e61c0b17e8c9fa2695a1063b040d15294d73ccac chinhli Fri Jun 22 11:13:08 2012 -0700 Bug #8250 Replace hard coded 'UCSC Genome Browser', signature and return address in GUI and mail text with value from hg.conf. diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c index 781768a..066f88a 100644 --- src/hg/hgLogin/hgLogin.c +++ src/hg/hgLogin/hgLogin.c @@ -20,50 +20,75 @@ #include "wikiLink.h" #include "hgLogin.h" #include "gbMembers.h" #include "versionInfo.h" /* ---- Global variables. ---- */ char msg[4096] = ""; /* The excludeVars are not saved to the cart. */ char *excludeVars[] = { "submit", "Submit", "debug", "fixMembers", "update", "hgLogin_password", "hgLogin_password2", "hgLogin_newPassword1", "hgLogin_newPassword2", NULL }; struct cart *cart; /* This holds cgi and other variables between clicks. */ char *database; /* Name of genome database - hg15, mm3, or the like. */ struct hash *oldCart; /* Old cart hash. */ char *errMsg; /* Error message to show user when form data rejected */ -char signature[256]="\nUCSC Genome Browser\nhttp://www.genome.ucsc.edu "; - +char brwName[64]; +char brwAddr[256]; +char signature[256]; +char returnAddr[256]; /* ---- Global helper functions ---- */ +char *browserName() +/* Return the browser name like 'UCSC Genome Browser' */ +{ +if isEmpty(cfgOption(CFG_LOGIN_BROWSER_NAME)) + return cloneString("NULL_browserName"); +else + return cloneString(cfgOption(CFG_LOGIN_BROWSER_NAME)); +} + +char *browserAddr() +/* Return the browser address like 'http://genome.ucsc.edu' */ +{ +if isEmpty(cfgOption(CFG_LOGIN_BROWSER_ADDR)) + return cloneString("NULL_browserAddr"); +else + return cloneString(cfgOption(CFG_LOGIN_BROWSER_ADDR)); +} + char *mailSignature() /* Return the signature to be used by outbound mail or NULL. Allocd here. */ { -return cloneString(cfgOption(CFG_LOGIN_SIGNATURE)); +if isEmpty(cfgOption(CFG_LOGIN_MAIL_SIGNATURE)) + return cloneString("NULL_mailSignature"); +else + return cloneString(cfgOption(CFG_LOGIN_MAIL_SIGNATURE)); } char *mailReturnAddr() /* Return the return addr. to be used by outbound mail or NULL. Allocd here. */ { -return cloneString(cfgOption(CFG_LOGIN_RETURN_ADDR)); +if isEmpty(cfgOption(CFG_LOGIN_MAIL_RETURN_ADDR)) + return cloneString("NULL_mailReturnAddr"); +else + return cloneString(cfgOption(CFG_LOGIN_MAIL_RETURN_ADDR)); } /* ---- password functions depend on optionally installed openssl lib ---- */ #ifdef USE_SSL #include <openssl/md5.h> - void cryptWikiWay(char *password, char *salt, char* result) /* encrypt password in mediawiki format - ':B:'.$salt.':'. md5($salt.'-'.md5($password ) */ { int i; unsigned char result1[MD5_DIGEST_LENGTH]; unsigned char result2[MD5_DIGEST_LENGTH]; char firstMD5[MD5_DIGEST_LENGTH*2 + 1]; char secondMD5[MD5_DIGEST_LENGTH*2 + 1]; i = MD5_DIGEST_LENGTH; MD5((unsigned char *)password, strlen(password), result1); for(i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(&firstMD5[i*2], "%02x", result1[i]); } @@ -297,128 +322,130 @@ "\n" "window.setTimeout(afterDelay, %d);\n" "function afterDelay() {\n" "window.location =\"%s\";\n}" "\n//-->\n" "</script>", delay, returnURL); } void displayActMailSuccess() /* display Activate mail success box */ { char *returnURL = getReturnToURL(); hPrintf( "<div id=\"confirmationBox\" class=\"centeredContainer formBox\">" "\n" - "<h2>UCSC Genome Browser</h2>" + "<h2>%s</h2>", brwName); +hPrintf( "<p id=\"confirmationMsg\" class=\"confirmationTxt\">A confirmation email has been sent to you. \n" "Please click the confirmation link in the email to activate your account.