a240964d6dfdd6f8661487b64538d33518d88501
angie
Mon May 16 09:38:09 2016 -0700
Added checking of wiki.loggedInCookie (numeric user ID) using random numbers as suggested by Max
if the new centralDb table gbMemberToken exists, otherwise checking the ID vs gbMembers.idx.
refs #17327
diff --git src/hg/hgSession/hgSession.c src/hg/hgSession/hgSession.c
index a7b483c..de6041a 100644
--- src/hg/hgSession/hgSession.c
+++ src/hg/hgSession/hgSession.c
@@ -105,42 +105,30 @@
else
{
printf("Signing in enables you to save current settings into a "
"named session, and then restore settings from the session later.\n"
"If you wish, you can share named sessions with other users.\n");
printf("The sign-in page is handled by our "
"wiki system:\n", wikiHost);
printf("click here to sign in.\n",
wikiLinkUserLoginUrl(cartSessionId(cart)));
printf("The wiki also serves as a forum for users "
"to share knowledge and ideas.\n");
}
}
-char *getLinkUserName()
-/* Return the user name specified in cookies from the browser, or NULL
- * if
- * the user doesn't appear to be logged in. */
-{
-if (wikiLinkEnabled())
- {
- return cloneString(wikiLinkUserName());
- }
-return NULL;
-}
-
void showCartLinks()
/* Print out links to cartDump and cartReset. */
{
char *session = cartSidUrlString(cart);
char returnAddress[512];
safef(returnAddress, sizeof(returnAddress), "%s?%s", hgSessionName(), session);
printf("Click here to "
"reset the browser user interface settings to their defaults.\n",
session, cgiEncodeFull(returnAddress));
}
char *destAppScriptName()
/* Return the complete path (/cgi-bin/... on our systems) of the destination
@@ -540,51 +528,50 @@
dyStringPrintf(dyUrl, "?hgS_doLoadUrl=submit&hgS_loadUrlName=");
printf("
If a saved settings file is available from a web server, "
"you can send email to others with a link such as "
"%sU where U is the URL of your "
"settings file, e.g. http://www.mysite.edu/~me/mySession.txt . "
"In this type of link, you can replace "
"\"hgSession\" with \"hgTracks\" in order to proceed directly to "
"the Genome Browser. For an example page using such links "
"please see the Session Gallery.\n",
dyUrl->string);
printf("\n");
dyStringFree(&dyUrl);
}
-void doMainPage(char *message)
+void doMainPage(char *userName, char *message)
/* Login status/links and session controls. */
{
puts("Content-Type:text/html\n");
if (wikiLinkEnabled())
{
- char *wikiUserName = wikiLinkUserName();
- if (wikiUserName)
- welcomeUser(wikiUserName);
+ if (userName)
+ welcomeUser(userName);
else
offerLogin();
if (isNotEmpty(message))
{
if (cartVarExists(cart, hgsDoSessionDetail))
webNewSection("Session Details");
else
webNewSection("Updated Session");
puts(message);
}
- showSessionControls(wikiUserName, TRUE, TRUE);
- showLinkingTemplates(wikiUserName);
+ showSessionControls(userName, TRUE, TRUE);
+ showLinkingTemplates(userName);
}
else
{
if (isNotEmpty(message))
{
if (cartVarExists(cart, hgsDoSessionDetail))
webNewSection("Session Details");
else
cartWebStart(cart, NULL, "Updated Session");
jsInit();
puts(message);
showSessionControls(NULL, FALSE, TRUE);
}
else
showSessionControls(NULL, FALSE, FALSE);
@@ -643,39 +630,40 @@
}
}
if (tdb->visibility != tvHide)
outIfNotPresent(cart, dy, tdb->track, tdb->visibility);
}
// Put a variable in the cart that says we put the default
// visibilities in it.
if (dy)
dyStringPrintf(dy,"&%s=on", CART_HAS_DEFAULT_VISIBILITY);
else
printf("%s on", CART_HAS_DEFAULT_VISIBILITY);
}
#define INITIAL_USE_COUNT 0
-char *doNewSession()
+char *doNewSession(char *userName)
/* Save current settings in a new named session.
