diff --git a/OpenSim/Framework/Communications/LoginService.cs b/OpenSim/Framework/Communications/LoginService.cs index f0a0a0b66a..04b8501223 100644 --- a/OpenSim/Framework/Communications/LoginService.cs +++ b/OpenSim/Framework/Communications/LoginService.cs @@ -30,6 +30,7 @@ using System; using System.Collections; using System.Collections.Generic; using System.IO; +using System.Text.RegularExpressions; using System.Threading; using libsecondlife; using libsecondlife.StructuredData; @@ -359,21 +360,103 @@ namespace OpenSim.Framework.UserManagement public Hashtable ProcessHTMLLogin(Hashtable keysvals) { + + // Matches all unspecified characters + // Currently specified,; lowercase letters, upper case letters, numbers, underline + // period, space, parens, and dash. + + Regex wfcut = new Regex("[^a-zA-Z0-9_\\.\\$ \\(\\)\\-]"); + Hashtable returnactions = new Hashtable(); int statuscode = 200; - returnactions["int_response_code"] = statuscode; - returnactions["str_response_string"] = GetDefaultLoginForm(); + string firstname = ""; + string lastname = ""; + string location = ""; + string region =""; + string grid = ""; + string channel = ""; + string version = ""; + string lang = ""; + string password = ""; + string errormessages = ""; + + // the client requires the HTML form field be named 'username' + // however, the data it sends when it loads the first time is 'firstname' + // another one of those little nuances. + + + if (keysvals.Contains("firstname")) + firstname = wfcut.Replace((string)keysvals["firstname"],"",99999); + if (keysvals.Contains("username")) + firstname = wfcut.Replace((string)keysvals["username"],"",99999); + + if (keysvals.Contains("lastname")) + lastname = wfcut.Replace((string)keysvals["lastname"],"",99999); + + if (keysvals.Contains("location")) + location = wfcut.Replace((string)keysvals["location"],"",99999); + + if (keysvals.Contains("region")) + region = wfcut.Replace((string)keysvals["region"],"",99999); + + if (keysvals.Contains("grid")) + grid = wfcut.Replace((string)keysvals["grid"],"",99999); + + if (keysvals.Contains("channel")) + channel = wfcut.Replace((string)keysvals["channel"],"",99999); + + if (keysvals.Contains("version")) + version = wfcut.Replace((string)keysvals["version"],"",99999); + + if (keysvals.Contains("lang")) + lang = wfcut.Replace((string)keysvals["lang"],"",99999); + + if (keysvals.Contains("password")) + password = wfcut.Replace((string)keysvals["password"], "", 99999); + + + // load our login form. + string loginform = GetLoginForm(firstname,lastname,location,region,grid,channel,version,lang,password,errormessages); if (keysvals.ContainsKey("show_login_form")) { if ((string)keysvals["show_login_form"] == "TRUE") { - + returnactions["int_response_code"] = statuscode; + returnactions["str_response_string"] = loginform; } else { + UserProfileData user = GetTheUser(firstname, lastname); + bool goodweblogin = false; + if (user != null) + goodweblogin = AuthenticateUser(user, password); + + if (goodweblogin) + { + LLUUID webloginkey = LLUUID.Random(); + m_userManager.StoreWebLoginKey(user.UUID, webloginkey); + statuscode = 301; + + string redirectURL = "secondlife:///app/login?first_name=" + firstname + "&last_name=" + + lastname + + "&location=" + location + "&grid=Other&web_login_key=" + webloginkey.ToString(); + + returnactions["int_response_code"] = statuscode; + returnactions["str_redirect_location"] = redirectURL; + returnactions["str_response_string"] = "
GoodLogin"; + } + else + { + errormessages = "The Username and password supplied did not match our records. Check your caps lock and try again"; + + loginform = GetLoginForm(firstname, lastname, location, region, grid, channel, version, lang, password, errormessages); + returnactions["int_response_code"] = statuscode; + returnactions["str_response_string"] = loginform; + + } } @@ -382,16 +465,36 @@ namespace OpenSim.Framework.UserManagement } - public string GetLoginForm() + public string GetLoginForm(string firstname, string lastname, string location, string region, + string grid, string channel, string version, string lang, + string password, string errormessages) { + // inject our values in the form at the markers + + string loginform=""; string file = Path.Combine(Util.configDir(), "http_loginform.html"); if (!File.Exists(file)) - return GetDefaultLoginForm(); - - StreamReader sr = File.OpenText(file); - string result = sr.ReadToEnd(); - sr.Close(); - return result; + { + loginform = GetDefaultLoginForm(); + } + else + { + StreamReader sr = File.OpenText(file); + loginform = sr.ReadToEnd(); + sr.Close(); + } + + loginform = loginform.Replace("[$firstname]", firstname); + loginform = loginform.Replace("[$lastname]", lastname); + loginform = loginform.Replace("[$location]", location); + loginform = loginform.Replace("[$region]", region); + loginform = loginform.Replace("[$grid]", grid); + loginform = loginform.Replace("[$channel]", channel); + loginform = loginform.Replace("[$version]", version); + loginform = loginform.Replace("[$lang]", lang); + loginform = loginform.Replace("[$password]", password); + loginform = loginform.Replace("[$errors]", errormessages); + return loginform; } public string GetDefaultLoginForm() @@ -405,7 +508,7 @@ namespace OpenSim.Framework.UserManagement responseString = responseString + ""; responseString = responseString + ""; responseString = responseString + "