27503f94cdbf0d7d8f6f643e9e2ab6b68e2d7ae3 chinhli Wed May 2 13:03:56 2012 -0700 finished gbMembers table expansion to include security tokens. diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c index ebd5833..4438876 100644 --- src/hg/hgLogin/hgLogin.c +++ src/hg/hgLogin/hgLogin.c @@ -1,1272 +1,1274 @@ /* hgLogin - Administer UCSC Genome Browser membership - signup, lost password, etc. */ #include "common.h" #include "hash.h" #include "obscure.h" #include "hgConfig.h" #include "cheapcgi.h" #include "memalloc.h" #include "jksql.h" #include "htmshell.h" #include "cart.h" #include "hPrint.h" #include "hdb.h" #include "hui.h" #include "web.h" #include "ra.h" #include "hgColors.h" #include #include #include "net.h" #include "hgLogin.h" #include "hgLoginLink.h" #include "gbMembers.h" #include "versionInfo.h" char msg[2048] = ""; char *excludeVars[] = { "submit", "Submit", "debug", "fixMembers", "update", "hgLogin_password", "hgLogin_password2", "hgLogin_newPassword1", "hgLogin_newPassword2", NULL }; /* The excludeVars are not saved to the cart. (We also exclude * any variables that start "near.do.") */ /* ---- Global variables. ---- */ struct cart *cart; /* This holds cgi and other variables between clicks. */ char *database; /* Name of genome database - hg15, mm3, or the like. */ struct hash *oldCart; /* Old cart hash. */ char *errMsg; /* Error message to show user when form data rejected */ /* -------- utilities functions --- */ void displayMailSuccess() /* display mail success confirmation box */ { char *email = cartUsualString(cart, "hgLogin_email", ""); char *obj=cartUsualString(cart, "hgLogin_helpWith", ""); //safecpy(obj, sizeof(obj),object); hPrintf( "
" "\n" "

UCSC Genome Browser

" "

An email has been sent to " " %s containing %s...

" "\n" "

Return to Login

" , email , obj ); } void sendMail(char *email, char *subject, char *msg) { char *hgLoginHost = hgLoginLinkHost(); char *helpWith = cartUsualString(cart, "hgLogin_helpWith", ""); char cmd[256]; safef(cmd,sizeof(cmd), -// "echo 'Hello from your favoriate browser at: %s %s ' | mail -s \"Greeting form UCSC Genome Browser\" %s" -// , msg, httpLink, email); -//"echo '%s' | mail -s \"Greeting from uCSC\" %s" "echo '%s' | mail -s \"%s\" %s" , msg, subject, email); int result = system(cmd); if (result == -1) { hPrintf( "

UCSC Genome Browser

" "

" "

" "