* Return a message confirming what we did. */
{
+if (userName == NULL)
+ return "Unable to save session -- please log in and try again.";
struct dyString *dyMessage = dyStringNew(2048);
char *sessionName = trimSpaces(cartString(cart, hgsNewSessionName));
char *encSessionName = cgiEncodeFull(sessionName);
boolean shareSession = cartBoolean(cart, hgsNewSessionShare);
-char *userName = getLinkUserName();
char *encUserName = cgiEncodeFull(userName);
struct sqlConnection *conn = hConnectCentral();
if (sqlTableExists(conn, namedSessionTable))
{
struct sqlResult *sr = NULL;
struct dyString *dy = dyStringNew(16 * 1024);
char **row;
char *firstUse = "now()";
int useCount = INITIAL_USE_COUNT;
char firstUseBuf[32];
/* If this session already existed, preserve its firstUse and useCount. */
sqlDyStringPrintf(dy, "SELECT firstUse, useCount FROM %s "
"WHERE userName = '%s' AND sessionName = '%s';",
@@ -736,40 +724,41 @@
getSessionLink(encUserName, encSessionName),
getSessionEmailLink(encUserName, encSessionName));
cartCheckForCustomTracks(cart, dyMessage);
}
else
dyStringPrintf(dyMessage,
"Sorry, required table %s does not exist yet in the central "
"database (%s). Please ask a developer to create it using "
"kent/src/hg/lib/namedSessionDb.sql .",
namedSessionTable, sqlGetDatabase(conn));
hDisconnectCentral(&conn);
return dyStringCannibalize(&dyMessage);
}
-char *doUpdateSessions()
+char *doUpdateSessions(char *userName)
/* Look for cart variables matching prefixes for sharing/unsharing,
* loading or deleting a previously saved session.
* Return a message confirming what we did, or NULL if no such variables
* were in the cart. */
{
+if (userName == NULL)
+ return NULL;
struct dyString *dyMessage = dyStringNew(1024);
struct hashEl *cartHelList = NULL, *hel = NULL;
struct sqlConnection *conn = hConnectCentral();
-char *userName = getLinkUserName();
char *encUserName = cgiEncodeFull(userName);
boolean didSomething = FALSE;
char query[512];
cartHelList = cartFindPrefix(cart, hgsSharePrefix);
if (cartHelList != NULL)
{
struct hash *sharedHash = hashNew(0);
char **row;
struct sqlResult *sr;
sqlSafef(query, sizeof(query),
"select sessionName,shared from %s where userName = '%s'",
namedSessionTable, encUserName);
sr = sqlGetResult(conn, query);
while ((row = sqlNextRow(sr)) != NULL)
@@ -959,36 +948,37 @@
cgiAppendSForHttps(), cgiServerNamePort(), destAppScriptName(),
cartSessionVarName(), cartSessionId(cart));
}
if (lf != NULL)
{
cartLoadSettings(lf, cart, NULL, actionVar);
cartHideDefaultTracks(cart);
hubConnectLoadHubs(cart);
cartCopyCustomTracks(cart);
cartCheckForCustomTracks(cart, dyMessage);
lineFileClose(&lf);
}
return dyStringCannibalize(&dyMessage);
}
-char *doSessionDetail(char *sessionName)
+char *doSessionDetail(char *userName, char *sessionName)
/* Show details about a particular session. */
{
+if (userName == NULL)
+ return "Sorry, please log in again.";
struct dyString *dyMessage = dyStringNew(4096);
char *encSessionName = cgiEncodeFull(sessionName);
-char *userName = getLinkUserName();
char *encUserName = cgiEncodeFull(userName);
struct sqlConnection *conn = hConnectCentral();
struct sqlResult *sr = NULL;
char **row = NULL;
char query[512];
webPushErrHandlersCartDb(cart, cartUsualString(cart, "db", NULL));
boolean gotSettings = (sqlFieldIndex(conn, namedSessionTable, "settings") >= 0);
if (gotSettings)
sqlSafef(query, sizeof(query), "SELECT shared, firstUse, settings from %s "
"WHERE userName = '%s' AND sessionName = '%s'",
namedSessionTable, encUserName, encSessionName);
else
sqlSafef(query, sizeof(query), "SELECT shared, firstUse from %s "
"WHERE userName = '%s' AND sessionName = '%s'",
@@ -1061,39 +1051,40 @@
}
void renamePrefixedCartVar(char *prefix, char *oldName, char *newName)
/* If cart has prefix+oldName, replace it with prefix+newName = submit. */
{
char varName[256];
safef(varName, sizeof(varName), "%s%s", prefix, oldName);
if (cartVarExists(cart, varName))
{
cartRemove(cart, varName);
safef(varName, sizeof(varName), "%s%s", prefix, newName);
cartSetString(cart, varName, "submit");
}
}
-char *doSessionChange(char *oldSessionName)
+char *doSessionChange(char *userName, char *oldSessionName)
/* Process changes to session from session details page. */
{
+if (userName == NULL)
+ return "Unable to make changes to session. Please log in again.";
struct dyString *dyMessage = dyStringNew(1024);
webPushErrHandlersCartDb(cart, cartUsualString(cart, "db", NULL));
char *sessionName = oldSessionName;
char *encSessionName = cgiEncodeFull(sessionName);
char *encOldSessionName = encSessionName;
-char *userName = getLinkUserName();
char *encUserName = cgiEncodeFull(userName);
struct sqlConnection *conn = hConnectCentral();
struct sqlResult *sr = NULL;
char **row = NULL;
char query[512];
boolean shared = TRUE;
char *settings = NULL;
boolean gotSettings = (sqlFieldIndex(conn, namedSessionTable, "settings") >= 0);
if (gotSettings)
sqlSafef(query, sizeof(query), "SELECT shared, settings from %s "
"WHERE userName = '%s' AND sessionName = '%s'",
namedSessionTable, encUserName, encSessionName);
else
sqlSafef(query, sizeof(query), "SELECT shared from %s "
@@ -1190,83 +1181,85 @@
return dyStringCannibalize(&dyMessage);
}
void hgSession()
/* hgSession - Interface with wiki login and do session saving/loading.
