return $template->output;
} #}}}
+# Important security check. Make sure to call this before saving any files
+# to the source directory.
+sub check_overwrite ($$) { #{{{
+ my $dest=shift;
+ my $src=shift;
+
+ if (! exists $renderedfiles{$src} && -e $dest) {
+ error("$dest exists and was not rendered from $src before, not overwriting");
+ }
+} #}}}
+
sub render ($) { #{{{
my $file=shift;
$content=htmlize($type, $content);
$content=finalize($content, $page);
+ check_overwrite("$destdir/".htmlpage($page), $page);
writefile("$destdir/".htmlpage($page), $content);
$oldpagemtime{$page}=time;
$renderedfiles{$page}=htmlpage($page);
}
else {
$links{$file}=[];
+ check_overwrite("$destdir/$file", $file);
writefile("$destdir/$file", $content);
$oldpagemtime{$file}=time;
$renderedfiles{$file}=$file;
$state='body';
}
elsif ($state eq 'body' && /$div/) {
- push @ret, { rev => $rev, user => $user,
+ my $committype="web";
+ if (defined $message[0] &&
+ $message[0]->{line}=~/^web commit by (\w+):?(.*)/) {
+ $user="$1";
+ $message[0]->{line}=$2;
+ }
+ else {
+ $committype="svn";
+ }
+
+ push @ret, { rev => $rev,
+ user => htmllink("", $user, 1),
+ committype => $committype,
when => $when, message => [@message],
pages => [@pages] } if @pages;
return @ret if @ret >= $num;
print $q->header, $template->output;
} #}}}
+sub userinfo_get ($$) { #{{{
+ my $user=shift;
+ my $field=shift;
+
+ eval q{use Storable};
+ my $userdata=eval{ Storable::lock_retrieve("$srcdir/.ikiwiki/userdb") };
+ if (! defined $userdata || ! ref $userdata ||
+ ! exists $userdata->{$user} || ! ref $userdata->{$user}) {
+ return "";
+ }
+ return $userdata->{$user}->{$field};
+} #}}}
+
+sub userinfo_set ($$) { #{{{
+ my $user=shift;
+ my $info=shift;
+
+ eval q{use Storable};
+ my $userdata=eval{ Storable::lock_retrieve("$srcdir/.ikiwiki/userdb") };
+ if (! defined $userdata || ! ref $userdata) {
+ $userdata={};
+ }
+ $userdata->{$user}=$info;
+ my $oldmask=umask(077);
+ my $ret=Storable::lock_store($userdata, "$srcdir/.ikiwiki/userdb");
+ umask($oldmask);
+ return $ret;
+} #}}}
+
sub cgi_signin ($$) { #{{{
my $q=shift;
my $session=shift;
header => 1,
method => 'POST',
validate => {
- name => '/^\w+$/',
confirm_password => {
perl => q{eq $form->field("password")},
},
$form->field(name => "password", type => "password", required => 0);
$form->field(name => "confirm_password", type => "password", required => 0);
$form->field(name => "email", required => 0);
- if ($session->param("name")) {
- $form->field(name => "name", value => $session->param("name"));
- }
if ($q->param("do") ne "signin") {
$form->text("You need to log in before you can edit pages.");
}
$form->field(name => $opt, required => 1);
}
- # Validate password differently depending on how form was
- # submitted.
+ # Validate password differently depending on how
+ # form was submitted.
if ($form->submitted eq 'Login') {
$form->field(
name => "password",
validate => sub {
- # TODO get real user password
- shift eq "foo";
+ length $form->field("name") &&
+ shift eq userinfo_get($form->field("name"), 'password');
},
);
+ $form->field(name => "name", validate => '/^\w+$/');
}
else {
$form->field(name => "password", validate => 'VALUE');
}
+ # And make sure the entered name exists when logging
+ # in or sending email, and does not when registering.
+ if ($form->submitted eq 'Register') {
+ $form->field(
+ name => "name",
+ validate => sub {
+ my $name=shift;
+ length $name &&
+ ! userinfo_get($name, "regdate");
+ },
+ );
+ }
+ else {
+ $form->field(
+ name => "name",
+ validate => sub {
+ my $name=shift;
+ length $name &&
+ userinfo_get($name, "regdate");
+ },
+ );
+ }
}
else {
- # Comments only shown first time.
+ # First time settings.