Error emailing %s to: %s

" "Click here to return.
" , helpWith , email ); } else { // cartSetString(cart, "hgLogin_helpWith", "password"); hPrintf( "" , hgLoginHost ); - -cartSetString(cart, "hgLogin.do.displayMailSuccess", "1"); -//displayMailSuccess("password"); -//return; } } -void sendUsername(char *email, char *users) +void mailUsername(char *email, char *users) /* send user name list to the email address */ { char subject[256]; char msg[256]; char signature[256]="\nUCSC Genome Browser \nhttp://www.genome.ucsc.edu "; safef(subject, sizeof(subject),"Greeting form UCSC Genome Browser"); safef(msg, sizeof(msg), "User name(s) associated with this email address at UCSC Genome Browser: \n\n %s \n", users); safecat (msg, sizeof(msg), signature); sendMail(email, subject, msg); } -void activateAccount(struct sqlConnection *conn) -/* activate account */ + +void sendUsername(struct sqlConnection *conn) +/* email user username(s) */ { struct sqlResult *sr; char **row; char query[256]; +char *email = cartUsualString(cart, "hgLogin_email", ""); + +/* TODO: validate the email address is in right format */ +/* find all the user names assocaited with this email address */ +char userList[256]=""; +safef(query,sizeof(query),"select * from gbMembers where email='%s'", email); +sr = sqlGetResult(conn, query); +int numUser = 0; +while ((row = sqlNextRow(sr)) != NULL) + { + struct gbMembers *m = gbMembersLoad(row); + if (numUser >= 1) + safecat(userList, sizeof(userList), ", "); + safecat(userList, sizeof(userList), m->userName); + numUser += 1; + } +sqlFreeResult(&sr); +mailUsername(email, userList); +} + + +/*************** to-do below *********************/ +void activateAccount(struct sqlConnection *conn) +/* activate account */ +{ +// struct sqlResult *sr; +// char **row; +char query[256]; char *token = cgiUsualString("hgLogin_activateAccount", ""); safef(query,sizeof(query),"Token is %s ", token); if (!sameString(token,"")) { freez(&errMsg); errMsg = cloneString(query); displayLoginPage(conn); return; } } /* -------- password functions ---- */ void cryptWikiWay(char *password, char *salt, char* result) // encrypt password as mediawiki does: ':B:'.$salt.':'. md5($salt.'-'.md5($password ) { int i; unsigned char result1[MD5_DIGEST_LENGTH]; unsigned char result2[MD5_DIGEST_LENGTH]; char firstMD5[MD5_DIGEST_LENGTH*2 + 1]; char secondMD5[MD5_DIGEST_LENGTH*2 + 1]; i = MD5_DIGEST_LENGTH; // /*DEBUG*/ printf("MD5_DIGEST_LENGT is -- %d\n",i); MD5((unsigned char *) password, strlen(password), result1); // output /****************************************************** DEBUG printf("result1 array:\n"); for(i = 0; i < MD5_DIGEST_LENGTH; i++) printf("%02x", result1[i]); printf("\n"); ************************************************************/ // Convert the first MD5 value to string // /* DEBUG */ printf("Convert result1 to firstMD5 .......\n"); for(i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(&firstMD5[i*2], "%02x", result1[i]); } /****************************************************** DEBUG printf("\n"); printf("firstMD5 string\n"); printf("firstMD5 is: %s \n",firstMD5); printf("\n"); ***************************************************************/ // add the salt with "-" char saltDashMD5[256]; strcpy(saltDashMD5,salt); // /*DEBUG*/ printf("String3 is: %s \n",saltDashMD5); strcat(saltDashMD5,"-"); // /*DEBUG*/ printf("String3 is: %s \n",saltDashMD5); strcat(saltDashMD5,firstMD5); // /*DEBUG*/ printf("firstMD5 is: %s \n",firstMD5); // /*DEBUG*/ printf("saltDashMD5 is: %s \n",saltDashMD5); MD5((unsigned char *) saltDashMD5, strlen(saltDashMD5), result2); // output /****************************************************** DEBUG for(i = 0; i < MD5_DIGEST_LENGTH; i++) printf("%02x", result2[i]); printf("\n"); printf("Convert result2 to secondMD5 .......