summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CMakeLists.txt3
-rw-r--r--sql/sqlite3.sql4
-rw-r--r--src/cracklib.cpp22
-rw-r--r--src/cracklib.hpp13
-rw-r--r--src/master.cpp5
-rw-r--r--src/master_content.hpp1
-rw-r--r--src/user.cpp53
-rw-r--r--src/user.hpp8
-rw-r--r--src/user_content.hpp1
-rw-r--r--templates/master.tmpl4
10 files changed, 97 insertions, 17 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 00812f3..af1da58 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -48,6 +48,7 @@ set(SRC
src/main.cpp
src/strusCms.cpp
src/captcha.cpp
+ src/cracklib.cpp
src/mail.cpp
src/master.cpp
src/intro.cpp
@@ -75,7 +76,7 @@ endif()
link_directories( "${PROJECT_SOURCE_DIR}/3rdParty/captcha" )
link_directories( "${PROJECT_SOURCE_DIR}/3rdParty/libb64" )
link_directories( "${PROJECT_SOURCE_DIR}/3rdParty/libquickmail" )
-target_link_libraries(strusCms ${BOOSTER} ${CPPCMS} ${CPPDB} captcha b64 quickmail curl cryptopp)
+target_link_libraries(strusCms ${BOOSTER} ${CPPCMS} ${CPPDB} captcha b64 quickmail curl cryptopp crack)
#~ set(LOCALES de fr)
#~
diff --git a/sql/sqlite3.sql b/sql/sqlite3.sql
index ff22476..46a9d83 100644
--- a/sql/sqlite3.sql
+++ b/sql/sqlite3.sql
@@ -17,6 +17,7 @@ insert into userstatus values( 'D', 'User disabled' );
create table user(
id integer primary key autoincrement not null,
username varchar(32) unique not null,
+ printname varchar(32) unique not null,
password varchar(32) not null,
email varchar(32),
status char(1) references userstatus(status) default 'U',
@@ -24,7 +25,8 @@ create table user(
code varchar(32)
);
-insert into user(username, password, status) values('admin','admin', 'A');
+-- dangerous, disable default admin if necessary
+insert into user( username, printname, password, status ) values( 'admin', 'The Root', 'admin', 'A' );
create table login(
id integer primary key autoincrement not null,
diff --git a/src/cracklib.cpp b/src/cracklib.cpp
new file mode 100644
index 0000000..022aff0
--- /dev/null
+++ b/src/cracklib.cpp
@@ -0,0 +1,22 @@
+#include "cracklib.hpp"
+
+#include <cstdlib>
+
+#include "crack.h"
+
+PasswordCheck checkPassword( const std::string login, const std::string name, const std::string password )
+{
+ PasswordCheck c;
+ const char *m;
+
+ m = FascistCheckUser( password.c_str( ), NULL, login.c_str( ), name.c_str( ) );
+ if( m == NULL ) {
+ c.ok = true;
+ c.msg = "Password ok";
+ } else {
+ c.ok = false;
+ c.msg = std::string( m );
+ }
+
+ return c;
+}
diff --git a/src/cracklib.hpp b/src/cracklib.hpp
new file mode 100644
index 0000000..0a7f400
--- /dev/null
+++ b/src/cracklib.hpp
@@ -0,0 +1,13 @@
+#ifndef CRACKLIB_HPP
+#define CRACKLIB_HPP
+
+#include <string>
+
+typedef struct PasswordCheck {
+ bool ok;
+ std::string msg;
+} PasswordCheck;
+
+PasswordCheck checkPassword( const std::string login, const std::string name, const std::string password );
+
+#endif
diff --git a/src/master.cpp b/src/master.cpp
index bd3e5df..021fdb2 100644
--- a/src/master.cpp
+++ b/src/master.cpp
@@ -22,6 +22,11 @@ void master::ini( content::master &c )
} else {
c.username = "";
}
+ if( session( ).is_set( "printName" ) ) {
+ c.printName = session( )["printName" ];
+ } else {
+ c.printName = "";
+ }
c.login_link = cms.root( ) + "/login";
c.logout_link = cms.root( ) + "/logout";
c.register_link = cms.root( ) + "/register";
diff --git a/src/master_content.hpp b/src/master_content.hpp
index 11eabd5..5ea54ee 100644
--- a/src/master_content.hpp
+++ b/src/master_content.hpp
@@ -20,6 +20,7 @@ struct master : public cppcms::base_content {
std::string logout_link;
std::string register_link;
std::string username;
+ std::string printName;
