263daca0593f4d67610f2466cdcdb262f27d6a67 jcasper Thu Mar 23 10:22:32 2017 -0700 Changing your password now automatically logs you in; also fixed a javascript type error, refs #8351 diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c index 16b3106..34bb18e 100644 --- src/hg/hgLogin/hgLogin.c +++ src/hg/hgLogin/hgLogin.c @@ -296,60 +296,71 @@ if (!*(domain = ++c)) return 0; do { if (*c == '.') { if (c == domain || *(c - 1) == '.') return 0; count++; } if (*c <= ' ' || *c >= 127) return 0; if (strchr(rfc822_specials, *c)) return 0; } while (*++c); return (count >= 1); } +struct dyString *getLoginCookieJS(char *userName, uint idx) +/* returns javascript statements that set the cookies associated with + * logging in as a particular user */ +{ +struct dyString *result = dyStringNew(1024); +struct slName *newCookies = loginLoginUser(userName, idx), *sl; +for (sl = newCookies; sl != NULL; sl = sl->next) + dyStringPrintf(result, " document.cookie = '%s';", sl->name); +return result; +} + char *getReturnToURL() /* get URL from cart var returnto; if empty, make URL to hgSession on login host. */ { char *returnURL = cartUsualString(cart, "returnto", ""); char *hgLoginHost = wikiLinkHost(); char *cgiDir = cgiScriptDirUrl(); char returnTo[2048]; if (!returnURL || sameString(returnURL,"")) safef(returnTo, sizeof(returnTo), "http%s://%s%shgSession?hgS_doMainPage=1", cgiAppendSForHttps(), hgLoginHost, cgiDir); else safecpy(returnTo, sizeof(returnTo), returnURL); return cloneString(returnTo); } void returnToURL(int delay) /* delay for delay mill-seconds then return to the "returnto" URL */ { char *returnURL = getReturnToURL(); jsInlineF( "setTimeout(function(){location='%s';}, %d);\n" , returnURL, delay); } static void redirectToLoginPage(char *paramStr) /* redirect to hgLogin page with given parameter string */ { jsInlineF( - "window.location ='%s?%s'\n" + "window.location ='%s?%s';\n" , hgLoginUrl, paramStr); } void displayActMailSuccess() /* display Activate mail success box */ { char *returnURL = getReturnToURL(); hPrintf( "<div id=\"confirmationBox\" class=\"centeredContainer formBox\">" "\n" "<h2>%s</h2>", brwName); hPrintf( "<p id=\"confirmationMsg\" class=\"confirmationTxt\">A confirmation email has been sent to you. \n" "Please click the confirmation link in the email to activate your account.</p>" "\n" @@ -437,31 +448,31 @@ result = mailViaPipe(email, subject, msg, returnAddr); if (result == -1) { hPrintf( "<h2>%s</h2>", brwName); hPrintf( "<p align=\"left\">" "</p>" "<h3>Error emailing %s to: %s</h3>" "Click <a href=%s?hgLogin.do.displayAccHelpPage=1>here</a> to return.<br>", hgLoginUrl, obj, email ); } else { jsInlineF( - "window.location = '%s?hgLogin.do.displayMailSuccess=1'\n" + "window.location = '%s?hgLogin.do.displayMailSuccess=1';\n" , hgLoginUrl); } } void mailUsername(char *email, char *users) /* send user name list to the email address */ { char subject[256]; char msg[4096]; char *remoteAddr=getenv("REMOTE_ADDR"); safef(subject, sizeof(subject),"Your user name at the %s", brwName); safef(msg, sizeof(msg), " Someone (probably you, from IP address %s) has requested user name(s) associated with this email address at the %s: \n\n %s\n\n%s\n%s", remoteAddr, brwName, users, signature, returnAddr); @@ -500,31 +511,31 @@ result = mailViaPipe(email, subject, msg, returnAddr); if (result == -1) { hPrintf( "<h2>%s</h2>", brwName); hPrintf( "<p align=\"left\">" "</p>" "<h3>Error emailing %s to: %s</h3>" "Click <a href=%s?hgLogin.do.displayAccHelpPage=1>here</a> to return.