|
|
|
!IsEmailCorrect(email, true) ||
|
|
|
|
!functions->fun_passwd.IsPasswordCorrect(pass, conf_pass, true) )
|
|
|
|
return;
|
|
|
|
|
2021-06-27 23:31:50 +02:00
|
|
|
if( cur->session->puser && cur->session->puser->is_super_user )
|
2012-04-22 15:30:07 +02:00
|
|
|
{
|
|
|
|
autoactivate = cur->request->IsPostVar(L"autoactivate");
|
|
|
|
|
|
|
|
if( autoactivate )
|
|
|
|
log << log2 << "AddUser: account activated by an admin" << logend;
|
|
|
|
}
|
|
|
|
|
|
|
|
if( AddNewUser(login, pass, email, autoactivate, true, true) )
|
|
|
|
system->RedirectToLastItem();
|
2010-08-10 18:12:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
changed: when winix demonizes it creates a three new descriptors (0, 1 and 3)
pointing to /dev/null
added: DbBase::AssertValueBin(PGresult * r, int row, int col, std::string & result)
it reads binary (bytea) data
added: DbTextStream can handle 'bool' types now
(is puts 'true' of 'false' to the stream)
changed: now passwords can be stored either as plain text, a hash or can be encrypted
with RSA
currently we have following hashes:
md4, md5, sha1, sha224, sha256, sha384, sha512
we are using openssl to manage them
(look at config options for more info)
changed: winix version to 0.4.7
added: class Run - you can run any program from os and send a buffer to its standard input
and read what the program put on its standard output
added: class Crypt (in System) - calculating hashes, and crypting/decrypting
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@734 e52654a7-88a9-db11-a3e9-0013d4bc506e
2011-06-09 23:22:08 +02:00
|
|
|
void AddUser::MakeGet()
|
|
|
|
{
|
|
|
|
}
|
2010-08-10 18:12:50 +02:00
|
|
|
|
|
|
|
|
|
|
|
} // namespace
|
2014-02-12 17:30:49 +01:00
|
|
|
|
|
|
|
} // namespace Winix
|
|
|
|
|