</p>" "\n" "<p><a href=\"%s\">Return</a></p>", returnURL); cartRemove(cart, "hgLogin_email"); cartRemove(cart, "hgLogin_userName"); } - void sendActMailOut(char *email, char *subject, char *msg) /* send mail to email address */ { char *hgLoginHost = wikiLinkHost(); char cmd[4096]; safef(cmd,sizeof(cmd), - "echo '%s' | mail -s \"%s\" %s -- -f genome-www@soe.ucsc.edu", - msg, subject, email); + "echo '%s' | mail -s \"%s\" %s -- -f %s", + msg, subject, email, returnAddr); int result = system(cmd); if (result == -1) { hPrintf( - "<h2>UCSC Genome Browser</h2>" + "<h2>%s</h2>", brwName); + hPrintf( "<p align=\"left\">" "</p>" "<h3>Error emailing to: %s</h3>" "Click <a href=hgLogin?hgLogin.do.displayAccHelpPage=1>here</a> to return.<br>", email ); } else { hPrintf("<script language=\"JavaScript\">\n" "<!-- \n" "window.location =\"http://%s/cgi-bin/hgLogin?hgLogin.do.displayActMailSuccess=1\"" "//-->" "\n" "</script>", hgLoginHost); } } void displayMailSuccess() /* display mail success confirmation box */ { hPrintf( "<div id=\"confirmationBox\" class=\"centeredContainer formBox\">" "\n" - "<h2>UCSC Genome Browser</h2>" + "<h2>%s</h2>", brwName); +hPrintf( "<p id=\"confirmationMsg\" class=\"confirmationTxt\">An email has been sent to you \n" "containing information that you requested.</p>" "\n" "<p><a href=\"hgLogin?hgLogin.do.displayLoginPage=1\">Return to Login</a></p>"); cartRemove(cart, "hgLogin_helpWith"); cartRemove(cart, "hgLogin_email"); cartRemove(cart, "hgLogin_userName"); } void sendMailOut(char *email, char *subject, char *msg) /* send mail to email address */ { char *hgLoginHost = wikiLinkHost(); char *obj = cartUsualString(cart, "hgLogin_helpWith", ""); char cmd[4096]; safef(cmd,sizeof(cmd), - "echo '%s' | mail -s \"%s\" %s -- -f genome-www@soe.ucsc.edu", - msg, subject, email); + "echo '%s' | mail -s \"%s\" %s -- -f %s", + msg, subject, email, returnAddr); int result = system(cmd); if (result == -1) { hPrintf( - "<h2>UCSC Genome Browser</h2>" + "<h2>%s</h2>", brwName); + hPrintf( "<p align=\"left\">" "</p>" "<h3>Error emailing %s to: %s</h3>" "Click <a href=hgLogin?hgLogin.do.displayAccHelpPage=1>here</a> to return.<br>", obj, email ); } else { hPrintf("<script language=\"JavaScript\">\n" "<!-- \n" "window.location =\"http://%s/cgi-bin/hgLogin?hgLogin.do.displayMailSuccess=1\"" "//-->" "\n" "</script>", hgLoginHost); } } void mailUsername(char *email, char *users) /* send user name list to the email address */ { char subject[256]; char msg[4096]; char *remoteAddr=getenv("REMOTE_ADDR"); -safef(subject, sizeof(subject),"Your user name at the UCSC Genome Browser"); +safef(subject, sizeof(subject),"Your user name at the %s", brwName); safef(msg, sizeof(msg), - "Someone (probably you, from IP address %s) has requested user name(s) associated with this email address at UCSC Genome Browser: \n\n %s\n\n", - remoteAddr, users); -safecat (msg, sizeof(msg), signature); + "Someone (probably you, from IP address %s) has requested user name(s) associated with this email address at %s: \n\n %s\n\n%s\n%s", + remoteAddr, brwName, users, signature, returnAddr); sendMailOut(email, subject, msg); } void sendUsername(struct sqlConnection *conn, char *email) /* email user username(s) */ { struct sqlResult *sr; char **row; char query[256]; /* find all the user names assocaited with this email address */ char userList[256]=""; safef(query,sizeof(query),"select * from gbMembers where email='%s'", email); sr = sqlGetResult(conn, query); int numUser = 