3d7f8e49ea48a5c6e101ad257731b22cba96288f chinhli Mon May 7 15:43:28 2012 -0700 Fixed the activation code. diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c index e4862ec..93df91f 100644 --- src/hg/hgLogin/hgLogin.c +++ src/hg/hgLogin/hgLogin.c @@ -28,32 +28,38 @@ char *excludeVars[] = { "submit", "Submit", "debug", "fixMembers", "update", "hgLogin_password", "hgLogin_password2", "hgLogin_newPassword1", "hgLogin_newPassword2", NULL }; /* The excludeVars are not saved to the cart. (We also exclude * any variables that start "near.do.") */ /* ---- Global variables. ---- */ struct cart *cart; /* This holds cgi and other variables between clicks. */ char *database; /* Name of genome database - hg15, mm3, or the like. */ struct hash *oldCart; /* Old cart hash. */ char *errMsg; /* Error message to show user when form data rejected */ /* -------- utilities functions --- */ +boolean tokenExpired(char *dateTime) +/* Is token expired? */ +{ + return FALSE; +} + void returnToURL(int nSec) -/* delay for N micro seconds then go back to hgSession page */ +/* delay for N micro seconds then return to the URL */ { char *returnURL = cartUsualString(cart, "returnto", ""); char *hgLoginHost = wikiLinkHost(); char returnTo[512]; if (!returnURL || sameString(returnURL,"")) safef(returnTo, sizeof(returnTo), "http://%s/cgi-bin/hgSession?hgS_doMainPage=1", hgLoginHost); else safef(returnTo, sizeof(returnTo), returnURL); int delay=nSec*1000; hPrintf( "<script language=\"JavaScript\">\n" "<!-- " @@ -199,31 +205,30 @@ } void mailNewPassword(char *username, char *email, char *password) /* send user new password */ { char subject[256]; char msg[256]; char signature[256]="\nUCSC Genome Browser \nhttp://www.genome.ucsc.edu "; safef(subject, sizeof(subject),"Greeting form UCSC Genome Browser"); safef(msg, sizeof(msg), "New password for user %s: \n\n %s \n", username, password); safecat (msg, sizeof(msg), signature); sendMail(email, subject, msg); } -/*************** to-do below *********************/ void setupNewAccount(struct sqlConnection *conn, char *email, char *username) /* Send an activation mail to user */ { char query[256]; char *token = generateRandomPassword(); // char encToken[45] = ""; // encryptNewPwd(token, encToken, sizeof(encToken)); int i; unsigned char result[MD5_DIGEST_LENGTH]; char tokenMD5[MD5_DIGEST_LENGTH*2 + 1]; i = MD5_DIGEST_LENGTH; // /*DEBUG*/ printf("MD5_DIGEST_LENGT is -- %d\n",i); MD5((unsigned char *) token, strlen(token), result); // output @@ -246,59 +251,58 @@ ); sqlUpdate(conn, query); // sendActivateMail(email, username, encToken); sendActivateMail(email, username, tokenMD5); return; } void sendActivateMail(char *email, char *username, char *encToken) /* Send activation mail with token to user*/ { char subject[256]; char msg[4064]; char activateURL[256]; char *hgLoginHost = wikiLinkHost(); safef(activateURL, sizeof(activateURL), - "http://%s/cgi-bin/hgLogin?do.activateAccount=1&user=%s&token=%s\n" + "http://%s/cgi-bin/hgLogin?hgLogin.do.activateAccount=1&user=%s&token=%s\n" , sqlEscapeString(hgLoginHost) , sqlEscapeString(username) , sqlEscapeString(encToken) ); char signature[256]="\nUCSC Genome Browser \nhttp://www.genome.ucsc.edu "; safef(subject, sizeof(subject),"Greeting form UCSC Genome Browser"); safef(msg, sizeof(msg), "You have sign up an account at UCSC Genome Browser with username \"%s\". \n Please click the following link to activate the account -- \n\n%s\n\n" , username , activateURL ); safecat (msg, sizeof(msg), signature); sendMail(email, subject, msg); } void activateAccount(struct sqlConnection *conn) /* activate