src/hg/hgLogin/hgLogin.c c40b387f384ec1695f3fbdf79d83399128a671f1

c40b387f384ec1695f3fbdf79d83399128a671f1
chinhli
  Mon Apr 9 15:52:17 2012 -0700
Tidy up the login UI
diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c
index 6c0bdbe..bd3e24f 100644
--- src/hg/hgLogin/hgLogin.c
+++ src/hg/hgLogin/hgLogin.c
@@ -15,31 +15,31 @@
 #include "web.h"
 #include "ra.h"
 #include "hgColors.h"
 #include <crypt.h>
 
 #include "net.h"
 
 #include "hgLogin.h"
 #include "hgLoginLink.h"
 #include "gbMembers.h"
 
 #include "versionInfo.h"
 char msg[2048] = "";
 
 
-char *excludeVars[] = { "submit", "Submit", "debug", "fixMembers", "update", "hgLogin_password","hgLogin_confirmPWD", NULL };
+char *excludeVars[] = { "submit", "Submit", "debug", "fixMembers", "update", "hgLogin_password","hgLogin_confirmPW", NULL };
 /* The excludeVars are not saved to the cart. (We also exclude
  * any variables that start "near.do.") */
 
 /* ---- Global variables. ---- */
 struct cart *cart;	/* This holds cgi and other variables between clicks. */
 char *database;		/* Name of genome database - hg15, mm3, or the like. */
 struct hash *oldCart;	/* Old cart hash. */
 char *errMsg;           /* Error message to show user when form data rejected */
 
 /* -------- password functions ---- */
 
 void encryptPWD(char *password, char *salt, char *buf, int bufsize)
 /* encrypt a password */
 {
 /* encrypt user's password. */
@@ -362,46 +362,48 @@
 if (!password)
     {
     freez(&errMsg);
     errMsg = cloneString("Email not found.");
     changePasswordPage(conn);
     return;
     }
 if (!checkPwd(currentPassword, password))
     {
     freez(&errMsg);
     errMsg = cloneString("Invalid current password.");
     changePasswordPage(conn);
     return;
     }
 freez(&password);
-if (!newPassword || sameString(newPassword,"") || (strlen(newPassword)<8))
+if (!newPassword || sameString(newPassword,"") || (strlen(newPassword)<5))
     {
     freez(&errMsg);
-    errMsg = cloneString("New password must be at least 8 characters long.");
+    errMsg = cloneString("New password must be at least 5 characters long.");
     changePasswordPage(conn);
     return;
     }
+/***************************
 if (!checkPwdCharClasses(newPassword))
     {
     freez(&errMsg);
     errMsg = cloneString(
 	"Password must contain characters from 2 of the following 4 classes: "
 	"[A-Z] [a-z] [0-9] [!@#$%^&*()].");
     changePasswordPage(conn);
     return;
     }
+********************************************/
 char encPwd[35] = "";
 encryptNewPwd(newPassword, encPwd, sizeof(encPwd));
 safef(query,sizeof(query), "update gbMembers set password='%s' where email='%s'", sqlEscapeString(encPwd), sqlEscapeString(email));
 sqlUpdate(conn, query);
 
 hPrintf
     (
     "<h2>UCSC Genome Browser</h2>"
     "<p align=\"left\">"
     "</p>"
     "<h3>Password has been changed.</h3>"
     "Click <a href=hgLogin?hgLogin.do.signupPage=1>here</a> to return.<br>"
     );
 
