1 # ===================================================================== 2 # registerUser.awk: RPC I/O function for rpclib/registerUser. 3 # 4 # Copyright (c) 2007,2008,2009,2010,2021 Carlo Strozzi 5 # 6 # This program is free software; you can redistribute it and/or modify 7 # it under the terms of the GNU General Public License as published by 8 # the Free Software Foundation; version 2 dated June, 1991. 9 # 10 # This program is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public License 16 # along with this program; if not, write to the Free Software 17 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 18 # 19 # ===================================================================== 20 21 # ===================================================================== 22 # void _userproc(int mode) 23 # ===================================================================== 24 25 function _userproc(mode, value,len,a,i,j,tmp,tmp1) { 26 27 if (mode == _O_REQUEST) { # request. 28 29 # target group 30 value = _request("1",1) 31 32 # group must not be null and it may not contain the 33 # unescaped ``.'' character. 34 35 if (value != _NULL && value !~ /\./) { 36 _rcset("cgi.group",unixify(value)) 37 _rcset("cgi.group.literal",value) 38 } 39 40 # user-id will always be considered lower-case and using 41 # an e-mail should not be allowed, to prevent breaking 42 # privacy when a user-id is virtually cancelled. 43 44 value = tolower(_strip(_request("userid",1))) 45 len = length(value) 46 if (value ~ /^[a-z][-_a-z0-9.]*$/ && len > 4 && len < 17) { 47 _rcset("cgi.reg.userid",value) 48 49 # escape grep(1) regexp chars in user-id. 50 gsub(/[][\\^$.*|()]/,"\\&",value) 51 _rcset("cgi.grep.user",value) 52 } 53 54 # Handle malformed user-id by setting it to "." . 55 else if (value != _NULL) _rcset("cgi.reg.userid",".") 56 57 # password (case-sensitive). 58 value = _strip(_request("passwd",1)) 59 len = length(value) 60 61 if (value ~ /^[-+_a-zA-Z0-9.!:]+$/ && len > 5 && len < 51) { 62 _rcset("cgi.reg.passwd",value) 63 64 # If the user entered something in the password field, then 65 # if the verification field does not match then the password 66 # is assigned the bogus value "-", which will trigger the 67 # proper action in the underlying shell script. 68 69 if (_strip(_request("verify",1)) != value) 70 _rcset("cgi.reg.passwd","-") 71 } 72 73 # Handle malformed password by setting it to "." . 74 else if (value != _NULL) _rcset("cgi.reg.passwd",".") 75 76 # first name. 77 value = _request("fname",1) 78 gsub(/[\t\r\n<>,]+/," ",value) 79 if (value ~ /[a-zA-Z]/) 80 _rcset("cgi.reg.name_first", _strip(value,_O_MIDDLE)) 81 82 # last name. 83 value = _request("lname",1) 84 gsub(/[\t\r\n<>,]+/," ",value) 85 if (value ~ /[a-zA-Z]/) 86 _rcset("cgi.reg.name_last", _strip(value,_O_MIDDLE)) 87 88 # Full-name. Must be in the form "Last,First" and if present 89 # it will override first/last above. Note that if this field 90 # was obtained through OpenID and it is not in the expected 91 # format, then the user will have to fix it manually in the 92 # relevant entry field befor submitting the registration form, 93 # or the system will complain. 94 95 value = _request("name",1) 96 gsub(/[\t\r\n<>]+/," ",value) 97 len = length(value) 98 if (value ~ /[a-zA-Z]/ && value ~ /[^,]+,[^,]+/ && \ 99 len > 7 && len < 51) { 100 101 # The following heuristics is far from being bullet-proof 102 # (think of "Mr. Joseph Robert Smarr, Esq."), but that's it. 103 104 if (split(value,a,",") == 2) { 105 _rcset("cgi.reg.name_last", _strip(a[1],_O_MIDDLE)) 106 _rcset("cgi.reg.name_first", _strip(a[2],_O_MIDDLE)) 107 } 108 109 # Handle malformed fullname by setting first name to "." . 