606 lines
17 KiB
C
606 lines
17 KiB
C
/*
|
|
* ws protocol handler plugin for "generic sessions"
|
|
*
|
|
* Copyright (C) 2010-2016 Andy Green <andy@warmcat.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation:
|
|
* version 2.1 of the License.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
|
* MA 02110-1301 USA
|
|
*/
|
|
|
|
#include "private-lwsgs.h"
|
|
|
|
/* handle account confirmation links */
|
|
|
|
int
|
|
lwsgs_handler_confirm(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
|
struct per_session_data__gs *pss)
|
|
{
|
|
char cookie[1024], s[256], esc[50];
|
|
struct lws_gs_event_args a;
|
|
struct lwsgs_user u;
|
|
|
|
if (lws_hdr_copy_fragment(wsi, cookie, sizeof(cookie),
|
|
WSI_TOKEN_HTTP_URI_ARGS, 0) < 0)
|
|
goto verf_fail;
|
|
|
|
if (strncmp(cookie, "token=", 6))
|
|
goto verf_fail;
|
|
|
|
u.username[0] = '\0';
|
|
lws_snprintf(s, sizeof(s) - 1,
|
|
"select username,email,verified from users where token = '%s';",
|
|
lws_sql_purify(esc, &cookie[6], sizeof(esc) - 1));
|
|
if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) !=
|
|
SQLITE_OK) {
|
|
lwsl_err("Unable to lookup token: %s\n",
|
|
sqlite3_errmsg(vhd->pdb));
|
|
goto verf_fail;
|
|
}
|
|
|
|
if (!u.username[0] || u.verified != 1) {
|
|
lwsl_notice("verify token doesn't map to unverified user\n");
|
|
goto verf_fail;
|
|
}
|
|
|
|
lwsl_notice("Verifying %s\n", u.username);
|
|
lws_snprintf(s, sizeof(s) - 1,
|
|
"update users set verified=%d where username='%s';",
|
|
LWSGS_VERIFIED_ACCEPTED,
|
|
lws_sql_purify(esc, u.username, sizeof(esc) - 1));
|
|
if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) !=
|
|
SQLITE_OK) {
|
|
lwsl_err("Unable to lookup token: %s\n",
|
|
sqlite3_errmsg(vhd->pdb));
|
|
|
|
goto verf_fail;
|
|
}
|
|
|
|
lwsl_notice("deleting account\n");
|
|
|
|
a.event = LWSGSE_CREATED;
|
|
a.username = u.username;
|
|
a.email = u.email;
|
|
lws_callback_vhost_protocols(wsi, LWS_CALLBACK_GS_EVENT, &a, 0);
|
|
|
|
lws_snprintf(pss->onward, sizeof(pss->onward),
|
|
"%s/post-verify-ok.html", vhd->email_confirm_url);
|
|
|
|
pss->login_expires = lws_now_secs() + vhd->timeout_absolute_secs;
|
|
|
|
pss->delete_session.id[0] = '\0';
|
|
lwsgs_get_sid_from_wsi(wsi, &pss->delete_session);
|
|
|
|
/* we need to create a new, authorized session */
|
|
|
|
if (lwsgs_new_session_id(vhd, &pss->login_session, u.username,
|
|
pss->login_expires))
|
|
goto verf_fail;
|
|
|
|
lwsl_notice("Creating new session: %s, redir to %s\n",
|
|
pss->login_session.id, pss->onward);
|
|
|
|
return 0;
|
|
|
|
verf_fail:
|
|
pss->delete_session.id[0] = '\0';
|
|
lwsgs_get_sid_from_wsi(wsi, &pss->delete_session);
