1eb411f37ad1b6bf93b14f695b9e53da4c2bfcb7 chinhli Thu Apr 26 14:35:04 2012 -0700 Finished new Login and Signup UI. diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c index 62f68cc..5d23199 100644 --- src/hg/hgLogin/hgLogin.c +++ src/hg/hgLogin/hgLogin.c @@ -15,31 +15,33 @@ #include "web.h" #include "ra.h" #include "hgColors.h" #include <crypt.h> #include <openssl/md5.h> #include "net.h" #include "hgLogin.h" #include "hgLoginLink.h" #include "gbMembers.h" #include "versionInfo.h" char msg[2048] = ""; -char *excludeVars[] = { "submit", "Submit", "debug", "fixMembers", "update", "hgLogin_password","hgLogin_password2", NULL }; +char *excludeVars[] = { "submit", "Submit", "debug", "fixMembers", "update", + "hgLogin_password", "hgLogin_password2", "hgLogin_newPassword1", + "hgLogin_newPassword2", NULL }; /* The excludeVars are not saved to the cart. (We also exclude * any variables that start "near.do.") */ /* ---- Global variables. ---- */ struct cart *cart; /* This holds cgi and other variables between clicks. */ char *database; /* Name of genome database - hg15, mm3, or the like. */ struct hash *oldCart; /* Old cart hash. */ char *errMsg; /* Error message to show user when form data rejected */ /* -------- password functions ---- */ void cryptWikiWay(char *password, char *salt, char* result) // encrypt password as mediawiki does: ':B:'.$salt.':'. md5($salt.'-'.md5($password ) { int i; @@ -371,126 +373,152 @@ "<p align=\"left\">" "</p>" "<h3>Password has been emailed to: %s</h3>" "Click <a href=hgLogin?hgLogin.do.signupPage=1>here</a> to return.<br>" , email ); } freez(&password); } void changePasswordPage(struct sqlConnection *conn) /* change password page */ { hPrintf( +"<div id=\"changePwBox\" class=\"centeredContainer formBox\">" +"\n" "<h2>UCSC Genome Browser</h2>" -"<p align=\"left\">" -"</p>" -"<span style='color:red;'>%s</span>" +"\n" "<h3>Change Password</h3>" -"<form method=post action=\"hgLogin\" name=changePasswordForm >" -"<table>" -"<tr><td>E-mail</td><td><input type=text name=hgLogin_email size=20 value=\"%s\"> " - "(your e-mail is also your user-id)</td></tr>" -"<tr><td>Current Password</td><td><input type=password name=hgLogin_password value=\"\" size=10></td></tr>\n" -"<tr><td>New Password</td><td><input type=password name=hgLogin_newPassword value=\"\" size=10></td></tr>\n" -"<tr><td> </td><td><input type=submit name=hgLogin.do.changePassword value=submit>" -" <input type=button value=cancel ONCLICK=\"history.go(-1)\"></td></tr>" -"</table>" -"<br>" +"\n" +"<p> <span style='color:red;'>%s</span> </p>" +"\n" +"<form method=\"post\" action=\"hgLogin\" name=\"changePasswordForm\" id=\"changePasswordForm\">" +"\n" +"<div class=\"inputGroup\">" +"<label for=\"userName\">Username</label>" +"<input type=\"text\" name=\"hgLogin_userName\" size=\"30\" value=\"%s\" id=\"email\">" +"</div>" +"\n" , errMsg ? errMsg : "" -, cartUsualString(cart, "hgLogin_email", "") +, cartUsualString(cart, "hgLogin_userName", "") +); +hPrintf( +"<div class=\"inputGroup\">" +"\n" +"<label for=\"currentPw\">Current Password</label>" +"<input type=\"password\" name=\"hgLogin_password\" value=\"\" size=\"30\" id=\"currentPw\">" +"</div>" +"\n" +"<div class=\"inputGroup\">" +"<label for=\"newPw1\">New Password</label>" +"<input type=\"password\" name=\"hgLogin_newPassword1\" value=\"\" size=\"30\" id=\"newPw\">" +"</div>" +"\n" +"<div class=\"inputGroup\">" +"<label for=\"newPw2\">Re-enter New Password</label>" +"<input type=\"password\" name=\"hgLogin_newPassword2\" value=\"\" size=\"30\" id=\"newPw\">" +"</div>" +"\n" +"<div class=\"formControls\">" +" <input type=\"submit\" name=\"hgLogin.do.changePassword\" value=\"Change Password\" class=\"largeButton\"> " +" <a href=\"javascript:history.go(-1)\">Cancel</a>" +"\n" +"</div>" +"</form>" +"\n" +"</div><!