X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=src%2Fhttp%2Fipagehandler.cpp;h=1ec7947dbba72488785cdd4085377b8082dd56a1;hb=59a5414ec47a2932a7802fcd1d98c4d80166564f;hp=b8bef90e378c2aa43c8c481fa13bd3bc4f28223a;hpb=dec33c63afafabf83c3039e916725cac6faef9b3;p=fms.git

diff --git a/src/http/ipagehandler.cpp b/src/http/ipagehandler.cpp
index b8bef90..1ec7947 100644
--- a/src/http/ipagehandler.cpp
+++ b/src/http/ipagehandler.cpp
@@ -3,6 +3,11 @@
 #include "../../include/http/multipartparser.h"
 
 #include <Poco/Net/HTMLForm.h>
+#include <Poco/UUIDGenerator.h>
+#include <Poco/UUID.h>
+#include <Poco/DateTime.h>
+#include <Poco/DateTimeFormatter.h>
+#include <Poco/Timespan.h>
 
 #include <cstring>
 
@@ -35,6 +40,28 @@ void IPageHandler::CreateArgArray(const std::map<std::string,std::string> &vars,
 	}
 }
 
+const std::string IPageHandler::CreateFormPassword()
+{
+	Poco::DateTime date;
+	Poco::UUIDGenerator uuidgen;
+	Poco::UUID uuid;
+	try
+	{
+		uuid=uuidgen.createRandom();
+	}
+	catch(...)
+	{
+	}
+
+	SQLite3DB::Statement st=m_db->Prepare("INSERT INTO tmpFormPassword(Date,Password) VALUES(?,?);");
+	st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));
+	st.Bind(1,uuid.toString());
+	st.Step();
+
+	return "<input type=\"hidden\" name=\"formpassword\" value=\""+uuid.toString()+"\">";
+
+}
+
 const std::string IPageHandler::CreateTrueFalseDropDown(const std::string &name, const std::string &selected)
 {
 	std::string rval="";
@@ -72,6 +99,19 @@ void IPageHandler::CreateQueryVarMap(Poco::Net::HTTPServerRequest &request, std:
 		vars[(*i).first]=(*i).second;
 	}
 
+	// for a POST method, the HTMLForm won't grab vars off the query string so we
+	// temporarily set the method to GET and parse with the HTMLForm again
+	if(request.getMethod()=="POST")
+	{
+		request.setMethod("GET");
+		Poco::Net::HTMLForm form1(request,request.stream(),mpp);
+		for(Poco::Net::HTMLForm::ConstIterator i=form1.begin(); i!=form1.end(); i++)
+		{
+			vars[(*i).first]=(*i).second;
+		}
+		request.setMethod("POST");
+	}
+
 	// get any multiparts
 	std::map<std::string,std::string> mpvars=mpp.GetVars();
 	for(std::map<std::string,std::string>::iterator i=mpvars.begin(); i!=mpvars.end(); i++)
@@ -89,7 +129,10 @@ void IPageHandler::handleRequest(Poco::Net::HTTPServerRequest &request, Poco::Ne
 
 	CreateQueryVarMap(request,vars);
 
-	response.setChunkedTransferEncoding(true);
+	if(request.getVersion()==Poco::Net::HTTPRequest::HTTP_1_1)
+	{
+		response.setChunkedTransferEncoding(true);
+	}
 	response.setContentType("text/html");
 
 	std::ostream &ostr = response.send();
@@ -107,3 +150,71 @@ const std::string IPageHandler::SanitizeOutput(const std::string &input)
 	output=StringFunctions::Replace(output," ","&nbsp;");
 	return output;
 }
+
+const std::string IPageHandler::SanitizeTextAreaOutput(const std::string &input)
+{
+	// must do & first because all other elements have & in them!
+	std::string output=StringFunctions::Replace(input,"&","&amp;");
+	output=StringFunctions::Replace(output,"<","&lt;");
+	output=StringFunctions::Replace(output,">","&gt;");
+	output=StringFunctions::Replace(output,"\"","&quot;");
+	return output;
+}
+
+const bool IPageHandler::ValidateFormPassword(const std::map<std::string,std::string> &vars)
+{
+	Poco::DateTime date;
+	date-=Poco::Timespan(0,1,0,0,0);
+
+	SQLite3DB::Statement st=m_db->Prepare("DELETE FROM tmpFormPassword WHERE Date<?;");
+	st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));
+	st.Step();
+
+	std::map<std::string,std::string>::const_iterator i=vars.find("formpassword");
+	if(i!=vars.end())
+	{
+		st=m_db->Prepare("SELECT COUNT(*) FROM tmpFormPassword WHERE Password=?;");
+		st.Bind(0,(*i).second);
+		st.Step();
+		if(st.RowReturned())
+		{
+			if(st.ResultNull(0)==false)
+			{
+				int rval=0;
+				st.ResultInt(0,rval);
+				if(rval>0)
+				{
+					return true;
+				}
+				else
+				{
+					return false;
+				}
+			}
+			else
+			{
+				return false;
+			}
+		}
+		else
+		{
+			return false;
+		}
+	}
+	else
+	{
+		return false;
+	}
+}
+
+const bool IPageHandler::WillHandleURI(const std::string &uri)
+{
+	if(uri.find(m_pagename)!=std::string::npos)
+	{
+		return true;
+	}
+	else
+	{
+		return false;
+	}
+}