27503f94cdbf0d7d8f6f643e9e2ab6b68e2d7ae3 chinhli Wed May 2 13:03:56 2012 -0700 finished gbMembers table expansion to include security tokens. diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c index ebd5833..4438876 100644 --- src/hg/hgLogin/hgLogin.c +++ src/hg/hgLogin/hgLogin.c @@ -52,86 +52,108 @@ "<h2>UCSC Genome Browser</h2>" "<p id=\"confirmationMsg\" class=\"confirmationTxt\">An email has been sent to " " <span id=\"emailaddress\">%s</span> containing %s...</p>" "\n" "<p><a href=\"hgLogin?hgLogin.do.displayLoginPage=1\">Return to Login</a></p>" , email , obj ); } void sendMail(char *email, char *subject, char *msg) { char *hgLoginHost = hgLoginLinkHost(); char *helpWith = cartUsualString(cart, "hgLogin_helpWith", ""); char cmd[256]; safef(cmd,sizeof(cmd), -// "echo 'Hello from your favoriate browser at: %s %s ' | mail -s \"Greeting form UCSC Genome Browser\" %s" -// , msg, httpLink, email); -//"echo '%s' | mail -s \"Greeting from uCSC\" %s" "echo '%s' | mail -s \"%s\" %s" , msg, subject, email); int result = system(cmd); if (result == -1) { hPrintf( "<h2>UCSC Genome Browser</h2>" "<p align=\"left\">" "</p>" "<h3>Error emailing %s to: %s</h3>" "Click <a href=hgLogin?hgLogin.do.displayAccHelpPage=1>here</a> to return.<br>" , helpWith , email ); } else { // cartSetString(cart, "hgLogin_helpWith", "password"); hPrintf( "<script language=\"JavaScript\">\n" "<!-- " "\n" "window.location =\"http://%s/cgi-bin//hgLogin?hgLogin.do.displayMailSuccess=1\"" "//-->" "\n" "</script>" , hgLoginHost ); - -cartSetString(cart, "hgLogin.do.displayMailSuccess", "1"); -//displayMailSuccess("password"); -//return; } } -void sendUsername(char *email, char *users) +void mailUsername(char *email, char *users) /* send user name list to the email address */ { char subject[256]; char msg[256]; char signature[256]="\nUCSC Genome Browser \nhttp://www.genome.ucsc.edu "; safef(subject, sizeof(subject),"Greeting form UCSC Genome Browser"); safef(msg, sizeof(msg), "User name(s) associated with this email address at UCSC Genome Browser: \n\n %s \n", users); safecat (msg, sizeof(msg), signature); sendMail(email, subject, msg); } -void activateAccount(struct sqlConnection *conn) -/* activate account */ + +void sendUsername(struct sqlConnection *conn) +/* email user username(s) */ { struct sqlResult *sr; char **row; char query[256]; +char *email = cartUsualString(cart, "hgLogin_email", ""); + +/* TODO: validate the email address is in right format */ +/* find all the user names assocaited with this email address */ +char userList[256]=""; +safef(query,sizeof(query),"select * from gbMembers where email='%s'", email); +sr = sqlGetResult(conn, query); +int numUser = 0; +while ((row = sqlNextRow(sr)) != NULL) + { + struct gbMembers *m = gbMembersLoad(row); + if (numUser >= 1) + safecat(userList, sizeof(userList), ", "); + safecat(userList, sizeof(userList), m->userName); + numUser += 1; + } +sqlFreeResult(&sr); +mailUsername(email, userList); +} + + +/*************** to-do below *********************/ +void activateAccount(struct sqlConnection *conn) +/* activate account */ +{ +// struct sqlResult *sr; +// char **row; +char query[256]; char *token = cgiUsualString("hgLogin_activateAccount", ""); safef(query,sizeof(query),"Token is %s ", token); if (!sameString(token,"")) { freez(&errMsg); errMsg = cloneString(query); displayLoginPage(conn); return; } } /* -------- password functions ---- */ void cryptWikiWay(char *password, char *salt, char* result) // encrypt password as mediawiki does: ':B:'.$salt.':'. md5($salt.'