0; @@ -428,65 +455,66 @@ if (numUser >= 1) safecat(userList, sizeof(userList), ", "); safecat(userList, sizeof(userList), m->userName); numUser += 1; } sqlFreeResult(&sr); mailUsername(email, userList); } void sendNewPwdMail(char *username, char *email, char *password) /* send user new password */ { char subject[256]; char msg[4096]; char *remoteAddr=getenv("REMOTE_ADDR"); -safef(subject, sizeof(subject),"New temporary password for UCSC Genome Browse"); + +safef(subject, sizeof(subject),"New temporary password for %s", brwName); safef(msg, sizeof(msg), - "Someone (probably you, from IP address %s) requested a new password for UCSC Genome Browser (http://genome.ucsc.edu). A temporary password for user \"%s\" has been created and was set to \"%s\". If this was your intent, you will need to log in and choose a new password now. Your temporary password will expire in 7 days.\nIf someone else made this request, or if you have remembered your password, and you no longer wish to change it, you may ignore this message and continue using your old password.\n", - remoteAddr, username, password); -safecat (msg, sizeof(msg), signature); + " Someone (probably you, from IP address %s) requested a new password for %s (%s). A temporary password for user \"%s\" has been created and was set to \"%s\". If this was your intent, you will need to log in and choose a new password now. Your temporary password will expire in 7 days.\n\n If someone else made this request, or if you have remembered your password, and you no longer wish to change it, you may ignore this message and continue using your old password.\n\n%s\n%s", + remoteAddr, brwName, brwAddr, username, password, signature, returnAddr); sendMailOut(email, subject, msg); } void displayAccHelpPage(struct sqlConnection *conn) /* draw the account help page */ { char *email = cartUsualString(cart, "hgLogin_email", ""); char *username = cartUsualString(cart, "hgLogin_userName", ""); + hPrintf("<script language=\"JavaScript\">\n" "<!-- " "\n" "function toggle(value){\n" "if(value=='showE')\n" "{\n" " document.getElementById('usernameBox').style.display='none';\n" " document.getElementById('emailAddrBox').style.display='inline';\n" " } else {\n" " document.getElementById('usernameBox').style.display='inline';\n" " document.getElementById('emailAddrBox').style.display='none';\n" "}\n" "}\n" "//-->" "\n" "</script>" "\n"); hPrintf("<div id=\"accountHelpBox\" class=\"centeredContainer formBox\">" "\n" - "<h2>UCSC Genome Browser</h2>" - "\n" - "<h3>Having trouble signing in?</h3>" + "<h2>%s</h2>" + "\n", brwName); +hPrintf("<h3>Having trouble signing in?</h3>" "\n" "<form method=post action=\"hgLogin\" name=\"accountLoginForm\" id=\"acctHelpForm\">" "\n" "<p><span style='color:red;'>%s</span><p>" "\n", errMsg ? errMsg : ""); hPrintf("<div class=\"inputGroup\">" "<div class=\"acctHelpSection\"><input name=\"hgLogin_helpWith\" type=\"radio\" value=\"password\" id=\"password\" onclick=\"toggle('showU');\">" "<label for=\"password\" class=\"radioLabel\">I forgot my <b>password</b>. Send me a new one.</label></div>" "<div class=\"acctHelpSection\"><input name=\"hgLogin_helpWith\" type=\"radio\" value=\"username\" id=\"username\" onclick=\"toggle('showE');\">" "<label for=\"username\" class=\"radioLabel\">I forgot my <b>username</b>. Please email it to me.