|
|
pss->login_expires = 0;
|
|
|
|
lws_snprintf(pss->onward, sizeof(pss->onward), "%s/post-verify-fail.html",
|
|
vhd->email_confirm_url);
|
|
|
|
return 1;
|
|
}
|
|
|
|
/* handle forgot password confirmation links */
|
|
|
|
int
|
|
lwsgs_handler_forgot(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
|
struct per_session_data__gs *pss)
|
|
{
|
|
char cookie[1024], s[256], esc[50];
|
|
struct lwsgs_user u;
|
|
const char *a;
|
|
|
|
a = lws_get_urlarg_by_name(wsi, "token=", cookie, sizeof(cookie));
|
|
if (!a)
|
|
goto forgot_fail;
|
|
|
|
u.username[0] = '\0';
|
|
lws_snprintf(s, sizeof(s) - 1,
|
|
"select username,verified from users where verified=%d and "
|
|
"token = '%s' and token_time != 0;",
|
|
LWSGS_VERIFIED_ACCEPTED,
|
|
lws_sql_purify(esc, &cookie[6], sizeof(esc) - 1));
|
|
if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) !=
|
|
SQLITE_OK) {
|
|
lwsl_err("Unable to lookup token: %s\n",
|
|
sqlite3_errmsg(vhd->pdb));
|
|
|
|
goto forgot_fail;
|
|
}
|
|
|
|
if (!u.username[0]) {
|
|
puts(s);
|
|
lwsl_notice("forgot token doesn't map to verified user\n");
|
|
goto forgot_fail;
|
|
}
|
|
|
|
/* mark user as having validated forgot flow just now */
|
|
|
|
lws_snprintf(s, sizeof(s) - 1,
|
|
"update users set token_time=0,last_forgot_validated=%lu "
|
|
"where username='%s';",
|
|
(unsigned long)lws_now_secs(),
|
|
lws_sql_purify(esc, u.username, sizeof(esc) - 1));
|
|
|
|
if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) !=
|
|
SQLITE_OK) {
|
|
lwsl_err("Unable to lookup token: %s\n",
|
|
sqlite3_errmsg(vhd->pdb));
|
|
goto forgot_fail;
|
|
}
|
|
|
|
a = lws_get_urlarg_by_name(wsi, "good=", cookie, sizeof(cookie));
|
|
if (!a)
|
|
a = "broken-forget-post-good-url";
|
|
|
|
lws_snprintf(pss->onward, sizeof(pss->onward),
|
|
"%s/%s", vhd->email_confirm_url, a);
|
|
|
|
pss->login_expires = lws_now_secs() + vhd->timeout_absolute_secs;
|
|
|
|
pss->delete_session.id[0] = '\0';
|
|
lwsgs_get_sid_from_wsi(wsi, &pss->delete_session);
|
|
|
|
/* we need to create a new, authorized session */
|
|
if (lwsgs_new_session_id(vhd, &pss->login_session,
|
|
u.username,
|
|
pss->login_expires))
|
|
goto forgot_fail;
|
|
|
|
lwsl_notice("Creating new session: %s, redir to %s\n",
|
|
pss->login_session.id, pss->onward);
|
|
|
|
return 0;
|
|
|
|
forgot_fail:
|
|
pss->delete_session.id[0] = '\0';
|
|
lwsgs_get_sid_from_wsi(wsi, &pss->delete_session);
|
|
pss->login_expires = 0;
|
|
|
|
a = lws_get_urlarg_by_name(wsi, "bad=", cookie, sizeof(cookie));
|
|
if (!a)
|
|
a = "broken-forget-post-bad-url";
|
|
|
|
lws_snprintf(pss->onward, sizeof(pss->onward), "%s/%s",
|
|
vhd->email_confirm_url, a);