-- END - changePwBox -->" +"\n" ); - cartSaveSession(cart); - -hPrintf("</FORM>"); - } void changePassword(struct sqlConnection *conn) /* process the change password form */ { char query[256]; -char *email = cartUsualString(cart, "hgLogin_email", ""); +char *user = cartUsualString(cart, "hgLogin_userName", ""); char *currentPassword = cartUsualString(cart, "hgLogin_password", ""); -char *newPassword = cartUsualString(cart, "hgLogin_newPassword", ""); -if (!email || sameString(email,"")) +char *newPassword1 = cartUsualString(cart, "hgLogin_newPassword1", ""); +char *newPassword2 = cartUsualString(cart, "hgLogin_newPassword2", ""); + +if (!user || sameString(user,"")) { freez(&errMsg); - errMsg = cloneString("Email cannot be blank."); + errMsg = cloneString("Username cannot be blank."); changePasswordPage(conn); return; } if (!currentPassword || sameString(currentPassword,"")) { freez(&errMsg); errMsg = cloneString("Current password cannot be blank."); changePasswordPage(conn); return; } -if (!newPassword || sameString(newPassword,"")) + +if (!newPassword1 || sameString(newPassword1,"") || (strlen(newPassword1)<5)) { freez(&errMsg); - errMsg = cloneString("New password cannot be blank."); + errMsg = cloneString("New Password must be at least 5 characters long."); changePasswordPage(conn); return; } -safef(query,sizeof(query), "select password from gbMembers where email='%s'", email); -char *password = sqlQuickString(conn, query); -if (!password) +if (!newPassword2 || sameString(newPassword2,"") ) { freez(&errMsg); - errMsg = cloneString("Email not found."); + errMsg = cloneString("Re-enter New Password field cannot be blank."); changePasswordPage(conn); return; } -if (!checkPwd(currentPassword, password)) +if (newPassword1 && newPassword2 && !sameString(newPassword1, newPassword2)) { freez(&errMsg); - errMsg = cloneString("Invalid current password."); + errMsg = cloneString("New passwords do not match."); changePasswordPage(conn); return; } -freez(&password); -if (!newPassword || sameString(newPassword,"") || (strlen(newPassword)<5)) +/* check username existence first */ +safef(query,sizeof(query), "select password from gbMembers where userName='%s'", user); +char *password = sqlQuickString(conn, query); +if (!password) { freez(&errMsg); - errMsg = cloneString("New password must be at least 5 characters long."); + errMsg = cloneString("Invalid user name or password."); changePasswordPage(conn); return; } char encPwd[45] = ""; -encryptNewPwd(newPassword, encPwd, sizeof(encPwd)); -safef(query,sizeof(query), "update gbMembers set password='%s' where email='%s'", sqlEscapeString(encPwd), sqlEscapeString(email)); +encryptNewPwd(newPassword1, encPwd, sizeof(encPwd)); +safef(query,sizeof(query), "update gbMembers set password='%s' where userName='%s'", sqlEscapeString(encPwd), sqlEscapeString(user)); sqlUpdate(conn, query); hPrintf ( "<h2>UCSC Genome Browser</h2>" "<p align=\"left\">" "</p>" "<h3>Password has been changed.</h3>" - "Click <a href=hgLogin?hgLogin.do.signupPage=1>here</a> to return.<br>" ); +backToDoLoginPage(2); -updatePasswordsFile(conn); cartRemove(cart, "hgLogin_password"); -cartRemove(cart, "hgLogin_newPassword"); +cartRemove(cart, "hgLogin_newPassword1"); +cartRemove(cart, "hgLogin_newPassword2"); } void signupPage(struct sqlConnection *conn) /* draw the signup page */ /* XXXX TODO: cornfirm password, password help like Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only. optional real name */ { hPrintf( @@ -712,31 +740,31 @@ safef(query,sizeof(query), "insert into gbMembers set " "userName='%s',password='%s',email='%s', " "lastUse=NOW(),activated='N',dateAuthenticated='9999-12-31 23:59:59'", sqlEscapeString(user),sqlEscapeString(encPwd),sqlEscapeString(email)); sqlUpdate(conn, query); hPrintf( "<h2>UCSC Genome Browser</h2>\n" "<p align=\"left\">\n" "</p>\n" "<h3>User %s successfully added.</h3>\n" , user ); /* TODO: cleanup the hgLogin_xxxx vars in the cart */ -backToHgSession(3); +backToHgSession(2); } /* ----- account login/display functions ---- */ void displayLoginPage(struct sqlConnection *conn) /* draw the account login page */ { char *username = cartUsualString(cart, "hgLogin_userName", ""); /* for password security, use cgi hash instead of cart */ // char *password = cgiUsualString("hgLogin_password", ""); @@ -761,44 +789,42 @@ "\n" "<div class=\"inputGroup\">" "<label for=\"password\">Password</label>" "<input type=password name=\"hgLogin_password\" value=\"\" size=\"30\" id=\"password\">" "</div>" "\n" "<div class=\"formControls\">" " <input type=\"submit\" name=\"hgLogin.do.displayLogin\" value=\"Login\" class=\"largeButton\">" " <a href=\"javascript:history.go(-1)\">Cancel</a>" "</div>" "</form>" "\n" "\n" "<div id=\"helpBox\">" "<a href=\"accounthelp.html\">Can't access your account?