 updatePasswordsFile(conn);
@@ -456,31 +458,31 @@
 "<input type=text name=\"hgLogin_user\" value=\"%s\" size=\"30\" id=\"userName\"> <br>"
 "\n"
 "<label style=\"display: block; margin-top: 10px;\" "
 " for=\"emailAddr\">E-mail</label>"
 "\n"
 "<input type=text name=\"hgLogin_email\" value=\"%s\" size=\"30\" id=\"emailAddr\"> <br>"
 "\n"
 "<label style=\"display: block; margin-top: 10px;\" "
 " for=\"password\">Password</label>"
 "\n"
 "<input type=password name=\"hgLogin_password\" value=\"%s\" size=\"30\" id=\"password\">"
 "\n"
 "<label style=\"display: block; margin-top: 10px;\" "
 " for=\"confirmPW\">Confirm Password</label>"
 "\n"
-"<input type=password name=\"hgLogin_confirmPWD\" value=\"%s\" size=\"30\" id=\"confirmPWD\">"
+"<input type=password name=\"hgLogin_confirmPW\" value=\"%s\" size=\"30\" id=\"confirmPW\">"
 "\n"
 "<label style=\"display: block; margin-top: 10px;\" "
 " for=\"realName\">Real Name (optional)</label>"
 "\n"
 "<input type=text name=\"hgLogin_realName\" value=\"%s\" size=\"30\" id=\"realName\"> <br>"
 "\n"
 
 
 
 /********
 "<tr><td>Name</td><td><input type=text name=hgLogin_user value=\"%s\" size=20></td></tr>\n"
 "<tr><td>E-mail</td><td><input type=text name=hgLogin_email value=\"%s\"size=20>\n"
 "<tr><td>Password</td><td><input type=password name=hgLogin_password value=\"%s\" size=10></td></tr>\n"
 "<tr><td>Real name (optional)</td><td><input type=text name=hgLogin_realName value=\"%s\" size=20></td></tr>\n"
 "<tr><td>&nbsp;</td><td><input type=submit name=hgLogin.do.signup value=submit>"
@@ -488,31 +490,31 @@
 "<br>\n"
 , cartUsualString(cart, "hgLogin_user", "")
 , cartUsualString(cart, "hgLogin_email", "")
 //, cartUsualString(cart, "hgLogin_password", "")
 , cartUsualString(cart, "hgLogin_realName", "")
 );
 ****************/
 "<p>"
 "<tr><td>&nbsp;</td><td><input type=submit name=hgLogin.do.signup value=submit>"
 "&nbsp;<input type=button value=cancel ONCLICK=\"history.go(-1)\"></td></tr>\n"
 "<br>\n"
 "</p>"
 , cartUsualString(cart, "hgLogin_user", "")
 , cartUsualString(cart, "hgLogin_email", "")
 , cartUsualString(cart, "hgLogin_password", "")
-, cartUsualString(cart, "hgLogin_confirmPWD", "")
+, cartUsualString(cart, "hgLogin_confirmPW", "")
 , cartUsualString(cart, "hgLogin_realName", "")
 );
 
 
 cartSaveSession(cart);
 
 hPrintf("</FORM>");
 
 }
 
 
 void signup(struct sqlConnection *conn)
 /* process the signup form */
 {
 char query[256];
@@ -548,30 +550,46 @@
 if (!password || sameString(password,"") || (strlen(password)<8))
     {
     freez(&errMsg);
     errMsg = cloneString("Password must be at least 8 characters long.");
     signupPage(conn);
     return;
     }
 if (!checkPwdCharClasses(password))
     {
     freez(&errMsg);
     errMsg = cloneString("Password must contain characters from 2 of the following 4 classes: [A-Z] [a-z] [0-9] [!@#$%^&*()].");
     signupPage(conn);
     return;
     }
 
+char *confirmPW = cartUsualString(cart, "hgLogin_confirmPW", "");
+if (!confirmPW || sameString(confirmPW,"") )
+    {
+    freez(&errMsg);
+    errMsg = cloneString("Confirm Password cannot be blank.");
+    signupPage(conn);
+    return;
+    }
+if (password && confirmPW && !sameString(password, confirmPW))
+    {
+    freez(&errMsg);
+    errMsg = cloneString("Passwords do not match.");
+    signupPage(conn);
+    return;
+    }
+
 char *realName = cartUsualString(cart, "hgLogin_realName", "");
 if (!realName || sameString(realName,""))
     {
     realName = " ";
     }
 
 char encPwd[35] = "";
 encryptNewPwd(password, encPwd, sizeof(encPwd));
 safef(query,sizeof(query), "insert into gbMembers set "
     "userName='%s',realName='%s',password='%s',email='%s', "
     "lastUse=NOW(),activated='N',dateAuthenticated='9999-12-31 23:59:59'",
     sqlEscapeString(user),sqlEscapeString(realName),sqlEscapeString(encPwd),sqlEscapeString(email));
 sqlUpdate(conn, query);
 