|
|
|
|
return 1;
|
|
}
|
|
|
|
/* support dynamic username / email checking */
|
|
|
|
int
|
|
lwsgs_handler_check(struct per_vhost_data__gs *vhd,
|
|
struct lws *wsi, struct per_session_data__gs *pss)
|
|
{
|
|
static const char * const colname[] = { "username", "email" };
|
|
char cookie[1024], s[256], esc[50], *pc;
|
|
unsigned char *p, *start, *end, buffer[LWS_PRE + 256];
|
|
struct lwsgs_user u;
|
|
int n;
|
|
|
|
/*
|
|
* either /check?email=xxx@yyy or: /check?username=xxx
|
|
* returns '0' if not already registered, else '1'
|
|
*/
|
|
|
|
u.username[0] = '\0';
|
|
if (lws_hdr_copy_fragment(wsi, cookie, sizeof(cookie),
|
|
WSI_TOKEN_HTTP_URI_ARGS, 0) < 0)
|
|
goto reply;
|
|
|
|
n = !strncmp(cookie, "email=", 6);
|
|
pc = strchr(cookie, '=');
|
|
if (!pc) {
|
|
lwsl_notice("cookie has no =\n");
|
|
goto reply;
|
|
}
|
|
pc++;
|
|
|
|
/* admin user cannot be registered in user db */
|
|
if (!strcmp(vhd->admin_user, pc)) {
|
|
u.username[0] = 'a';
|
|
goto reply;
|
|
}
|
|
|
|
lws_snprintf(s, sizeof(s) - 1,
|
|
"select username, email from users where %s = '%s';",
|
|
colname[n], lws_sql_purify(esc, pc, sizeof(esc) - 1));
|
|
if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) !=
|
|
SQLITE_OK) {
|
|
lwsl_err("Unable to lookup token: %s\n",
|
|
sqlite3_errmsg(vhd->pdb));
|
|
goto reply;
|
|
}
|
|
|
|
reply:
|
|
s[0] = '0' + !!u.username[0];
|
|
p = buffer + LWS_PRE;
|
|
start = p;
|
|
end = p + sizeof(buffer) - LWS_PRE;
|
|
|
|
if (lws_add_http_header_status(wsi, HTTP_STATUS_OK, &p, end))
|
|
return -1;
|
|
if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE,
|
|
(unsigned char *)"text/plain", 10,
|
|
&p, end))
|
|
return -1;
|
|
|
|
if (lws_add_http_header_content_length(wsi, 1, &p, end))
|
|
return -1;
|
|
|
|
if (lws_finalize_http_header(wsi, &p, end))
|
|
return -1;
|
|
|
|
n = lws_write(wsi, start, p - start, LWS_WRITE_HTTP_HEADERS);
|
|
if (n != (p - start)) {
|
|
lwsl_err("_write returned %d from %ld\n", n, (long)(p - start));
|
|
return -1;
|
|
}
|
|
n = lws_write(wsi, (unsigned char *)s, 1, LWS_WRITE_HTTP);
|
|
if (n != 1)
|
|
return -1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
/* handle forgot password confirmation links */
|
|
|
|
int
|
|
lwsgs_handler_change_password(struct per_vhost_data__gs *vhd, struct lws *wsi,
|
|
struct per_session_data__gs *pss)
|
|
{
|
|
char s[256], esc[50], username[50];
|
|
struct lwsgs_user u;
|
|
lwsgw_hash sid;
|
|
int n = 0;
|
|
|
|
/* see if he's logged in */
|
|
username[0] = '\0';
|
|
if (!lwsgs_get_sid_from_wsi(wsi, &sid)) {
|
|
u.username[0] = '\0';
|
|
if (!lwsgs_lookup_session(vhd, &sid, username, sizeof(username))) {