</a><br>" -"Need an account? <a href=\"hgLogin?hgLogin.do.signupPage=1\">Sign up</a>." +"Need an account? <a href=\"hgLogin?hgLogin.do.signupPage=1\">Sign up</a>.<br>" +"To change password, click <a href=\"hgLogin?hgLogin.do.changePasswordPage=1\">here</a>." "</div><!-- END - helpBox -->" "</div><!-- END - loginBox -->" "\n" "\n" "</body>" "</html>" , username ); cartSaveSession(cart); - - - } /******* BEGIN dispalyLogin *************************/ void displayLogin(struct sqlConnection *conn) /* display user account info */ { struct sqlResult *sr; char **row; char query[256]; char *userName = cartUsualString(cart, "hgLogin_userName", ""); if (sameString(userName,"")) { freez(&errMsg); errMsg = cloneString("User name cannot be blank."); @@ -869,31 +895,31 @@ ); /* Set cookies */ /* TODO: use htmlSetCookie() to set cookies */ hPrintf( "<script language=\"JavaScript\">" " document.write(\"Login successful, setting cookies now...\");" "</script>\n" "<script language=\"JavaScript\">" "document.cookie = \"hgLogin_UserName=%s; domain=ucsc.edu; expires=Thu, 31 Dec 2099, 20:47:11 UTC; path=/\"; " "\n" "document.cookie = \"hgLogin_UserID=%d; domain=ucsc.edu; expires=Thu, 31 Dec 2099, 20:47:11 UTC; path=/\";" " </script>" "\n", userName,userID); -backToHgSession(5); +backToHgSession(2); } void displayLogoutSuccess() /* display logout success msg, and reset cookie */ { // char *hgLoginHost = hgLoginLinkHost(); hPrintf( "<h2>UCSC Genome Browser Sign Out</h2>" "<p align=\"left\">" "</p>" "<span style='color:red;'></span>" "\n" ); @@ -921,38 +947,60 @@ "<!-- " "\n" /* TODO: afterDelayBackTo("http....") */ "window.setTimeout(afterDelay, %d);\n" "function afterDelay() {\n" "window.location =\"http://%s/cgi-bin/hgSession?hgS_doMainPage=1\";" "\n}" "\n" "//-->" "\n" "</script>" ,delay ,hgLoginHost); } +void backToDoLoginPage(int nSec) +/* delay for N micro seconds then go back to Login page */ +/* TODO: afterDelayBackTo("http....") */ +{ +char *hgLoginHost = hgLoginLinkHost(); +int delay=nSec*1000; +hPrintf( +"<script language=\"JavaScript\">\n" +"<!-- " +"\n" +/* TODO: afterDelayBackTo("http....") */ +"window.setTimeout(afterDelay, %d);\n" +"function afterDelay() {\n" +"window.location =\"http://%s/cgi-bin//hgLogin?hgLogin.do.displayLoginPage=1\";" +"\n}" +"\n" +"//-->" +"\n" +"</script>" +,delay +,hgLoginHost); +} + void displayUserInfo(struct sqlConnection *conn) /* display user account info */ { struct sqlResult *sr; char **row; char query[256]; char *user = cartUsualString(cart, "hgLogin_userName", ""); -/*************************************/ if (sameString(user,"")) { freez(&errMsg); errMsg = cloneString("User name cannot be blank."); displayUserInfo(conn); return; } /* for password security, use cgi hash instead of cart */ char *password = cgiUsualString("hgLogin_password", ""); if (sameString(password,"")) { freez(&errMsg); errMsg = cloneString("Password cannot be blank."); displayUserInfo(conn); return; @@ -980,31 +1028,30 @@ hPrintf("<tr><td align=right>Real name:</td><td>%s</td><tr>\n",m->realName); hPrintf("<tr><td align=right>E-mail:</td><td>%s</td><tr>\n",m->email); hPrintf("</table>\n"); hPrintf("<br>\n"); hPrintf("Return to <a href=\"hgLogin\">signup</A>.<br>\n"); hPrintf("Go to <a href=\"/\">UCSC Genome Browser</A>.<br>\n"); } else { hPrintf("<h1>Invalid User/Password</h1>\n"); hPrintf("Return to <a href=\"hgLogin\">signup</A>.<br>\n"); } -/**************************************************/ gbMembersFree(&m); } void doMiddle(struct cart *theCart) /* Write the middle parts of the HTML page. * This routine sets up some globals and then * dispatches to the appropriate page-maker. */ { struct sqlConnection *conn = hConnectCentral(); cart = theCart; if (cartVarExists(cart, "debug"))