\n"); ***************************************************************/ for(i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(&secondMD5[i*2], "%02x", result2[i]); } /*************************************************************** DEBUG printf("\n"); i = MD5_DIGEST_LENGTH; printf("MD5_DIGEST_LENGTH is %d\nLength of secondMD5 is %d\n",i,strlen(secondMD5)); printf("secondMD5 before return is: \n%s\n", secondMD5); ************************************************************************/ strcpy(result, secondMD5); } void encryptPWD(char *password, char *salt, char *buf, int bufsize) /* encrypt a password */ { /* encrypt user's password. */ // safef(buf,bufsize,crypt(password, salt)); char md5Returned[100]; cryptWikiWay(password, salt, md5Returned); safecat(buf,bufsize,":B:"); safecat(buf,bufsize,salt); safecat(buf,bufsize,":"); safecat(buf,bufsize,md5Returned); // /*DEBUG*/ printf("After encrypt, buf is \n%s\n bufsize is %d\n", buf, bufsize); } void encryptNewPwd(char *password, char *buf, int bufsize) /* encrypt a new password */ /* XXXX TODO: use MD5 in linked SSL */ { unsigned long seed[2]; char salt[] = "........"; const char *const seedchars = "0123456789ABCDEFGHIJKLMNOPQRST" "UVWXYZabcdefghijklmnopqrstuvwxyz"; int i; /* Generate a (not very) random seed. */ seed[0] = time(NULL); seed[1] = getpid() ^ (seed[0] >> 14 & 0x30000); /* Turn it into printable characters from `seedchars'. */ for (i = 0; i < 8; i++) salt[i] = seedchars[(seed[i/5] >> (i%5)*6) & 0x3f]; // /*DEBUG*/ printf("salt generated: %s\n", salt); encryptPWD(password, salt, buf, bufsize); } void findSalt(char *encPassword, char *salt, int saltSize) { // /*DEBUG*/ printf("encPassword from database is: %s\n",encPassword); char tempStr1[45]; char tempStr2[45]; int i; // Skip the ":B:" part for (i = 3; i <= strlen(encPassword); i++) tempStr1[i-3] = encPassword[i]; // /*DEBUG*/ printf("encPassword is %s\n",encPassword); // /*DEBUG*/ printf("Trim out the :B: to become %s\n",tempStr1); i = strcspn(tempStr1,":"); // /*DEBUG*/ printf(" : is at location %d\n", i); safencpy(tempStr2, sizeof(tempStr2), tempStr1, i); // /*DEBUG*/ printf("Trimmed salt is %s\n", tempStr2); safef(salt, saltSize,tempStr2); // /*DEBUG*/ printf("Final salt is %s\n", salt); } bool checkPwd(char *password, char *encPassword) /* check an encrypted password */ { // /*DEBUG*/ printf("password type in is: %s\n",password); char salt[14]; int saltSize; saltSize = sizeof(salt); findSalt(encPassword, salt, saltSize); char encPwd[45] = ""; // encryptPWD(password, encPassword, encPwd, sizeof(encPwd)); encryptPWD(password, salt, encPwd, sizeof(encPwd)); if (sameString(encPassword,encPwd)) { return TRUE; } else { return FALSE; } } unsigned int randInt(unsigned int n) /* little randome number helper returns 0 to n-1 */ { return (unsigned int) n * (rand() / (RAND_MAX + 1.0)); } char *generateRandomPassword() /* Generate valid random password for users who have lost their old one. * Free the returned value.*/ { char boundary[256]; char punc[] = "!@#$%^&*()"; /* choose a new string for the boundary */ /* Set initial seed */ int i = 0; int r = 0; char c = ' '; boundary[0]=0; srand( (unsigned)time( NULL ) ); for(i=0;i<8;++i) { r = randInt(4); switch (r) { case 0 : c = 'A' + randInt(26); break; case 1 : c = 'a' + randInt(26); break; case 2 : c = '0' + randInt(10); break; default: c = punc[randInt(10)]; break; } boundary[i] = c; } boundary[i]=0; return cloneString(boundary); } /* --- update passwords file ----- */ void updatePasswordsFile(struct sqlConnection *conn) /* update the passwords file containing email:encryptedPassword */ { struct sqlResult *sr; char **row; FILE *out = mustOpen("../conf/passwords", "w"); sr = sqlGetResult(conn, "select email,password from gbMembers where activated='Y'" " and (expireDate='' or (current_date() < expireDate))"); while ((row = sqlNextRow(sr)) != NULL) { fprintf(out,"%s:%s\n",row[0],row[1]); } sqlFreeResult(&sr); carefulClose(&out); } /* ---------- reverse DNS function --------- */ #include #include #include char *reverseDns(char *ip) /* do reverse dns lookup on ip using getnamebyaddr, * and then return a string to be freed that is the host */ { struct hostent *hp; struct sockaddr_in sock; if (inet_aton(ip,&sock.sin_addr) == 0) return NULL; hp = gethostbyaddr(&sock.sin_addr,sizeof(sock.sin_addr),AF_INET); if (!hp) return NULL; return cloneString(hp->h_name); } /* -------- functions ---- */ void debugShowAllMembers(struct sqlConnection *conn) /* display all gbMembers */ { struct sqlResult *sr; char **row; hPrintf("