|
|
n = 1; /* yes, logged in */
|
|
if (lwsgs_lookup_user(vhd, username, &u))
|
|
return 1;
|
|
|
|
/* did a forgot pw ? */
|
|
if (u.last_forgot_validated > lws_now_secs() - 300) {
|
|
n |= LWSGS_AUTH_FORGOT_FLOW;
|
|
lwsl_debug("within forgot password flow\n");
|
|
}
|
|
}
|
|
}
|
|
|
|
lwsl_debug("auth value %d\n", n);
|
|
|
|
/* if he just did forgot pw flow, don't need old pw */
|
|
if ((n & (LWSGS_AUTH_FORGOT_FLOW | 1)) != (LWSGS_AUTH_FORGOT_FLOW | 1)) {
|
|
/* otherwise user:pass must be right */
|
|
lwsl_debug("checking pw\n");
|
|
if (lwsgs_check_credentials(vhd,
|
|
lws_spa_get_string(pss->spa, FGS_USERNAME),
|
|
lws_spa_get_string(pss->spa, FGS_CURPW))) {
|
|
lwsl_notice("credentials bad\n");
|
|
return 1;
|
|
}
|
|
|
|
lwsl_debug("current pw checks out\n");
|
|
|
|
strncpy(u.username, lws_spa_get_string(pss->spa, FGS_USERNAME), sizeof(u.username) - 1);
|
|
u.username[sizeof(u.username) - 1] = '\0';
|
|
}
|
|
|
|
/* does he want to delete his account? */
|
|
|
|
if (lws_spa_get_length(pss->spa, FGS_DELETE)) {
|
|
struct lws_gs_event_args a;
|
|
|
|
lwsl_notice("deleting account\n");
|
|
|
|
a.event = LWSGSE_DELETED;
|
|
a.username = u.username;
|
|
a.email = "";
|
|
lws_callback_vhost_protocols(wsi, LWS_CALLBACK_GS_EVENT, &a, 0);
|
|
|
|
lws_snprintf(s, sizeof(s) - 1,
|
|
"delete from users where username='%s';"
|
|
"delete from sessions where username='%s';",
|
|
lws_sql_purify(esc, u.username, sizeof(esc) - 1),
|
|
lws_sql_purify(esc, u.username, sizeof(esc) - 1));
|
|
goto sql;
|
|
}
|
|
|
|
if (lwsgs_hash_password(vhd, lws_spa_get_string(pss->spa, FGS_PASSWORD), &u))
|
|
return 1;
|
|
|
|
lwsl_notice("updating password hash\n");
|
|
|
|
lws_snprintf(s, sizeof(s) - 1,
|
|
"update users set pwhash='%s', pwsalt='%s', "
|
|
"last_forgot_validated=0 where username='%s';",
|
|
u.pwhash.id, u.pwsalt.id,
|
|
lws_sql_purify(esc, u.username, sizeof(esc) - 1));
|
|
|
|
sql:
|
|
if (sqlite3_exec(vhd->pdb, s, NULL, NULL, NULL) != SQLITE_OK) {
|
|
lwsl_err("Unable to update pw hash: %s\n",
|
|
sqlite3_errmsg(vhd->pdb));
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int
|
|
lwsgs_handler_forgot_pw_form(struct per_vhost_data__gs *vhd,
|
|
struct lws *wsi,
|
|
struct per_session_data__gs *pss)
|
|
{
|
|
char s[LWSGS_EMAIL_CONTENT_SIZE];
|
|
unsigned char buffer[LWS_PRE + LWSGS_EMAIL_CONTENT_SIZE];
|
|
char esc[50], esc1[50], esc2[50], esc3[50], esc4[50];
|
|
struct lwsgs_user u;
|
|
lwsgw_hash hash;
|
|
unsigned char sid_rand[20];
|
|
int n;
|
|
|
|
lwsl_notice("FORGOT %s %s\n",
|
|
lws_spa_get_string(pss->spa, FGS_USERNAME),
|
|
lws_spa_get_string(pss->spa, FGS_EMAIL));
|