 
@@ -606,31 +624,31 @@
 //"Click <a href=hgLogin?hgLogin.do.signupPage=1>here</a> to return.<br>\n"
 //);
 
 
 }
 
 
 /* ----- account login/display functions ---- */
 
 
 void displayLoginPage(struct sqlConnection *conn)
 /* draw the account login page */
 {
 char *username = cartUsualString(cart, "hgLogin_userName", "");
 /* for password security, use cgi hash instead of cart */
-char *password = cgiUsualString("hgLogin_password", "");
+// char *password = cgiUsualString("hgLogin_password", "");
 
 hPrintf(
 "<div id=\"hgLoginBox\" class=\"centeredContainer\">\n"
 "<h2>UCSC Genome Browser</h2>"
 "\n"
 );
 printf(
 "<P>"
 "Signing in enables you to save current settings into a "
 "named session, and then restore settings from the session later.<BR> "
 "If you wish, you can share named sessions with other users. "
 "</P>"
 );
 hPrintf(
 "<span style='color:red;'>%s</span>"
@@ -711,38 +729,42 @@
     safef(temp,sizeof(temp),"User name %s not found.",userName);
     errMsg = cloneString(temp);
     displayLoginPage(conn);
     return;
     }
 struct gbMembers *m = gbMembersLoad(row);
 sqlFreeResult(&sr);
 
 /* TODO: check user name exist and activated */
 /* ..... */
 
 if (checkPwd(password,m->password))
     {
 hPrintf("<h1>Login succesful !!!! calling displayLoginSuccess now.</h1>\n");
       unsigned int userID=m->idx;
-      hPrintf("Before call userID is  %d\n",userID);
+      // hPrintf("Before call userID is  %d\n",userID);
       displayLoginSuccess(userName,userID);
       return;
     }
 else
     {
-    hPrintf("<h1>Invalid User/Password</h1>\n");
-    hPrintf("Return to <a href=\"hgLogin\">signup</A>.<br>\n");
+    //hPrintf("<h1>Invalid User/Password</h1>\n");
+    errMsg = cloneString("Invalid User/Password.");
+
+    displayLoginPage(conn);
+    // hPrintf("Return to <a href=\"hgLogin\">signup</A>.<br>\n");
+    return;
     }
 
 gbMembersFree(&m);
 
 }
 /******* end old dispalyLogin *************************/
 
 
 
 
 void  displayLoginSuccess(char *userName, int userID)
 /* display login success msg, and set cookie */
 {
 char *hgLoginHost = hgLoginLinkHost();
 
@@ -775,31 +797,31 @@
 "window.setTimeout(afterDelay, 1000);\n"
 "function afterDelay() {\n"
 "window.location =\"http://%s/cgi-bin/hgSession?hgS_doMainPage=1\";"
 "\n}"
 "\n"
 "//-->"
 "\n"
 "</script>"
 ,hgLoginHost);
 }
 
 
 void  displayLogoutSuccess()
 /* display logout success msg, and reset cookie */
 {
-char *hgLoginHost = hgLoginLinkHost();
+// char *hgLoginHost = hgLoginLinkHost();
 
 hPrintf(
 "<h2>UCSC Genome Browser Sign Out</h2>"
 "<p align=\"left\">"
 "</p>"
 "<span style='color:red;'></span>"
 "\n"
 );
 hPrintf(
 "<script language=\"JavaScript\">"
 "document.cookie =  \"hgLogin_UserName=; domain=ucsc.edu; expires=Thu, 01-Jan-70 00:00:01 GMT; path=/\"; "
 "\n"
 "document.cookie =  \"hgLogin_UserID=; domain=ucsc.edu; expires=Thu, 01-Jan-70 00:00:01 GMT; path=/\";"
 "</script>\n"
 );