<br>", hgLoginUrl, obj, email ); } else { jsInlineF( - "window.location = '%s?hgLogin.do.displayMailSuccessPwd=1&user=%s'\n" + "window.location = '%s?hgLogin.do.displayMailSuccessPwd=1&user=%s';\n" , hgLoginUrl, username); } } void sendNewPwdMail(char *username, char *email, char *password) /* send user new password */ { char subject[256]; char msg[4096]; char *remoteAddr=getenv("REMOTE_ADDR"); safef(subject, sizeof(subject),"New temporary password for your account at the %s", brwName); safef(msg, sizeof(msg), " Someone (probably you, from IP address %s) requested a new password for the %s (%s). A temporary password for user \"%s\" has been created and was set to \"%s\". If this was your intent, you will need to log in and choose a new password now. Your temporary password will expire in 7 days.\n\n If someone else made this request, or if you have remembered your password, and you no longer wish to change it, you may ignore this message and continue using your old password.\n\n%s\n%s", remoteAddr, brwName, brwAddr, username, password, signature, returnAddr); @@ -862,30 +873,34 @@ } char encPwd[45] = ""; encryptNewPwd(newPassword1, encPwd, sizeof(encPwd)); sqlSafef(query,sizeof(query), "UPDATE gbMembers SET password='%s' WHERE userName='%s'", encPwd, user); sqlUpdate(conn, query); clearNewPasswordFields(conn, user); hPrintf("<h2>%s</h2>", brwName); hPrintf( "<p align=\"left\">" "</p>" "<h3>Password has been changed.</h3>"); cartRemove(cart, "hgLogin_password"); cartRemove(cart, "hgLogin_newPassword1"); cartRemove(cart, "hgLogin_newPassword2"); +sqlSafef(query,sizeof(query),"SELECT * FROM gbMembers WHERE userName='%s'", user); +struct gbMembers *m = gbMembersLoadByQuery(conn, query); +struct dyString *cookieJS = getLoginCookieJS(user, m->idx); +jsInline(cookieJS->string); returnToURL(150); } void signupPage(struct sqlConnection *conn) /* draw the signup page */ { hPrintf("<div id=\"signUpBox\" class=\"centeredContainer formBox\">" "<h2>%s</h2>", brwName); hPrintf( "<p>Signing up enables you to save multiple sessions and to share your sessions with others.</p>" "Already have an account? <a href=\"%s?hgLogin.do.displayLoginPage=1\">Login</a>.<br>" "\n", hgLoginUrl); hPrintf("<h3>Sign Up</h3>" "<form method=\"post\" action=\"%s\" name=\"mainForm\">" "<span style='color:red;'>%s</span>" @@ -1143,34 +1158,33 @@ } void displayLoginSuccess(char *userName, uint idx) /* display login success msg, and set cookie */ { hPrintf("<h2>%s</h2>", brwName); hPrintf( "<p align=\"left\">" "</p>" "<span style='color:red;'></span>" "\n"); /* Set cookies */ struct dyString *javascript = dyStringNew(1024); dyStringPrintf(javascript, " document.write(\"Login successful, setting cookies now...\");"); -struct slName *newCookies = loginLoginUser(userName, idx), *sl; -for (sl = newCookies; sl != NULL; sl = sl->next) - dyStringPrintf(javascript, " document.cookie = '%s';", sl->name); jsInline(javascript->string); +struct dyString *cookieJS = getLoginCookieJS(userName, idx); +jsInline(cookieJS->string); cartRemove(cart,"hgLogin_userName"); returnToURL(150); } void displayLogin(struct sqlConnection *conn) /* display and process login info */ { struct sqlResult *sr; char **row; char query[256]; char *userName = cartUsualString(cart, "hgLogin_userName", ""); if (sameString(userName,"")) { freez(&errMsg); errMsg = cloneString("User name cannot be blank.");