|
|
|
if (!lws_spa_get_string(pss->spa, FGS_USERNAME) &&
|
|
!lws_spa_get_string(pss->spa, FGS_EMAIL)) {
|
|
lwsl_err("Form must provide either "
|
|
"username or email\n");
|
|
return -1;
|
|
}
|
|
|
|
if (!lws_spa_get_string(pss->spa, FGS_FORGOT_GOOD) ||
|
|
!lws_spa_get_string(pss->spa, FGS_FORGOT_BAD) ||
|
|
!lws_spa_get_string(pss->spa, FGS_FORGOT_POST_GOOD) ||
|
|
!lws_spa_get_string(pss->spa, FGS_FORGOT_POST_BAD)) {
|
|
lwsl_err("Form must provide reg-good "
|
|
"and reg-bad (and post-*)"
|
|
"targets\n");
|
|
return -1;
|
|
}
|
|
|
|
u.username[0] = '\0';
|
|
if (lws_spa_get_string(pss->spa, FGS_USERNAME))
|
|
lws_snprintf(s, sizeof(s) - 1,
|
|
"select username,email "
|
|
"from users where username = '%s';",
|
|
lws_sql_purify(esc, lws_spa_get_string(pss->spa, FGS_USERNAME),
|
|
sizeof(esc) - 1));
|
|
else
|
|
lws_snprintf(s, sizeof(s) - 1,
|
|
"select username,email "
|
|
"from users where email = '%s';",
|
|
lws_sql_purify(esc, lws_spa_get_string(pss->spa, FGS_EMAIL), sizeof(esc) - 1));
|
|
if (sqlite3_exec(vhd->pdb, s, lwsgs_lookup_callback_user, &u, NULL) !=
|
|
SQLITE_OK) {
|
|
lwsl_err("Unable to lookup token: %s\n",
|
|
sqlite3_errmsg(vhd->pdb));
|
|
return 1;
|
|
}
|
|
if (!u.username[0]) {
|
|
lwsl_err("No match found %s\n", s);
|
|
return 1;
|
|
}
|
|
|
|
lws_get_peer_simple(wsi, pss->ip, sizeof(pss->ip));
|
|
if (lws_get_random(vhd->context, sid_rand,
|
|
sizeof(sid_rand)) !=
|
|
sizeof(sid_rand)) {
|
|
lwsl_err("Problem getting random for token\n");
|
|
return 1;
|
|
}
|
|
sha1_to_lwsgw_hash(sid_rand, &hash);
|
|
n = lws_snprintf(s, sizeof(s),
|
|
"From: Forgot Password Assistant Noreply <%s>\n"
|
|
"To: %s <%s>\n"
|
|
"Subject: Password reset request\n"
|
|
"\n"
|
|
"Hello, %s\n\n"
|
|
"We received a password reset request from IP %s for this email,\n"
|
|
"to confirm you want to do that, please click the link below.\n\n",
|
|
lws_sql_purify(esc, vhd->email.email_from, sizeof(esc) - 1),
|
|
lws_sql_purify(esc1, u.username, sizeof(esc1) - 1),
|
|
lws_sql_purify(esc2, u.email, sizeof(esc2) - 1),
|
|
lws_sql_purify(esc3, u.username, sizeof(esc3) - 1),
|
|
lws_sql_purify(esc4, pss->ip, sizeof(esc4) - 1));
|
|
lws_snprintf(s + n, sizeof(s) -n,
|
|
"%s/lwsgs-forgot?token=%s"
|
|
"&good=%s"
|
|
"&bad=%s\n\n"
|
|
"If this request is unexpected, please ignore it and\n"
|
|
"no further action will be taken.\n\n"
|
|
"If you have any questions or concerns about this\n"
|
|
"automated email, you can contact a real person at\n"
|
|
"%s.\n"
|
|
"\n.\n",
|
|
vhd->email_confirm_url, hash.id,
|
|
lws_urlencode(esc1,
|
|
lws_spa_get_string(pss->spa, FGS_FORGOT_POST_GOOD),
|
|
sizeof(esc1) - 1),