Members

"); hPrintf(""); hPrintf(""); sr = sqlGetResult(conn, "select * from members"); while ((row = sqlNextRow(sr)) != NULL) { hPrintf("",row[0],row[1]); } sqlFreeResult(&sr); hPrintf("
emailpassword
%s%s
"); } - +/************************************************************ void lostPasswordPage(struct sqlConnection *conn) -/* draw the lost password page */ +// draw the lost password page { hPrintf( "

UCSC Genome Browser

" "

" "

" "%s" "

Send Me A New Password

" "
" "" "" "" "
E-mail " "(your e-mail is also your user-id)
 " " 
" "
" , errMsg ? errMsg : "" ); cartSaveSession(cart); hPrintf("
"); } - +**************************************************************/ void lostPassword(struct sqlConnection *conn) /* process the lost password form */ { char query[256]; char cmd[256]; char *email = cartUsualString(cart, "hgLogin_email", ""); if (!email || sameString(email,"")) { freez(&errMsg); errMsg = cloneString("Email cannot be blank."); - lostPasswordPage(conn); + // lostPasswordPage(conn); return; } safef(query,sizeof(query), "select password from gbMembers where email='%s'", email); char *password = sqlQuickString(conn, query); if (!password) { freez(&errMsg); errMsg = cloneString("Email not found."); - lostPasswordPage(conn); + // lostPasswordPage(conn); return; } freez(&password); password = generateRandomPassword(); char encPwd[45] = ""; encryptNewPwd(password, encPwd, sizeof(encPwd)); safef(query,sizeof(query), "update gbMembers set password='%s' where email='%s'", sqlEscapeString(encPwd), sqlEscapeString(email)); sqlUpdate(conn, query); updatePasswordsFile(conn); safef(cmd,sizeof(cmd), "echo 'Your new password is: %s' | mail -s \"Lost GSID HIV password\" %s" , password, email); int result = system(cmd); if (result == -1) { hPrintf( "

UCSC Genome Browser

" "

" "

" "

Error emailing password to: %s

" "Click here to return.
" , email ); } else { hPrintf( "

UCSC Genome Browser

" "

" "

" "

Password has been emailed to: %s

" "Click here to return.
" , email ); } freez(&password); } void changePasswordPage(struct sqlConnection *conn) /* change password page */ { hPrintf( "
" "\n" "

UCSC Genome Browser

" "\n" "

Change Password

" "\n" "

%s

" "\n" "
" "\n" "
" "" "" "
" "\n" , errMsg ? errMsg : "" , cartUsualString(cart, "hgLogin_userName", "") ); hPrintf( "
" "\n" "" "" "
" "\n" "
" "" "" "
" "\n" "
" "" "" "
" "\n" "
" "   " " Cancel" "\n" "
" "
" "\n" "
" "\n" ); cartSaveSession(cart); } void changePassword(struct sqlConnection *conn) /* process the change password form */ { char query[256]; char *user = cartUsualString(cart, "hgLogin_userName", ""); char *currentPassword = cartUsualString(cart, "hgLogin_password", ""); char *newPassword1 = cartUsualString(cart, "hgLogin_newPassword1", ""); char *newPassword2 = cartUsualString(cart, "hgLogin_newPassword2", ""); if (!user || sameString(user,"")) { freez(&errMsg); errMsg = cloneString("Username cannot be blank."); changePasswordPage(conn); return; } if (!currentPassword || sameString(currentPassword,"")) { freez(&errMsg); errMsg = cloneString("Current password cannot be blank."); changePasswordPage(conn); return; } if (!newPassword1 || sameString(newPassword1,"") || (strlen(newPassword1)<5)) { freez(&errMsg); errMsg = cloneString("New Password must be at least 5 characters long."); changePasswordPage(conn); return; } if (!newPassword2 || sameString(newPassword2,"") ) { freez(&errMsg); errMsg = cloneString("Re-enter New Password field cannot be blank."); changePasswordPage(conn); return; } if (newPassword1 && newPassword2 && !sameString(newPassword1, newPassword2)) { freez(&errMsg); errMsg = cloneString("New passwords do not match."); changePasswordPage(conn); return; } /* check username existence first */ safef(query,sizeof(query), "select password from gbMembers where userName='%s'", user); char *password = sqlQuickString(conn, query); if (!password) { freez(&errMsg); errMsg = cloneString("Invalid user name or password."); changePasswordPage(conn); return; } char encPwd[45] = ""; encryptNewPwd(newPassword1, encPwd, sizeof(encPwd)); safef(query,sizeof(query), "update gbMembers set password='%s' where userName='%s'", sqlEscapeString(encPwd), sqlEscapeString(user)); sqlUpdate(conn, query); hPrintf ( "