-'.md5($password ) { @@ -370,78 +392,78 @@ hPrintf("<h1>Members</h1>"); hPrintf("<table>"); hPrintf("<th>email</th><th>password</th>"); sr = sqlGetResult(conn, "select * from members"); while ((row = sqlNextRow(sr)) != NULL) { hPrintf("<tr><td>%s</td><td>%s</td></tr>",row[0],row[1]); } sqlFreeResult(&sr); hPrintf("</table>"); } - +/************************************************************ void lostPasswordPage(struct sqlConnection *conn) -/* draw the lost password page */ +// draw the lost password page { hPrintf( "<h2>UCSC Genome Browser</h2>" "<p align=\"left\">" "</p>" "<span style='color:red;'>%s</span>" "<h3>Send Me A New Password</h3>" "<form method=post action=\"hgLogin\" name=lostPasswordForm >" "<table>" "<tr><td>E-mail</td><td><input type=text name=hgLogin_email size=20> " "(your e-mail is also your user-id)</td></tr>" "<tr><td> </td><td><input type=submit name=hgLogin.do.lostPassword value=submit>" " <input type=button value=cancel ONCLICK=\"history.go(-1)\"></td></tr>" "</table>" "<br>" , errMsg ? errMsg : "" ); cartSaveSession(cart); hPrintf("</FORM>"); } - +**************************************************************/ void lostPassword(struct sqlConnection *conn) /* process the lost password form */ { char query[256]; char cmd[256]; char *email = cartUsualString(cart, "hgLogin_email", ""); if (!email || sameString(email,"")) { freez(&errMsg); errMsg = cloneString("Email cannot be blank."); - lostPasswordPage(conn); + // lostPasswordPage(conn); return; } safef(query,sizeof(query), "select password from gbMembers where email='%s'", email); char *password = sqlQuickString(conn, query); if (!password) { freez(&errMsg); errMsg = cloneString("Email not found."); - lostPasswordPage(conn); + // lostPasswordPage(conn); return; } freez(&password); password = generateRandomPassword(); char encPwd[45] = ""; encryptNewPwd(password, encPwd, sizeof(encPwd)); safef(query,sizeof(query), "update gbMembers set password='%s' where email='%s'", sqlEscapeString(encPwd), sqlEscapeString(email)); sqlUpdate(conn, query); updatePasswordsFile(conn); safef(cmd,sizeof(cmd), "echo 'Your new password is: %s' | mail -s \"Lost GSID HIV password\" %s" , password, email); @@ -755,51 +777,53 @@ return; } if (password && password2 && !sameString(password, password2)) { freez(&errMsg); errMsg = cloneString("Passwords do not match."); signupPage(conn); return; } /* pass all the checks, OK to create the account now */ char encPwd[45] = ""; encryptNewPwd(password, encPwd, sizeof(encPwd)); safef(query,sizeof(query), "insert into gbMembers set " "userName='%s',password='%s',email='%s', " - "lastUse=NOW(),activated='N',dateAuthenticated='9999-12-31 23:59:59'", + "lastUse=NOW(),accountActivated='N'", sqlEscapeString(user),sqlEscapeString(encPwd),sqlEscapeString(email)); sqlUpdate(conn, query); hPrintf( "<h2>UCSC Genome Browser</h2>\n" "<p align=\"left\">\n" "</p>\n" "<h3>User %s successfully added.</h3>\n" , user ); /* TODO: cleanup the hgLogin_xxxx vars in the cart */ backToHgSession(2); } void displayAccHelpPage(struct sqlConnection *conn) /* draw the account help page */ { char *email = cartUsualString(cart, "hgLogin_email", ""); +// cartRemove(cart, "hgLogin_helpWith"); +//cartRemove(cart, "hgLogin_email"); hPrintf( "<div id=\"accountHelpBox\" class=\"centeredContainer formBox\">" "\n" "<h2>UCSC Genome Browser</h2>" "\n" "<h3>Having trouble signing in?</h3>" "\n" "<form method=post action=\"hgLogin\" name=\"accountLoginForm\" id=\"acctHelpForm\">" "\n" "<p><span style='color:red;'>%s</span><p>" "\n" , errMsg ? errMsg : "" ); hPrintf( "<div class=\"inputGroup\">" @@ -813,86 +837,64 @@ ); hPrintf( "<div class=\"inputGroup\">" "<label for=\"emailPassword\">Email address</label>" "<input type=\"text\" name=\"hgLogin_email\" value=\"%s\" size=\"30\" id=\"emailPassword\">" "</div>" "\n" "<div class=\"formControls\">" " <input type=\"submit\" name=\"hgLogin.do.accountHelp\" value=\"Continue\" class=\"largeButton\">" " <a href=\"javascript:history.go(-1)\">Cancel</a>" "</div>" "</form>" "</div><!