110 else _rcset("cgi.reg.name_first",".") 111 } 112 113 # Again, handle malformed fullname by setting first name to "." . 114 else if (value != _NULL) _rcset("cgi.reg.name_first",".") 115 116 # e-mail address. 117 value = _strip(_request("email",1)) 118 len = length(value) 119 if (_isemail(value) != _EINVAL && len > 4 && len < 51) 120 _rcset("cgi.reg.email",value) 121 122 # Optional OpenID URL. 123 124 if ((value=_strip(_request("openid",1),_O_CRUSH)) != _NULL) { 125 126 # Set bogus OpenID URL value if necessary, to trigger an 127 # exception in the underlying shell script. 128 129 if (_isuri(value) != _TRUE) value = "." 130 else if (value ~ /[\t\r\n<>]+/) value = "." 131 132 _rcset("cgi.reg.openid",value) 133 134 # escape grep(1) regexp chars in OpenID URL. 135 gsub(/[][\\^$.*|()]/,"\\&",value) 136 137 _rcset("cgi.grep.openid",value) 138 } 139 140 # Optional "watchlist". If specified, this is expected to be a 141 # list of node IDs of pages or forum threads the user wants to be 142 # notified about via e-mail when changes occur. It can be used 143 # to handle a "want newsletter(s)?" option and things like that. 144 # This can be either or both an rc(1) list and a comma-separated 145 # scalar, so let's be compatible with both forms. 146 147 value=_NULL; tmp1 = "," 148 tmp = tolower(_request("watchlist")) 149 gsub(/[\001, ]+/," ",tmp) 150 split(tmp,a," ") 151 for (i in a) { 152 if (a[i] ~ /^[1-9][0-9][0-9]+$/) { 153 # remove any duplicates along the way. 154 if (tmp1 !~ "," a[i] ",") value = value "," a[i] 155 tmp1 = tmp1 a[i] "," 156 } 157 } 158 159 sub(/^,+/,"",value); sub(/,+$/,"",value) 160 161 if (value != _NULL) _rcset("cgi.reg.watch",value) 162 163 # Optional user-specified list of authorization groups she wants 164 # to register with (if allowed). Input can be either or both an 165 # rc(1) list and a comma-separated scalar, so let's be compatible 166 # with both forms. 167 168 value=_NULL; tmp1 = "," 169 tmp = tolower(_request("auth")) 170 gsub(/[\001, ]+/," ",tmp) 171 split(tmp,a," ") 172 for (i in a) { 173 # remove any duplicates along the way. 174 if (a[i] ~ /^[a-z][a-z0-9]+$/) { 175 if (tmp1 !~ "," a[i] ",") value = value " " a[i] 176 tmp1 = tmp1 a[i] "," 177 } 178 } 179 180 if (split(value,a,/ +/)) { 181 182 # turn into the final rc(1) list. 183 for (i in a) _rcset("cgi.reg.auth",a[i],_NULL,_O_APPEND) 184 } 185 186 # Optional preferred editing user interface, only 187 # useful if the registering user will eventually 188 # be granted the group-editor status. 189 value = tolower(_strip(_request("gui",1))) 190 if (value ~ /^(parsewiki|rawhtml|tinymce|nicedit|ckeditor)$/) 191 _rcset("cgi.reg.gui",value) 192 193 # acceptance of privacy policy. 194 value = _strip(_request("privacy",1)) 195 if (_bool(value) == _TRUE) _rcset("cgi.privacy","y") 196 197 # Mandatory captcha code. 198 if ((value=_request("captcha",1)) != _NULL) { 199 gsub(/[\t\r\n<>]+/," ",value) 200 value = substr(_strip(value,_O_MIDDLE),1,32) 201 _rcset("cgi.captcha",value) 202 } 203 204 # The following test is necessary since the address could, 205 # at least in theory, have been set to any string by the 206 # remote user, due to how it is handled to cope with stunnel(8) 207 # and the lack of transproxy support in kernel 2.4.x. 208 209 if (_isipaddr(ENVIRON["REMOTE_ADDR"]) == _TRUE) 210 value = ENVIRON["REMOTE_ADDR"] 211 else value = "0.0.0.0" 212 213 _rcset("REMOTE_ADDR",value) 214 } 215 216 else { # response 217 218 # Remove surrounding commas from displayed value. 219 value = _rcget("tpl.var.tw.reg.auth",1) 220 sub(/^,+/,"",value); sub(/,+$/,"",value) 221 _response("tpl.var.tw.reg.auth",value) 222 } 223 } 224 225 # EOF