UCSC Genome Browser

" "

" "

" "

Password has been changed.

" ); backToDoLoginPage(2); cartRemove(cart, "hgLogin_password"); cartRemove(cart, "hgLogin_newPassword1"); cartRemove(cart, "hgLogin_newPassword2"); } void signupPage(struct sqlConnection *conn) /* draw the signup page */ /* XXXX TODO: cornfirm password, password help like Required. 30 characters or fewer. Letters, digits and @/./+/-/_ only. optional real name */ { hPrintf( "
" "

UCSC Genome Browser

" "\n" "

Signing up enables you to save multiple sessions and to share your sessions with others.

" "Already have an account? Login.
" "\n" ); hPrintf( "

Sign Up

" "
" //"
" //" %s" //"
" "%s" "\n" , errMsg ? errMsg : "" ); hPrintf( "
" "" "" "
" "\n" "
" "" "" "
" "\n" "
" "" "" "
" "\n" , cartUsualString(cart, "hgLogin_userName", "") , cartUsualString(cart, "hgLogin_email", "") , cartUsualString(cart, "hgLogin_email2", "") ); hPrintf( "
" "" "" "
" "\n" "
" "" "" "\n" "
" "\n" "
" "   " " Cancel" "
" "
" "
" "\n" , cartUsualString(cart, "hgLogin_password", "") , cartUsualString(cart, "hgLogin_password2", "") ); // TODO: group them to one remove function // , cartUsualString(cart, "hgLogin_userName", "") // , cartUsualString(cart, "hgLogin_email", "") // , cartUsualString(cart, "hgLogin_email2", "") // , cartUsualString(cart, "hgLogin_password", "") // , cartUsualString(cart, "hgLogin_password2", "") // ); // cartSaveSession(cart); hPrintf(""); } void signup(struct sqlConnection *conn) /* process the signup form */ { char query[256]; char *user = cartUsualString(cart, "hgLogin_userName", ""); if (!user || sameString(user,"")) { freez(&errMsg); errMsg = cloneString("User name cannot be blank."); signupPage(conn); return; } safef(query,sizeof(query), "select password from gbMembers where userName='%s'", user); char *password = sqlQuickString(conn, query); if (password) { freez(&errMsg); errMsg = cloneString("A user with this name already exists."); signupPage(conn); freez(&user); return; } char *email = cartUsualString(cart, "hgLogin_email", ""); if (!email || sameString(email,"")) { freez(&errMsg); errMsg = cloneString("Email cannot be blank."); signupPage(conn); return; } char *email2 = cartUsualString(cart, "hgLogin_email2", ""); if (!email2 || sameString(email2,"")) { freez(&errMsg); errMsg = cloneString("Email cannot be blank."); signupPage(conn); return; } if (email && email2 && !sameString(email, email2)) { freez(&errMsg); errMsg = cloneString("Email addresses do not match."); signupPage(conn); return; } password = cartUsualString(cart, "hgLogin_password", ""); if (!password || sameString(password,"") || (strlen(password)<5)) { freez(&errMsg); errMsg = cloneString("Password must be at least 5 characters long."); signupPage(conn); return; } char *password2 = cartUsualString(cart, "hgLogin_password2", ""); if (!password2 || sameString(password2,"") ) { freez(&errMsg); errMsg = cloneString("Password field cannot be blank."); signupPage(conn); return; } if (password && password2 && !sameString(password, password2)) { freez(&errMsg); errMsg = cloneString("Passwords do not match."); signupPage(conn); return; } /* pass all the checks, OK to create the account now */ char encPwd[45] = ""; encryptNewPwd(password, encPwd, sizeof(encPwd)); safef(query,sizeof(query), "insert into gbMembers set " "userName='%s',password='%s',email='%s', " - "lastUse=NOW(),activated='N',dateAuthenticated='9999-12-31 23:59:59'", + "lastUse=NOW(),accountActivated='N'", sqlEscapeString(user),sqlEscapeString(encPwd),sqlEscapeString(email)); sqlUpdate(conn, query); hPrintf( "