</label></div>" "\n" "</div>" "\n"); hPrintf("<div class=\"inputGroup\" id=\"usernameBox\" style=\"display: none;\">" "<label for=\"emailUsername\">Username</label>" @@ -547,66 +575,67 @@ safef(query,sizeof(query), "update gbMembers set lastUse=NOW(),newPassword='', newPasswordExpire='', passwordChangeRequired='N' where userName='%s'", sqlEscapeString(username)); sqlUpdate(conn, query); cartRemove(cart, "hgLogin_changeRequired"); return; } void sendActivateMail(char *email, char *username, char *encToken) /* Send activation mail with token to user*/ { char subject[256]; char msg[4096]; char activateURL[256]; char *hgLoginHost = wikiLinkHost(); char *remoteAddr=getenv("REMOTE_ADDR"); + safef(activateURL, sizeof(activateURL), "http://%s/cgi-bin/hgLogin?hgLogin.do.activateAccount=1&user=%s&token=%s\n", sqlEscapeString(hgLoginHost), sqlEscapeString(username), sqlEscapeString(encToken)); -safef(subject, sizeof(subject),"UCSC Genome Browser account e-mail address confirmation"); +safef(subject, sizeof(subject),"%s account e-mail address confirmation", brwName); safef(msg, sizeof(msg), - "Someone (probably you, from IP address %s) has requested an account %s with this e-mail address on the UCSC Genome Browser.\n\nTo confirm that this account really does belong to you on the UCSC Genome Browser, open this link in your browser:\n\n%s\n\nIf this is *not* you, do not follow the link. This confirmation code will expire in 7 days.\n", - remoteAddr, username, activateURL); -safecat (msg, sizeof(msg), signature); + "Someone (probably you, from IP address %s) has requested an account %s with this e-mail address on the %s.\nTo confirm that this account really does belong to you on the %s, open this link in your browser:\n\n%s\n\nIf this is *not* you, do not follow the link. This confirmation code will expire in 7 days.\n\n%s\n%s", + remoteAddr, username, brwName, brwName, activateURL, signature, returnAddr); sendActMailOut(email, subject, msg); } void setupNewAccount(struct sqlConnection *conn, char *email, char *username) /* Set up new user account and send activation mail to user */ { char query[256]; char *token = generateRandomPassword(); char *tokenMD5 = generateTokenMD5(token); safef(query,sizeof(query), "update gbMembers set lastUse=NOW(),emailToken='%s', emailTokenExpires=DATE_ADD(NOW(), INTERVAL 7 DAY), accountActivated='N' where userName='%s'", sqlEscapeString(tokenMD5), sqlEscapeString(username) ); sqlUpdate(conn, query); sendActivateMail(email, username, tokenMD5); return; } void displayLoginPage(struct sqlConnection *conn) /* draw the account login page */ { char *username = cartUsualString(cart, "hgLogin_userName", ""); hPrintf("<div id=\"loginBox\" class=\"centeredContainer formBox\">" "\n" - "<h2>UCSC Genome Browser</h2>" - "\n" + "<h2>%s</h2>" + "\n", brwName); +hPrintf( "<h3>Login</h3>" "\n"); if (errMsg && sameString(errMsg, "Your account has been activated.")) hPrintf("<span style='color:green;'>%s</span>\n", errMsg ? errMsg : ""); else hPrintf("<span style='color:red;'>%s</span>\n", errMsg ? errMsg : ""); hPrintf("<form method=post action=\"hgLogin\" name=\"accountLoginForm\" id=\"accountLoginForm\">" "\n" "<div class=\"inputGroup\">" "<label for=\"userName\">Username</label>" "<input type=text name=\"hgLogin_userName\" value=\"%s\" size=\"30\" id=\"userName\">" "</div>" "\n" "<div class=\"inputGroup\">" "<label for=\"password\">Password</label>" @@ -655,32 +684,32 @@ errMsg = cloneString("Token does not match."); } cartSetString(cart, "hgLogin_userName", username); displayLoginPage(conn); return; } /* -------- functions ---- */ void changePasswordPage(struct sqlConnection *conn) /* change password page */ { hPrintf("<div id=\"changePwBox\" class=\"centeredContainer