5faaad7e4a0cde71c69f9c73db7fe94cf5db8bdc
angie
Thu Jun 9 11:42:40 2016 -0700
Revert "Added checking of wiki.loggedInCookie (numeric user ID) using random numbers as suggested by Max"
This reverts commit a240964d6dfdd6f8661487b64538d33518d88501.
Conflicts:
src/hg/hgSession/hgSession.c
-- doSessionDetail was moved up by Jonathan's changes, so it needed to be changed to get userName the old way.
diff --git src/hg/hgSession/hgSession.c src/hg/hgSession/hgSession.c
index 63998ff..e31e3a4 100644
--- src/hg/hgSession/hgSession.c
+++ src/hg/hgSession/hgSession.c
@@ -118,30 +118,42 @@
else
{
printf("Signing in enables you to save current settings into a "
"named session, and then restore settings from the session later.\n"
"If you wish, you can share named sessions with other users.\n");
printf("
The sign-in page is handled by our "
"wiki system:\n", wikiHost);
printf("click here to sign in.\n",
wikiLinkUserLoginUrl(cartSessionId(cart)));
printf("The wiki also serves as a forum for users "
"to share knowledge and ideas.\n");
}
}
+char *getLinkUserName()
+/* Return the user name specified in cookies from the browser, or NULL
+ * if
+ * the user doesn't appear to be logged in. */
+{
+if (wikiLinkEnabled())
+ {
+ return cloneString(wikiLinkUserName());
+ }
+return NULL;
+}
+
void showCartLinks()
/* Print out links to cartDump and cartReset. */
{
char *session = cartSidUrlString(cart);
char returnAddress[512];
safef(returnAddress, sizeof(returnAddress), "%s?%s", hgSessionName(), session);
printf("Click here to "
"reset the browser user interface settings to their defaults.\n",
session, cgiEncodeFull(returnAddress));
}
char *destAppScriptName()
/* Return the complete path (/cgi-bin/... on our systems) of the destination
@@ -609,50 +621,51 @@
dyStringPrintf(dyUrl, "?hgS_doLoadUrl=submit&hgS_loadUrlName=");
printf("
If a saved settings file is available from a web server, "
"you can send email to others with a link such as "
"%sU where U is the URL of your "
"settings file, e.g. http://www.mysite.edu/~me/mySession.txt . "
"In this type of link, you can replace "
"\"hgSession\" with \"hgTracks\" in order to proceed directly to "
"the Genome Browser. For an example page using such links "
"please see the Session Gallery.\n",
dyUrl->string);
printf("\n");
dyStringFree(&dyUrl);
}
-void doMainPage(char *userName, char *message)
+void doMainPage(char *message)
/* Login status/links and session controls. */
{
puts("Content-Type:text/html\n");
if (wikiLinkEnabled())
{
- if (userName)
- welcomeUser(userName);
+ char *wikiUserName = wikiLinkUserName();
+ if (wikiUserName)
+ welcomeUser(wikiUserName);
else
offerLogin();
if (isNotEmpty(message))
{
if (cartVarExists(cart, hgsDoSessionDetail))
webNewSection("Session Details");
else
webNewSection("Updated Session");
puts(message);
}
- showSessionControls(userName, TRUE, TRUE);
- showLinkingTemplates(userName);
+ showSessionControls(wikiUserName, TRUE, TRUE);
+ showLinkingTemplates(wikiUserName);
}
else
{
if (isNotEmpty(message))
{
if (cartVarExists(cart, hgsDoSessionDetail))
webNewSection("Session Details");
else
cartWebStart(cart, NULL, "Updated Session");
jsInit();
puts(message);
showSessionControls(NULL, FALSE, TRUE);
}
else
showSessionControls(NULL, FALSE, FALSE);
@@ -715,40 +728,39 @@
}
}
if (tdb->visibility != tvHide)
outIfNotPresent(cart, dy, tdb->track, tdb->visibility);
}
// Put a variable in the cart that says we put the default
// visibilities in it.
if (dy)
dyStringPrintf(dy,"&%s=on", CART_HAS_DEFAULT_VISIBILITY);
else
printf("%s on", CART_HAS_DEFAULT_VISIBILITY);
}
#define INITIAL_USE_COUNT 0
-char *doNewSession(char *userName)
+char *doNewSession()
/* Save current settings in a new named session.