|
|
lws_urlencode(esc3,
|
|
lws_spa_get_string(pss->spa, FGS_FORGOT_POST_BAD),
|
|
sizeof(esc3) - 1),
|
|
vhd->email_contact_person);
|
|
|
|
lws_snprintf((char *)buffer, sizeof(buffer) - 1,
|
|
"insert into email(username, content)"
|
|
" values ('%s', '%s');",
|
|
lws_sql_purify(esc, u.username, sizeof(esc) - 1), s);
|
|
if (sqlite3_exec(vhd->pdb, (char *)buffer, NULL,
|
|
NULL, NULL) != SQLITE_OK) {
|
|
lwsl_err("Unable to insert email: %s\n",
|
|
sqlite3_errmsg(vhd->pdb));
|
|
return 1;
|
|
}
|
|
|
|
lws_snprintf(s, sizeof(s) - 1,
|
|
"update users set token='%s',token_time='%ld' where username='%s';",
|
|
hash.id, (long)lws_now_secs(),
|
|
lws_sql_purify(esc, u.username, sizeof(esc) - 1));
|
|
if (sqlite3_exec(vhd->pdb, s, NULL, NULL, NULL) !=
|
|
SQLITE_OK) {
|
|
lwsl_err("Unable to set token: %s\n",
|
|
sqlite3_errmsg(vhd->pdb));
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int
|
|
lwsgs_handler_register_form(struct per_vhost_data__gs *vhd,
|
|
struct lws *wsi,
|
|
struct per_session_data__gs *pss)
|
|
{
|
|
unsigned char buffer[LWS_PRE + LWSGS_EMAIL_CONTENT_SIZE];
|
|
char esc[50], esc1[50], esc2[50], esc3[50], esc4[50];
|
|
char s[LWSGS_EMAIL_CONTENT_SIZE];
|
|
unsigned char sid_rand[20];
|
|
struct lwsgs_user u;
|
|
lwsgw_hash hash;
|
|
|
|
lwsl_notice("REGISTER %s %s %s\n",
|
|
lws_spa_get_string(pss->spa, FGS_USERNAME),
|
|
lws_spa_get_string(pss->spa, FGS_PASSWORD),
|
|
lws_spa_get_string(pss->spa, FGS_EMAIL));
|
|
if (lwsgs_get_sid_from_wsi(wsi,
|
|
&pss->login_session))
|
|
return 1;
|
|
|
|
lws_get_peer_simple(wsi, pss->ip, sizeof(pss->ip));
|
|
lwsl_notice("IP=%s\n", pss->ip);
|
|
|
|
if (!lws_spa_get_string(pss->spa, FGS_REG_GOOD) ||
|
|
!lws_spa_get_string(pss->spa, FGS_REG_BAD)) {
|
|
lwsl_info("Form must provide reg-good and reg-bad targets\n");
|
|
return -1;
|
|
}
|
|
|
|
/* admin user cannot be registered in user db */
|
|
if (!strcmp(vhd->admin_user,
|
|
lws_spa_get_string(pss->spa, FGS_USERNAME)))
|
|
return 1;
|
|
|
|
if (!lwsgs_lookup_user(vhd,
|
|
lws_spa_get_string(pss->spa, FGS_USERNAME), &u)) {
|
|
lwsl_notice("user %s already registered\n",
|
|
lws_spa_get_string(pss->spa, FGS_USERNAME));
|
|
return 1;
|
|
}
|
|
|
|
u.username[0] = '\0';
|
|
lws_snprintf(s, sizeof(s) - 1, "select username, email from users where email = '%s';",
|
|
lws_sql_purify(esc, lws_spa_get_string(pss->spa, FGS_EMAIL),
|
|
sizeof(esc) - 1));
|
|
|
|
if (sqlite3_exec(vhd->pdb, s,
|
|
lwsgs_lookup_callback_user, &u, NULL) != SQLITE_OK) {
|
|
lwsl_err("Unable to lookup token: %s\n",
|
|
sqlite3_errmsg(vhd->pdb));
|
|
return 1;
|
|
}
|
|
|
|
if (u.username[0]) {
|
|