std::string _root;
std::string url;
diff --git a/src/user.cpp b/src/user.cpp
index 33e7296..64154a7 100644
--- a/src/user.cpp
+++ b/src/user.cpp
@@ -2,6 +2,7 @@
#include "user.hpp"
#include "strusCms.hpp"
#include "captcha.hpp"
+#include "cracklib.hpp"
#include <cppcms/url_dispatcher.h>
#include <cppcms/url_mapper.h>
@@ -42,6 +43,23 @@ user::user( strusCms &cms )
cms.dispatcher( ).assign( "/api/user/(\\w+)", &user::api_user, this, 1 );
}
+User user::getUserData( const std::string username )
+{
+ User user;
+
+ cppdb::session sql( cms.conn );
+ cppdb::result r;
+ r = sql << "SELECT username, printname, email FROM user WHERE username=?" << username << cppdb::row;
+ if( r.empty( ) ) {
+ return user;
+ }
+ r >> user.name;
+ r >> user.printName;
+ r >> user.email;
+
+ return user;
+}
+
void user::login( )
{
content::user c( cms );
@@ -53,6 +71,9 @@ void user::login( )
session( ).erase( "prelogin" );
session( )["username"] = c.login.username.value( );
session( ).expose( "username" );
+ User u = getUserData( c.login.username.value( ) );
+ session( )["printName"] = u.printName;
+ session( ).expose( "printName" );
response( ).set_redirect_header( cms.root( ) );
} else {
booster::ptime::sleep( booster::ptime( 5, 0 ) );
@@ -79,7 +100,8 @@ void user::register_user( )
c.register_user.load( context( ) );
if( c.register_user.validate( ) ) {
std::string code = registration_start( c.register_user.username.value( ),
- c.register_user.password.value( ), c.register_user.email.value( ) );
+ c.register_user.password.value( ), c.register_user.printName.value( ),
+ c.register_user.email.value( ) );
cms.mail.subject = "Registration request";
@@ -131,11 +153,12 @@ void user::api_users( )
{
cppdb::session sql( cms.conn );
cppdb::result r;
- r = sql << "SELECT username, email FROM user";
+ r = sql << "SELECT username, printname, email FROM user";
std::vector<User> users;
while( r.next( ) ) {
User user;
r >> user.name;
+ r >> user.printName;
r >> user.email;
users.push_back( user );
}
@@ -149,15 +172,7 @@ void user::api_users( )
void user::api_user( std::string username )
{
- cppdb::session sql( cms.conn );
- cppdb::result r;
- r = sql << "SELECT username, email FROM user WHERE username=?" << username << cppdb::row;
- if( r.empty( ) ) {
- return;
- }
- User user;
- r >> user.name;
- r >> user.email;
+ User user = getUserData( username );
cppcms::json::value j;
@@ -248,7 +263,7 @@ std::string compute_token_hash( const std::string user, const std::string token
}
-std::string user::registration_start( const std::string user, const std::string password, const std::string email )
+std::string user::registration_start( const std::string user, const std::string password, const std::string printName, const std::string email )
{
std::time_t now_time = std::time( 0 );
std::tm now = *std::localtime( &now_time );
@@ -257,8 +272,8 @@ std::string user::registration_start( const std::string user, const std::string
cppdb::session sql( cms.conn );
cppdb::statement stmt;
- stmt = sql << "INSERT INTO user(username, password, email, status, registration_start, code ) VALUES( ?, ?, ?, 'R', ?, ? )"
- << user << password << email << now << code;
+ stmt = sql << "INSERT INTO user(username, password, printName, email, status, registration_start, code ) VALUES( ?, ?, ?, ?, 'R', ?, ? )"
+ << user << password << printName << email << now << code;
stmt.exec( );
return code;
@@ -349,6 +364,7 @@ register_user_form::register_user_form( apps::strusCms &cms )
{
username.message( "Your login" );
username.error_message( "Your login is illegal" );
+ printName.message( "Your real name (optional)" );
password.message( "Your password" );