* Return a message confirming what we did. */
{
-if (userName == NULL)
- return "Unable to save session -- please log in and try again.";
struct dyString *dyMessage = dyStringNew(2048);
char *sessionName = trimSpaces(cartString(cart, hgsNewSessionName));
char *encSessionName = cgiEncodeFull(sessionName);
boolean shareSession = cartBoolean(cart, hgsNewSessionShare);
+char *userName = getLinkUserName();
char *encUserName = cgiEncodeFull(userName);
struct sqlConnection *conn = hConnectCentral();
if (sqlTableExists(conn, namedSessionTable))
{
struct sqlResult *sr = NULL;
struct dyString *dy = dyStringNew(16 * 1024);
char **row;
char *firstUse = "now()";
int useCount = INITIAL_USE_COUNT;
char firstUseBuf[32];
/* If this session already existed, preserve its firstUse and useCount. */
sqlDyStringPrintf(dy, "SELECT firstUse, useCount FROM %s "
"WHERE userName = '%s' AND sessionName = '%s';",
@@ -865,37 +877,36 @@
"select m.idx, n.firstUse from gbMembers m join namedSessionDb n on m.userName = n.userName "
"where m.userName = \"%s\" and n.sessionName = \"%s\"",
encUserName, encSessionName);
sr = sqlGetResult(conn, query);
row = sqlNextRow(sr);
if (row == NULL)
errAbort("cannot remove session from gallery; user %s, session %s",
encUserName, encSessionName);
char *filePath = sessionThumbnailFilePath(row[0], encSessionName, row[1]);
if (filePath != NULL)
unlink(filePath);
sqlFreeResult(&sr);
}
-char *doSessionDetail(char *userName, char *sessionName)
+char *doSessionDetail(char *sessionName)
/* Show details about a particular session. */
{
-if (userName == NULL)
- return "Sorry, please log in again.";
struct dyString *dyMessage = dyStringNew(4096);
char *encSessionName = cgiEncodeFull(sessionName);
+char *userName = getLinkUserName();
char *encUserName = cgiEncodeFull(userName);
struct sqlConnection *conn = hConnectCentral();
struct sqlResult *sr = NULL;
char **row = NULL;
char query[512];
webPushErrHandlersCartDb(cart, cartUsualString(cart, "db", NULL));
boolean gotSettings = (sqlFieldIndex(conn, namedSessionTable, "settings") >= 0);
if (gotSettings)
sqlSafef(query, sizeof(query), "SELECT shared, firstUse, settings from %s "
"WHERE userName = '%s' AND sessionName = '%s'",
namedSessionTable, encUserName, encSessionName);
else
sqlSafef(query, sizeof(query), "SELECT shared, firstUse from %s "
"WHERE userName = '%s' AND sessionName = '%s'",
@@ -981,41 +992,40 @@
"Description:
\n"
"
\n",
hgsNewSessionDescription, 5, 80,
highlightAccChanges, highlightAccChanges, description);
}
dyStringAppend(dyMessage, "\n");
sqlFreeResult(&sr);
}
else
errAbort("doSessionDetail: got no results from query:
\n%s\n", query);
return dyStringCannibalize(&dyMessage);
}
-char *doUpdateSessions(char *userName)
+char *doUpdateSessions()
/* Look for cart variables matching prefixes for sharing/unsharing,
* loading or deleting a previously saved session.
* Return a message confirming what we did, or NULL if no such variables
* were in the cart. */
{
-if (userName == NULL)
- return NULL;
struct dyString *dyMessage = dyStringNew(1024);
struct hashEl *cartHelList = NULL, *hel = NULL;
struct sqlConnection *conn = hConnectCentral();
+char *userName = getLinkUserName();
char *encUserName = cgiEncodeFull(userName);
boolean didSomething = FALSE;
char query[512];
cartHelList = cartFindPrefix(cart, hgsGalleryPrefix);
if (cartHelList != NULL)
{
struct hash *galleryHash = hashNew(0);
char **row;
struct sqlResult *sr;
sqlSafef(query, sizeof(query),
"select sessionName,shared from %s where userName = '%s'",
namedSessionTable, encUserName);
sr = sqlGetResult(conn, query);
while ((row = sqlNextRow(sr)) != NULL)
@@ -1082,31 +1092,31 @@
htmlEncode(sessionName),
(newShared == TRUE ? "shared" : "unshared"));
if (newShared == FALSE && inGallery == TRUE)
thumbnailRemove(encUserName, encSessionName, conn);
didSomething = TRUE;
}
}
hashFree(&sharedHash);
}
hel = cartFindPrefix(cart, hgsEditPrefix);
if (hel != NULL)
{
char *encSessionName = hel->name + strlen(hgsEditPrefix);
char *sessionName = cgiDecodeClone(encSessionName);
- dyStringPrintf(dyMessage, "%s", doSessionDetail(userName, sessionName));
+ dyStringPrintf(dyMessage, "%s", doSessionDetail(sessionName));
didSomething = TRUE;
}
hel = cartFindPrefix(cart, hgsLoadPrefix);
if (hel != NULL)
{
char *encSessionName = hel->name + strlen(hgsLoadPrefix);
char *sessionName = cgiDecodeClone(encSessionName);
char wildStr[256];
safef(wildStr, sizeof(wildStr), "%s*", hgsLoadPrefix);
dyStringPrintf(dyMessage,
"Loaded settings from session %s. %s %s
\n",