formBox\">" "\n" - "<h2>UCSC Genome Browser</h2>" - "\n" + "<h2>%s</h2>", brwName); +hPrintf( "<h3>Change Password</h3>" "\n" "<p> <span style='color:red;'>%s</span> </p>" "\n" "<form method=\"post\" action=\"hgLogin\" name=\"changePasswordForm\" id=\"changePasswordForm\">" "\n" "<div class=\"inputGroup\">" "<label for=\"userName\">Username</label>" "<input type=\"text\" name=\"hgLogin_userName\" size=\"30\" value=\"%s\" id=\"email\">" "</div>" "\n", errMsg ? errMsg : "", cartUsualString(cart, "hgLogin_userName", "")); hPrintf("<div class=\"inputGroup\">" "\n" "<label for=\"currentPw\">Current Password</label>" @@ -774,46 +803,47 @@ return; } if (!checkPwd(currentPassword, password)) { freez(&errMsg); errMsg = cloneString("Invalid current password."); changePasswordPage(conn); return; } char encPwd[45] = ""; encryptNewPwd(newPassword1, encPwd, sizeof(encPwd)); safef(query,sizeof(query), "update gbMembers set password='%s' where userName='%s'", sqlEscapeString(encPwd), sqlEscapeString(user)); sqlUpdate(conn, query); clearNewPasswordFields(conn, user); -hPrintf("<h2>UCSC Genome Browser</h2>" +hPrintf("<h2>%s</h2>", brwName); +hPrintf( "<p align=\"left\">" "</p>" "<h3>Password has been changed.</h3>"); cartRemove(cart, "hgLogin_password"); cartRemove(cart, "hgLogin_newPassword1"); cartRemove(cart, "hgLogin_newPassword2"); returnToURL(150); } void signupPage(struct sqlConnection *conn) /* draw the signup page */ { hPrintf("<div id=\"signUpBox\" class=\"centeredContainer formBox\">" - "<h2>UCSC Genome Browser</h2>" - "\n" + "<h2>%s</h2>", brwName); +hPrintf( "<p>Signing up enables you to save multiple sessions and to share your sessions with others.</p>" "Already have an account? <a href=\"hgLogin?hgLogin.do.displayLoginPage=1\">Login</a>.<br>" "\n"); hPrintf("<h3>Sign Up</h3>" "<form method=\"post\" action=\"hgLogin\" name=\"mainForm\">" "<span style='color:red;'>%s</span>" "\n", errMsg ? errMsg : ""); hPrintf("<div class=\"inputGroup\">" "<label for=\"userName\">Username</label>" "<input type=text name=\"hgLogin_userName\" value=\"%s\" size=\"30\" id=\"userName\">" "</div>" "\n" "<div class=\"inputGroup\">" "<label for=\"emailAddr\">Email address</label>" "<input type=text name=\"hgLogin_email\" value=\"%s\" size=\"30\" id=\"emailAddr\">" @@ -938,31 +968,32 @@ errMsg = cloneString("Passwords do not match."); signupPage(conn); return; } /* pass all the checks, OK to create the account now */ char encPwd[45] = ""; encryptNewPwd(password, encPwd, sizeof(encPwd)); safef(query,sizeof(query), "insert into gbMembers set " "userName='%s',password='%s',email='%s', " "lastUse=NOW(),accountActivated='N'", sqlEscapeString(user),sqlEscapeString(encPwd),sqlEscapeString(email)); sqlUpdate(conn, query); setupNewAccount(conn, email, user); /* send out activate code mail, and display the mail confirmation box */ -hPrintf("<h2>UCSC Genome Browser</h2>\n" +hPrintf("<h2>%s</h2>", brwName); +hPrintf( "<p align=\"left\">\n" "</p>\n" "<h3>User %s successfully added.</h3>\n", user); cartRemove(cart, "hgLogin_email"); cartRemove(cart, "hgLogin_email2"); cartRemove(cart, "hgLogin_userName"); cartRemove(cart, "user"); cartRemove(cart, "token"); returnToURL(150); } void accountHelp(struct sqlConnection *conn) /* email user username(s) or new password */ { char query[256]; @@ -1048,31 +1079,32 @@ char returnToDomain[256]; /* parse the URL */ struct netParsedUrl rtpu; netParseUrl(returnURL, &rtpu); safecpy(returnToDomain, sizeof(returnToDomain), rtpu.host); if (endsWith(returnToDomain,centralDomain)) return centralDomain; else return cloneString(returnToDomain); } void displayLoginSuccess(char *userName, int userID) /* display login success msg, and set cookie */ { -hPrintf("<h2>UCSC Genome Browser</h2>" +hPrintf("<h2>%s</h2>", brwName); +hPrintf( "<p align=\"left\">" "</p>" "<span style='color:red;'></span>" "\n"); /* Set cookies */ char *domainName=getCookieDomainName(); hPrintf("<script language=\"JavaScript\">" " document.write(\"Login successful, setting cookies now...