password.error_message( "Your password is illegal" );
password2.message( "Your password (again)" );
@@ -360,6 +376,7 @@ register_user_form::register_user_form( apps::strusCms &cms )
submit.value( "Register user" );
add( username );
+ add( printName );
add( password );
add( password2 );
add( email );
@@ -392,6 +409,14 @@ bool register_user_form::validate( )
password2.error_message( "Passwords didn't match" );
return false;
}
+
+ PasswordCheck check = checkPassword( username.value( ), printName.value( ), password.value( ) );
+ if( !check.ok ) {
+ password.valid( false );
+ password2.valid( false );
+ password.error_message( check.msg );
+ password2.error_message( check.msg );
+ }
if( captcha.value( ).compare( cms.user.last_captcha ) != 0 ) {
captcha.valid( false );
diff --git a/src/user.hpp b/src/user.hpp
index 8960512..d3463d9 100644
--- a/src/user.hpp
+++ b/src/user.hpp
@@ -7,6 +7,8 @@
#include <cppcms/json.h>
+struct User;
+
namespace apps {
class user : public master {
@@ -15,8 +17,9 @@ class user : public master {
bool check_login( const std::string user, const std::string password );
bool user_exists( const std::string user );
void delete_user( const std::string user );
- std::string registration_start( const std::string user, const std::string password, const std::string email );
+ std::string registration_start( const std::string user, const std::string password, const std::string printName, const std::string email );
bool verify_registration_code( const std::string code );
+ User getUserData( const std::string username );
public:
std::string last_captcha;
@@ -36,6 +39,7 @@ class user : public master {
struct User {
std::string name;
+ std::string printName;
std::string email;
};
@@ -52,6 +56,7 @@ struct traits<User> {
throw bad_value_cast( );
}
u.name = v.get<std::string>( "name" );
+ u.printName = v.get<std::string>( "printName" );
u.email = v.get<std::string>( "email" );
return u;
}
@@ -59,6 +64,7 @@ struct traits<User> {
static void set( value &v, User const &u )
{
v.set( "name", u.name );
+ v.set( "printName", u.printName );
v.set( "email", u.email );
}
diff --git a/src/user_content.hpp b/src/user_content.hpp
index 756f314..29df43d 100644
--- a/src/user_content.hpp
+++ b/src/user_content.hpp
@@ -22,6 +22,7 @@ struct login_form : public cppcms::form {
struct register_user_form : public cppcms::form {
apps::strusCms &cms;
cppcms::widgets::text username;
+ cppcms::widgets::text printName;
cppcms::widgets::password password;
cppcms::widgets::password password2;
cppcms::widgets::text email;
diff --git a/templates/master.tmpl b/templates/master.tmpl
index 118e114..e54a5e1 100644
--- a/templates/master.tmpl
+++ b/templates/master.tmpl
@@ -25,6 +25,7 @@
<li><a href="http://brokestream.com/captcha.html"</li>libcaptcha</a><br/>a C standalone Captcha generator</li>
<li><a href="http://libb64.sourceforge.net/"</li>libb64</a><br/>a C++ BASE64 encoder/decoder library</li>
<li><a href="http://sourceforge.net/projects/libquickmail/">libquickmail</a><br/>a C++ library to send emails</li>
+ <li><a href="http://sourceforge.net/projects/cracklib">cracklib</a><br/>for checking password strength</li>
<li><a href="http://www.cryptopp.com/">Crypto++</a><br/>a C++ crypto library</li>
<li><a href="http://bitwiseshiftleft.github.io/sjcl/">SJCL</a><br/>the Stanford Javascript Crypto Library</li>
</ul>
@@ -34,6 +35,9 @@
<h2><% include title( ) %></h2>
<% if not empty username %>
<p>Logged in as <%= username %>
+ <% if not empty printName %>
+ (<%= printName%>)
+ <% end %>
<a href="<%= logout_link %>">Logout</a></p>
<% else %>
<p>Currently not logged in</p>