htmlEncode(sessionName),
getSessionLink(encUserName, encSessionName),
getSessionEmailLink(encUserName, encSessionName));
@@ -1279,40 +1289,39 @@
}
void renamePrefixedCartVar(char *prefix, char *oldName, char *newName)
/* If cart has prefix+oldName, replace it with prefix+newName = submit. */
{
char varName[256];
safef(varName, sizeof(varName), "%s%s", prefix, oldName);
if (cartVarExists(cart, varName))
{
cartRemove(cart, varName);
safef(varName, sizeof(varName), "%s%s", prefix, newName);
cartSetString(cart, varName, "submit");
}
}
-char *doSessionChange(char *userName, char *oldSessionName)
+char *doSessionChange(char *oldSessionName)
/* Process changes to session from session details page. */
{
-if (userName == NULL)
- return "Unable to make changes to session. Please log in again.";
struct dyString *dyMessage = dyStringNew(1024);
webPushErrHandlersCartDb(cart, cartUsualString(cart, "db", NULL));
char *sessionName = oldSessionName;
char *encSessionName = cgiEncodeFull(sessionName);
char *encOldSessionName = encSessionName;
+char *userName = getLinkUserName();
char *encUserName = cgiEncodeFull(userName);
struct sqlConnection *conn = hConnectCentral();
struct sqlResult *sr = NULL;
char **row = NULL;
char query[512];
int shared = 1;
char *settings = NULL;
boolean gotSettings = (sqlFieldIndex(conn, namedSessionTable, "settings") >= 0);
if (gotSettings)
sqlSafef(query, sizeof(query), "SELECT shared, settings from %s "
"WHERE userName = '%s' AND sessionName = '%s'",
namedSessionTable, encUserName, encSessionName);
else
sqlSafef(query, sizeof(query), "SELECT shared from %s "
@@ -1429,85 +1438,83 @@
return dyStringCannibalize(&dyMessage);
}
void hgSession()
/* hgSession - Interface with wiki login and do session saving/loading.
* Here we set up cart and some global variables, dispatch the command,
* and put away the cart when it is done. */
{
struct hash *oldVars = hashNew(10);
/* Sometimes we output HTML and sometimes plain text; let each outputter
* take care of headers instead of using a fixed cart*Shell(). */
cart = cartAndCookieNoContent(hUserCookie(), excludeVars, oldVars);
-char *userName = wikiLinkEnabled() ? wikiLinkUserName() : NULL;
-
if (cartVarExists(cart, hgsDoMainPage) || cartVarExists(cart, hgsCancel))
- doMainPage(userName, NULL);
+ doMainPage(NULL);
else if (cartVarExists(cart, hgsDoNewSession))
{
- char *message = doNewSession(userName);
- doMainPage(userName, message);
+ char *message = doNewSession();
+ doMainPage(message);
}
else if (cartVarExists(cart, hgsDoOtherUser))
{
char *message = doOtherUser(hgsDoOtherUser);
- doMainPage(userName, message);
+ doMainPage(message);
}
else if (cartVarExists(cart, hgsDoSaveLocal))
{
doSaveLocal();
}
else if (cartVarExists(cart, hgsDoLoadLocal))
{
char *message = doLoad(FALSE, hgsDoLoadLocal);
- doMainPage(userName, message);
+ doMainPage(message);
}
else if (cartVarExists(cart, hgsDoLoadUrl))
{
char *message = doLoad(TRUE, hgsDoLoadUrl);
- doMainPage(userName, message);
+ doMainPage(message);
}
else if (cartVarExists(cart, hgsDoSessionDetail))
{
- char *message = doSessionDetail(userName, cartString(cart, hgsDoSessionDetail));
- doMainPage(userName, message);
+ char *message = doSessionDetail(cartString(cart, hgsDoSessionDetail));
+ doMainPage(message);
}
else if (cartVarExists(cart, hgsDoSessionChange))
{
- char *message = doSessionChange(userName, cartString(cart, hgsOldSessionName));
- doMainPage(userName, message);
+ char *message = doSessionChange(cartString(cart, hgsOldSessionName));
+ doMainPage(message);
}
else if (cartVarExists(cart, hgsOldSessionName))
{
- char *message1 = doSessionChange(userName, cartString(cart, hgsOldSessionName));
- char *message2 = doUpdateSessions(userName);
+ char *message1 = doSessionChange(cartString(cart, hgsOldSessionName));
+ char *message2 = doUpdateSessions();
char *message = message2;
if (!startsWith("No changes to session", message1))
{
size_t len = (sizeof message1[0]) * (strlen(message1) + strlen(message2) + 1);
message = needMem(len);
safef(message, len, "%s%s", message1, message2);
}
- doMainPage(userName, message);
+ doMainPage(message);
}
else
{
- char *message = doUpdateSessions(userName);
- doMainPage(userName, message);
+ char *message = doUpdateSessions();
+ doMainPage(message);
}
cleanHgSessionFromCart(cart);
/* Save the cart state: */
cartCheckout(&cart);
}
int main(int argc, char *argv[])
/* Process command line. */
{
long enteredMainTime = clock1000();
htmlPushEarlyHandlers();
cgiSpoof(&argc, argv);
setUdcCacheDir();
hgSession();