account */ { // struct sqlResult *sr; // char **row; char query[256]; char *token = cgiUsualString("token", ""); char *username = cgiUsualString("user",""); safef(query,sizeof(query), "select emailToken from gbMembers where userName='%s'", username); char *emailToken = sqlQuickString(conn, query); -hPrintf("<p>emailToken in DB: %s token: %s</P>", emailToken, token); if (sameString(emailToken, token)) { safef(query,sizeof(query), "update gbMembers set lastUse=NOW(), dateActivated=NOW(), emailToken='', emailTokenExpires='', accountActivated='Y' where userName='%s'" , username ); sqlUpdate(conn, query); } else { freez(&errMsg); errMsg = cloneString("Token does not match."); } displayLoginPage(conn); return; } /* -------- password functions ---- */ @@ -668,31 +672,31 @@ "<h3>Password has been changed.</h3>" ); backToDoLoginPage(2); cartRemove(cart, "hgLogin_password"); cartRemove(cart, "hgLogin_newPassword1"); cartRemove(cart, "hgLogin_newPassword2"); } void signupPage(struct sqlConnection *conn) /* draw the signup page */ -/* XXXX TODO: +/* TODO: cornfirm password, password help like Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only. optional real name */ { hPrintf( "<div id=\"signUpBox\" class=\"centeredContainer formBox\">" "<h2>UCSC Genome Browser</h2>" "\n" "<p>Signing up enables you to save multiple sessions and to share your sessions with others.</p>" "Already have an account? <a href=\"hgLogin?hgLogin.do.displayLoginPage=1\">Login</a>.<br>" "\n" ); hPrintf( @@ -1094,49 +1098,55 @@ safef(query,sizeof(query),"select * from gbMembers where userName='%s'", userName); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) == NULL) { freez(&errMsg); char temp[256]; safef(temp,sizeof(temp),"User name %s not found.",userName); errMsg = cloneString(temp); displayLoginPage(conn); return; } struct gbMembers *m = gbMembersLoad(row); sqlFreeResult(&sr); -/* TODO: check user name exist and activated */ +/* Check user name exist and account activated */ /* ..... */ - +if (!sameString(m->accountActivated,"Y")) +{ + freez(&errMsg); + errMsg = cloneString("Account is not activated."); + displayLoginPage(conn); + return; +} if (checkPwd(password,m->password)) { unsigned int userID=m->idx; hPrintf("<h2>Login successful for user %s with id %d.\n</h2>\n" ,userName,userID); clearNewPasswordFields(conn, userName); displayLoginSuccess(userName,userID); return; } else if (usingNewPassword(conn, userName)) { cartSetString(cart, "hgLogin_changeRequired", "YES"); changePasswordPage(conn); } else { - errMsg = cloneString("Invalid user name or password. (login)"); + errMsg = cloneString("Invalid user name or password."); displayLoginPage(conn); return; } gbMembersFree(&m); } /******* END dispalyLogin *************************/ void displayLoginSuccess(char *userName, int userID) /* display login success msg, and set cookie */ { // char *hgLoginHost = wikiLinkHost(); hPrintf( @@ -1325,30 +1335,31 @@ activateAccount(conn); else if (cartVarExists(cart, "hgLogin.do.displayMailSuccess")) displayMailSuccess(); else if (cartVarExists(cart, "hgLogin.do.displayLoginPage")) displayLoginPage(conn); else if (cartVarExists(cart, "hgLogin.do.displayLogin")) displayLogin(conn); else if (cartVarExists(cart, "hgLogin.do.displayLogout")) displayLogoutSuccess(); else if (cartVarExists(cart, "hgLogin.do.signup")) signup(conn); else signupPage(conn); + hDisconnectCentral(&conn); cartRemovePrefix(cart, "hgLogin.do."); } void usage() /* Explain usage and exit. */ { errAbort( "hgLogin - administer gsid hiv membership functions - a cgi script\n" "usage:\n" " hgLogin\n" ); }