UCSC Genome Browser

\n" "

\n" "

\n" "

User %s successfully added.

\n" , user ); /* TODO: cleanup the hgLogin_xxxx vars in the cart */ backToHgSession(2); } void displayAccHelpPage(struct sqlConnection *conn) /* draw the account help page */ { char *email = cartUsualString(cart, "hgLogin_email", ""); +// cartRemove(cart, "hgLogin_helpWith"); +//cartRemove(cart, "hgLogin_email"); hPrintf( "
" "\n" "

UCSC Genome Browser

" "\n" "

Having trouble signing in?

" "\n" "
" "\n" "

%s

" "\n" , errMsg ? errMsg : "" ); hPrintf( "

" "
" "
" "
" "
" "\n" "
" "\n" ); hPrintf( "
" "" "" "
" "\n" "
" " " "  Cancel" "
" "
" "
" , email ); +cartSaveSession(cart); } void accountHelp(struct sqlConnection *conn) /* email user username(s) or new password */ { -struct sqlResult *sr; -char **row; -char query[256]; +// struct sqlResult *sr; +// char **row; +// char query[256]; char *email = cartUsualString(cart, "hgLogin_email", ""); +char *helpWith = cartUsualString(cart, "hgLogin_helpWith", ""); + if (sameString(email,"")) { freez(&errMsg); errMsg = cloneString("Email address cannot be blank."); displayAccHelpPage(conn); return; } /* TODO: validate the email address is in right format */ /* Username selcted? */ -char *helpWith = cartUsualString(cart, "hgLogin_helpWith", ""); if (sameString(helpWith,"username")) { - /* find all the user names assocaited with this email address */ - char userList[256]=""; - safef(query,sizeof(query),"select * from gbMembers where email='%s'", email); - sr = sqlGetResult(conn, query); - int numUser = 0; - while ((row = sqlNextRow(sr)) != NULL) - { - struct gbMembers *m = gbMembersLoad(row); - if (numUser >= 1) - safecat(userList, sizeof(userList), ", "); - safecat(userList, sizeof(userList), m->userName); - numUser += 1; - } - sqlFreeResult(&sr); - if (numUser == 0) - { - freez(&errMsg); - char temp[256]; - safef(temp,sizeof(temp),"No user found with this email address."); - errMsg = cloneString(temp); - displayAccHelpPage(conn); - return; - } else { - sendUsername(email, userList); + sendUsername(conn); } - } /* helpWith username */ - if (sameString(helpWith,"password")) { freez(&errMsg); errMsg = cloneString("Forgot password selected!"); displayAccHelpPage(conn); return; } +//cartRemove(cart, "hgLogin_helpWith"); displayAccHelpPage(conn); return; } /* ----- account login/display functions ---- */ void displayLoginPage(struct sqlConnection *conn) /* draw the account login page */ { char *username = cartUsualString(cart, "hgLogin_userName", ""); /* for password security, use cgi hash instead of cart */ // char *password = cgiUsualString("hgLogin_password", ""); hPrintf( "
" "\n" "

UCSC Genome Browser

" "\n" "