$form->field(name => "name", comment => "use FirstnameLastName");
$form->field(name => "confirm_password", comment => "(only needed");
$form->field(name => "email", comment => "for registration)");
+ if ($session->param("name")) {
+ $form->field(name => "name", value => $session->param("name"));
+ }
}
if ($form->submitted && $form->validate) {
}
}
elsif ($form->submitted eq 'Register') {
- # TODO: save registration info
- $form->field(name => "confirm_password", type => "hidden");
- $form->field(name => "email", type => "hidden");
- $form->text("Registration successful. Now you can Login.");
- print $session->header();
- print misctemplate($form->title, $form->render(submit => ["Login"]));
+ my $user_name=$form->field('name');
+ if (userinfo_set($user_name, {
+ 'email' => $form->field('email'),
+ 'password' => $form->field('password'),
+ 'regdate' => time
+ })) {
+ $form->field(name => "confirm_password", type => "hidden");
+ $form->field(name => "email", type => "hidden");
+ $form->text("Registration successful. Now you can Login.");
+ print $session->header();
+ print misctemplate($form->title, $form->render(submit => ["Login"]));
+ }
+ else {
+ error("Error saving registration.");
+ }
}
elsif ($form->submitted eq 'Mail Password') {
- # TODO mail password
+ my $user_name=$form->field("name");
+ my $template=HTML::Template->new(
+ filename => "$templatedir/passwordmail.tmpl"
+ );
+ $template->param(
+ user_name => $user_name,
+ user_password => userinfo_get($user_name, "password"),
+ wikiurl => $url,
+ wikiname => $wikiname,
+ REMOTE_ADDR => $ENV{REMOTE_ADDR},
+ );
+
+ eval q{use Mail::Sendmail};
+ my ($fromhost) = $cgiurl =~ m!/([^/]+)!;
+ print STDERR "$< $> >>> $cgiurl ".(getpwuid($>))[0]."@".$fromhost."\n";
+ sendmail(
+ To => userinfo_get($user_name, "email"),
+ From => "$wikiname admin <".(getpwuid($>))[0]."@".$fromhost.">",
+ Subject => "$wikiname information",
+ Message => $template->output,
+ ) or error("Failed to send mail");
+
$form->text("Your password has been emailed to you.");
+ $form->field(name => "name", required => 0);
print $session->header();
print misctemplate($form->title, $form->render(submit => ["Login", "Register", "Mail Password"]));
}
fields => [qw(do from page content comments)],
header => 1,
method => 'POST',
- validate => {},
- required => [qw{}],
+ validate => {
+ content => '/.+/',
+ },
+ required => [qw{content}],
javascript => 0,
params => $q,
action => $q->request_uri,
$form->field(name => "content", type => "textarea", rows => 20,
cols => 80);
+ if ($form->submitted eq "Cancel") {
+ print $q->redirect("$url/".htmlpage($page));
+ return;
+ }
if (! $form->submitted || ! $form->validate) {
if ($form->field("do") eq "create") {
if (exists $pagesources{lc($page)}) {
$form->tmpl_param("can_commit", $svn);
$form->tmpl_param("indexlink", indexlink());
- print $form->render(submit => ["Save Page"]);
+ print $form->render(submit => ["Save Page", "Cancel"]);
}
else {
# save page
else {
$message.="from $ENV{REMOTE_ADDR}";
}
- if (length $form->field('comments')) {
+ if (defined $form->field('comments') &&
+ length $form->field('comments')) {
$message.=": ".$form->field('comments');
}
refresh();
}
- print $q->redirect("$url/".htmlpage($page));
+ # The trailing question mark tries to avoid broken
+ # caches and get the most recent version of the page.
+ print $q->redirect("$url/".htmlpage($page)."?");
}
} #}}}
}
CGI::Session->name("ikiwiki_session");
- my $session = CGI::Session->new(undef, $q,
- { Directory=> "$srcdir/.ikiwiki/sessions" });
+
+ my $oldmask=umask(077);
+ my $session = CGI::Session->new("driver:db_file", $q,
+ { FileName => "$srcdir/.ikiwiki/sessions.db" });
+ umask($oldmask);
# Everything below this point needs the user to be signed in.
- if ((! $anonok && ! defined $session->param("name")) || $do eq 'signin') {
+ if ((! $anonok && ! defined $session->param("name") ||
+ ! userinfo_get($session->param("name"), "regdate")) || $do eq 'signin') {
cgi_signin($q, $session);
+
+ # Force session flush with safe umask.
+ my $oldmask=umask(077);
+ $session->flush;
+ umask($oldmask);
+
return;
}