\");" "</script>\n" "<script language=\"JavaScript\">" "document.cookie = \"wikidb_mw1_UserName=%s; domain=%s; expires=Thu, 31 Dec 2099, 20:47:11 UTC; path=/\"; " "\n" "document.cookie = \"wikidb_mw1_UserID=%d; domain=%s; expires=Thu, 31 Dec 2099, 20:47:11 UTC; path=/\";" " </script>" "\n", userName, domainName, userID, domainName); @@ -1140,52 +1172,57 @@ cartSetString(cart, "hgLogin_changeRequired", "YES"); changePasswordPage(conn); } else { errMsg = cloneString("Invalid user name or password."); displayLoginPage(conn); return; } gbMembersFree(&m); } void displayLogoutSuccess() /* display logout success msg, and reset cookie */ { -hPrintf("<h2>UCSC Genome Browser Sign Out</h2>" +hPrintf("<h2>%s Sign Out</h2>", brwName); +hPrintf( "<p align=\"left\">" "</p>" "<span style='color:red;'></span>" "\n"); char *domainName=getCookieDomainName(); hPrintf("<script language=\"JavaScript\">" "document.cookie = \"wikidb_mw1_UserName=; domain=%s; expires=Thu, 01-Jan-70 00:00:01 GMT; path=/\"; " "\n" "document.cookie = \"wikidb_mw1_UserID=; domain=%s; expires=Thu, 01-Jan-70 00:00:01 GMT; path=/\";" "</script>\n", domainName, domainName); /* return to "returnto" URL */ returnToURL(150); } void doMiddle(struct cart *theCart) /* Write the middle parts of the HTML page. * This routine sets up some globals and then * dispatches to the appropriate page-maker. */ { struct sqlConnection *conn = hConnectCentral(); cart = theCart; +safef(brwName,sizeof(brwName), browserName()); +safef(brwAddr,sizeof(brwAddr), browserAddr()); +safef(signature,sizeof(signature), mailSignature()); +safef(returnAddr,sizeof(returnAddr), mailReturnAddr()); if (cartVarExists(cart, "hgLogin.do.changePasswordPage")) changePasswordPage(conn); else if (cartVarExists(cart, "hgLogin.do.changePassword")) changePassword(conn); else if (cartVarExists(cart, "hgLogin.do.displayAccHelpPage")) displayAccHelpPage(conn); else if (cartVarExists(cart, "hgLogin.do.accountHelp")) accountHelp(conn); else if (cartVarExists(cart, "hgLogin.do.activateAccount")) activateAccount(conn); else if (cartVarExists(cart, "hgLogin.do.displayActMailSuccess")) displayActMailSuccess(); else if (cartVarExists(cart, "hgLogin.do.displayMailSuccess")) displayMailSuccess(); @@ -1196,31 +1233,31 @@ else if (cartVarExists(cart, "hgLogin.do.displayLogout")) displayLogoutSuccess(); else if (cartVarExists(cart, "hgLogin.do.signup")) signup(conn); else signupPage(conn); hDisconnectCentral(&conn); cartRemovePrefix(cart, "hgLogin.do."); } void usage() /* Explain usage and exit. */ { errAbort( - "hgLogin - Stand alone CGI to handle UCSC Genome Browser login.\n" + "hgLogin - Stand alone CGI to handle Genome Browser login.\n" "usage:\n" " hgLogin <various CGI settings>\n" ); } int main(int argc, char *argv[]) /* Process command line. */ { pushCarefulMemHandler(100000000); cgiSpoof(&argc, argv); htmlSetStyleSheet("/style/userAccounts.css"); htmlSetStyle(htmlStyleUndecoratedLink); htmlSetBgColor(HG_CL_OUTSIDE); htmlSetFormClass("accountScreen"); oldCart = hashNew(10);