Login

" "\n" "%s" "\n" , errMsg ? errMsg : "" ); hPrintf( "
" "\n" "
" "" "" "
" "\n" "
" "" "" "
" "\n" "
" " " "  Cancel" "
" "
" "\n" "\n" "
" "Can't access your account?
" "Need an account? Sign up.
" "To change password, click here." "
" "
" "\n" "\n" "" "" , username ); cartSaveSession(cart); } /******* BEGIN dispalyLogin *************************/ void displayLogin(struct sqlConnection *conn) /* display user account info */ { struct sqlResult *sr; char **row; char query[256]; char *userName = cartUsualString(cart, "hgLogin_userName", ""); if (sameString(userName,"")) { freez(&errMsg); errMsg = cloneString("User name cannot be blank."); displayLoginPage(conn); return; } /* for password security, use cgi hash instead of cart */ char *password = cgiUsualString("hgLogin_password", ""); if (sameString(password,"")) { freez(&errMsg); errMsg = cloneString("Password cannot be blank."); displayLoginPage(conn); return; } safef(query,sizeof(query),"select * from gbMembers where userName='%s'", userName); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) == NULL) { freez(&errMsg); char temp[256]; safef(temp,sizeof(temp),"User name %s not found.",userName); errMsg = cloneString(temp); displayLoginPage(conn); return; } struct gbMembers *m = gbMembersLoad(row); sqlFreeResult(&sr); /* TODO: check user name exist and activated */ /* ..... */ if (checkPwd(password,m->password)) { unsigned int userID=m->idx; hPrintf("

Login successful for user %s with id %d.\n

\n" ,userName,userID); displayLoginSuccess(userName,userID); return; } else { errMsg = cloneString("Invalid user name or password."); displayLoginPage(conn); return; } gbMembersFree(&m); } /******* END dispalyLogin *************************/ void displayLoginSuccess(char *userName, int userID) /* display login success msg, and set cookie */ { // char *hgLoginHost = hgLoginLinkHost(); hPrintf( "

UCSC Genome Browser

" "

" "

" "" "\n" ); /* Set cookies */ /* TODO: use htmlSetCookie() to set cookies */ hPrintf( "\n" "" "\n", userName,userID); backToHgSession(2); } void displayLogoutSuccess() /* display logout success msg, and reset cookie */ { // char *hgLoginHost = hgLoginLinkHost(); hPrintf( "

UCSC Genome Browser Sign Out

" "

" "

" "" "\n" ); hPrintf( "\n" ); /* TODO: cleanup the hgLogin_xxxx vars in the cart */ /* return to session */ backToHgSession(1); } void backToHgSession(int nSec) /* delay for N micro seconds then go back to hgSession page */ /* TODO: afterDelayBackTo("http....") */ { char *hgLoginHost = hgLoginLinkHost(); int delay=nSec*1000; hPrintf( "" ,delay ,hgLoginHost); } void backToDoLoginPage(int nSec) /* delay for N micro seconds then go back to Login page */ /* TODO: afterDelayBackTo("http....") */ { char *hgLoginHost = hgLoginLinkHost(); int delay=nSec*1000; hPrintf( "" ,delay ,hgLoginHost); } void displayUserInfo(struct sqlConnection *conn) /* display user account info */ { struct sqlResult *sr; char **row; char query[256]; char *user = cartUsualString(cart, "hgLogin_userName", ""); if (sameString(user,"")) { freez(&errMsg); errMsg = cloneString("User name cannot be blank."); displayUserInfo(conn); return; } /* for password security, use cgi hash instead of cart */ char *password = cgiUsualString("hgLogin_password", ""); if (sameString(password,"")) { freez(&errMsg); errMsg = cloneString("Password cannot be blank."); displayUserInfo(conn); return; } safef(query,sizeof(query),"select * from gbMembers where username='%s'", user); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) == NULL) { freez(&errMsg); char temp[256]; safef(temp,sizeof(temp),"User %s not found.",user); errMsg = cloneString(temp); displayUserInfo(conn); return; } struct gbMembers *m = gbMembersLoad(row); sqlFreeResult(&sr); if (checkPwd(password,m->password)) { hPrintf("