-- END - accountHelpBox -->" , email ); +cartSaveSession(cart); } void accountHelp(struct sqlConnection *conn) /* email user username(s) or new password */ { -struct sqlResult *sr; -char **row; -char query[256]; +// struct sqlResult *sr; +// char **row; +// char query[256]; char *email = cartUsualString(cart, "hgLogin_email", ""); +char *helpWith = cartUsualString(cart, "hgLogin_helpWith", ""); + if (sameString(email,"")) { freez(&errMsg); errMsg = cloneString("Email address cannot be blank."); displayAccHelpPage(conn); return; } /* TODO: validate the email address is in right format */ /* Username selcted? */ -char *helpWith = cartUsualString(cart, "hgLogin_helpWith", ""); if (sameString(helpWith,"username")) { - /* find all the user names assocaited with this email address */ - char userList[256]=""; - safef(query,sizeof(query),"select * from gbMembers where email='%s'", email); - sr = sqlGetResult(conn, query); - int numUser = 0; - while ((row = sqlNextRow(sr)) != NULL) - { - struct gbMembers *m = gbMembersLoad(row); - if (numUser >= 1) - safecat(userList, sizeof(userList), ", "); - safecat(userList, sizeof(userList), m->userName); - numUser += 1; - } - sqlFreeResult(&sr); - if (numUser == 0) - { - freez(&errMsg); - char temp[256]; - safef(temp,sizeof(temp),"No user found with this email address."); - errMsg = cloneString(temp); - displayAccHelpPage(conn); - return; - } else { - sendUsername(email, userList); + sendUsername(conn); } - } /* helpWith username */ - if (sameString(helpWith,"password")) { freez(&errMsg); errMsg = cloneString("Forgot password selected!"); displayAccHelpPage(conn); return; } +//cartRemove(cart, "hgLogin_helpWith"); displayAccHelpPage(conn); return; } /* ----- account login/display functions ---- */ void displayLoginPage(struct sqlConnection *conn) /* draw the account login page */ { char *username = cartUsualString(cart, "hgLogin_userName", ""); /* for password security, use cgi hash instead of cart */ // char *password = cgiUsualString("hgLogin_password", ""); @@ -1200,32 +1202,32 @@ updatePasswordsFile(conn); hPrintf( "<h2>UCSC Genome Browser</h2>" "<p align=\"left\">" "</p>" "<h3>Successfully updated the authentication file.</h3>" "Click <a href=hgLogin?hgLogin.do.signupPage=1>here</a> to return.<br>" ); } /******************************************************************* else if (cartVarExists(cart, "hgLogin.do.lostUserNamePage")) lostUserNamedPage(conn); else if (cartVarExists(cart, "hgLogin.do.lostUserName")) lostUserName(conn); ********************************************************************/ -else if (cartVarExists(cart, "hgLogin.do.lostPasswordPage")) - lostPasswordPage(conn); +// else if (cartVarExists(cart, "hgLogin.do.lostPasswordPage")) +// lostPasswordPage(conn); else if (cartVarExists(cart, "hgLogin.do.lostPassword")) lostPassword(conn); else if (cartVarExists(cart, "hgLogin.do.changePasswordPage")) changePasswordPage(conn); else if (cartVarExists(cart, "hgLogin.do.changePassword")) changePassword(conn); else if (cartVarExists(cart, "hgLogin.do.displayUserInfo")) displayUserInfo(conn); else if (cartVarExists(cart, "hgLogin.do.displayAccHelpPage")) displayAccHelpPage(conn); else if (cartVarExists(cart, "hgLogin.do.accountHelp")) accountHelp(conn); else if (cartVarExists(cart, "hgLogin.do.activateAccount")) activateAccount(conn); else if (cartVarExists(cart, "hgLogin.do.displayMailSuccess"))