lwsl_notice("email %s already in use\n",
|
|
lws_spa_get_string(pss->spa, FGS_USERNAME));
|
|
return 1;
|
|
}
|
|
|
|
if (lwsgs_hash_password(vhd, lws_spa_get_string(pss->spa, FGS_PASSWORD),
|
|
&u)) {
|
|
lwsl_err("Password hash failed\n");
|
|
return 1;
|
|
}
|
|
|
|
if (lws_get_random(vhd->context, sid_rand, sizeof(sid_rand)) !=
|
|
sizeof(sid_rand)) {
|
|
lwsl_err("Problem getting random for token\n");
|
|
return 1;
|
|
}
|
|
sha1_to_lwsgw_hash(sid_rand, &hash);
|
|
|
|
lws_snprintf((char *)buffer, sizeof(buffer) - 1,
|
|
"insert into users(username,"
|
|
" creation_time, ip, email, verified,"
|
|
" pwhash, pwsalt, token, last_forgot_validated)"
|
|
" values ('%s', %lu, '%s', '%s', 0,"
|
|
" '%s', '%s', '%s', 0);",
|
|
lws_sql_purify(esc, lws_spa_get_string(pss->spa, FGS_USERNAME), sizeof(esc) - 1),
|
|
(unsigned long)lws_now_secs(),
|
|
lws_sql_purify(esc1, pss->ip, sizeof(esc1) - 1),
|
|
lws_sql_purify(esc2, lws_spa_get_string(pss->spa, FGS_EMAIL), sizeof(esc2) - 1),
|
|
u.pwhash.id, u.pwsalt.id, hash.id);
|
|
|
|
if (sqlite3_exec(vhd->pdb, (char *)buffer, NULL, NULL, NULL) != SQLITE_OK) {
|
|
lwsl_err("Unable to insert user: %s\n",
|
|
sqlite3_errmsg(vhd->pdb));
|
|
return 1;
|
|
}
|
|
|
|
lws_snprintf(s, sizeof(s),
|
|
"From: Noreply <%s>\n"
|
|
"To: %s <%s>\n"
|
|
"Subject: Registration verification\n"
|
|
"\n"
|
|
"Hello, %s\n\n"
|
|
"We received a registration from IP %s using this email,\n"
|
|
"to confirm it is legitimate, please click the link below.\n\n"
|
|
"%s/lwsgs-confirm?token=%s\n\n"
|
|
"If this request is unexpected, please ignore it and\n"
|
|
"no further action will be taken.\n\n"
|
|
"If you have any questions or concerns about this\n"
|
|
"automated email, you can contact a real person at\n"
|
|
"%s.\n"
|
|
"\n.\n",
|
|
lws_sql_purify(esc, vhd->email.email_from, sizeof(esc) - 1),
|
|
lws_sql_purify(esc1, lws_spa_get_string(pss->spa, FGS_USERNAME), sizeof(esc1) - 1),
|
|
lws_sql_purify(esc2, lws_spa_get_string(pss->spa, FGS_EMAIL), sizeof(esc2) - 1),
|
|
lws_sql_purify(esc3, lws_spa_get_string(pss->spa, FGS_USERNAME), sizeof(esc3) - 1),
|
|
lws_sql_purify(esc4, pss->ip, sizeof(esc4) - 1),
|
|
vhd->email_confirm_url, hash.id,
|
|
vhd->email_contact_person);
|
|
|
|
lws_snprintf((char *)buffer, sizeof(buffer) - 1,
|
|
"insert into email(username, content) values ('%s', '%s');",
|
|
lws_sql_purify(esc, lws_spa_get_string(pss->spa, FGS_USERNAME),
|
|
sizeof(esc) - 1), s);
|
|
|
|
if (sqlite3_exec(vhd->pdb, (char *)buffer, NULL, NULL, NULL) != SQLITE_OK) {
|
|
lwsl_err("Unable to insert email: %s\n",
|
|
sqlite3_errmsg(vhd->pdb));
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|