UCSC Genome Browser User Information:

\n"); hPrintf("\n"); hPrintf("\n",m->userName); hPrintf("\n",m->realName); hPrintf("\n",m->email); hPrintf("
User name:%s
Real name:%s
E-mail:%s
\n"); hPrintf("
\n"); hPrintf("Return to signup.
\n"); hPrintf("Go to UCSC Genome Browser.
\n"); } else { hPrintf("

Invalid User/Password

\n"); hPrintf("Return to signup.
\n"); } gbMembersFree(&m); } void doMiddle(struct cart *theCart) /* Write the middle parts of the HTML page. * This routine sets up some globals and then * dispatches to the appropriate page-maker. */ { struct sqlConnection *conn = hConnectCentral(); cart = theCart; if (cartVarExists(cart, "debug")) debugShowAllMembers(conn); /* remove after a while when it is no longer needed else if (cartVarExists(cart, "fixMembers")) { upgradeMembersTable(conn); updatePasswordsFile(conn); hPrintf( "

UCSC Genome Browser

" "

" "

" "

Successfully updated the gbMembers table to store hashed passwords.

" "Click here to return.
" ); } */ else if (cartVarExists(cart, "update")) { updatePasswordsFile(conn); hPrintf( "

UCSC Genome Browser

" "

" "

" "

Successfully updated the authentication file.

" "Click here to return.
" ); } /******************************************************************* else if (cartVarExists(cart, "hgLogin.do.lostUserNamePage")) lostUserNamedPage(conn); else if (cartVarExists(cart, "hgLogin.do.lostUserName")) lostUserName(conn); ********************************************************************/ -else if (cartVarExists(cart, "hgLogin.do.lostPasswordPage")) - lostPasswordPage(conn); +// else if (cartVarExists(cart, "hgLogin.do.lostPasswordPage")) +// lostPasswordPage(conn); else if (cartVarExists(cart, "hgLogin.do.lostPassword")) lostPassword(conn); else if (cartVarExists(cart, "hgLogin.do.changePasswordPage")) changePasswordPage(conn); else if (cartVarExists(cart, "hgLogin.do.changePassword")) changePassword(conn); else if (cartVarExists(cart, "hgLogin.do.displayUserInfo")) displayUserInfo(conn); else if (cartVarExists(cart, "hgLogin.do.displayAccHelpPage")) displayAccHelpPage(conn); else if (cartVarExists(cart, "hgLogin.do.accountHelp")) accountHelp(conn); else if (cartVarExists(cart, "hgLogin.do.activateAccount")) activateAccount(conn); else if (cartVarExists(cart, "hgLogin.do.displayMailSuccess")) displayMailSuccess(conn); else if (cartVarExists(cart, "hgLogin.do.displayLoginPage")) displayLoginPage(conn); else if (cartVarExists(cart, "hgLogin.do.displayLogin")) displayLogin(conn); else if (cartVarExists(cart, "hgLogin.do.displayLogout")) displayLogoutSuccess(); else if (cartVarExists(cart, "hgLogin.do.signup")) signup(conn); else signupPage(conn); hDisconnectCentral(&conn); cartRemovePrefix(cart, "hgLogin.do."); } void usage() /* Explain usage and exit. */ { errAbort( "hgLogin - administer gsid hiv membership functions - a cgi script\n" "usage:\n" " hgLogin\n" ); } int main(int argc, char *argv[]) /* Process command line. */ { pushCarefulMemHandler(100000000); cgiSpoof(&argc, argv); htmlSetStyleSheet("/style/userAccounts.css"); htmlSetStyle(htmlStyleUndecoratedLink); htmlSetBgColor(HG_CL_OUTSIDE); htmlSetFormClass("accountScreen"); oldCart = hashNew(10); cartHtmlShell("Login - UCSC Genome Browser", doMiddle, hUserCookie(), excludeVars, oldCart); return 0; }