* Here we set up cart and some global variables, dispatch the command,
* and put away the cart when it is done. */
{
struct hash *oldVars = hashNew(10);
/* Sometimes we output HTML and sometimes plain text; let each outputter
* take care of headers instead of using a fixed cart*Shell(). */
cart = cartAndCookieNoContent(hUserCookie(), excludeVars, oldVars);
+char *userName = wikiLinkEnabled() ? wikiLinkUserName() : NULL;
+
if (cartVarExists(cart, hgsDoMainPage) || cartVarExists(cart, hgsCancel))
- doMainPage(NULL);
+ doMainPage(userName, NULL);
else if (cartVarExists(cart, hgsDoNewSession))
{
- char *message = doNewSession();
- doMainPage(message);
+ char *message = doNewSession(userName);
+ doMainPage(userName, message);
}
else if (cartVarExists(cart, hgsDoOtherUser))
{
char *message = doOtherUser(hgsDoOtherUser);
- doMainPage(message);
+ doMainPage(userName, message);
}
else if (cartVarExists(cart, hgsDoSaveLocal))
{
doSaveLocal();
}
else if (cartVarExists(cart, hgsDoLoadLocal))
{
char *message = doLoad(FALSE, hgsDoLoadLocal);
- doMainPage(message);
+ doMainPage(userName, message);
}
else if (cartVarExists(cart, hgsDoLoadUrl))
{
char *message = doLoad(TRUE, hgsDoLoadUrl);
- doMainPage(message);
+ doMainPage(userName, message);
}
else if (cartVarExists(cart, hgsDoSessionDetail))
{
- char *message = doSessionDetail(cartString(cart, hgsDoSessionDetail));
- doMainPage(message);
+ char *message = doSessionDetail(userName, cartString(cart, hgsDoSessionDetail));
+ doMainPage(userName, message);
}
else if (cartVarExists(cart, hgsDoSessionChange))
{
- char *message = doSessionChange(cartString(cart, hgsOldSessionName));
- doMainPage(message);
+ char *message = doSessionChange(userName, cartString(cart, hgsOldSessionName));
+ doMainPage(userName, message);
}
else if (cartVarExists(cart, hgsOldSessionName))
{
- char *message1 = doSessionChange(cartString(cart, hgsOldSessionName));
- char *message2 = doUpdateSessions();
+ char *message1 = doSessionChange(userName, cartString(cart, hgsOldSessionName));
+ char *message2 = doUpdateSessions(userName);
char *message = message2;
if (!startsWith("No changes to session", message1))
{
size_t len = (sizeof message1[0]) * (strlen(message1) + strlen(message2) + 1);
message = needMem(len);
safef(message, len, "%s%s", message1, message2);
}
- doMainPage(message);
+ doMainPage(userName, message);
}
else
{
- char *message = doUpdateSessions();
- doMainPage(message);
+ char *message = doUpdateSessions(userName);
+ doMainPage(userName, message);
}
cleanHgSessionFromCart(cart);
/* Save the cart state: */
cartCheckout(&cart);
}
int main(int argc, char *argv[])
/* Process command line. */
{
long enteredMainTime = clock1000();
htmlPushEarlyHandlers();
cgiSpoof(&argc, argv);
setUdcCacheDir();
hgSession();