X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=src%2Fhttp%2Fipagehandler.cpp;h=560c9123758a7a725c39ef06c9ed1f0e4a6aa09e;hb=f2545574af789b63fc655decfe31a3d9f1b30504;hp=53211b116dfbcacdf401be05c3c03123258fd1cc;hpb=023b2219068d481cd6a300982427c99bacd88a12;p=fms.git

diff --git a/src/http/ipagehandler.cpp b/src/http/ipagehandler.cpp
index 53211b1..560c912 100644
--- a/src/http/ipagehandler.cpp
+++ b/src/http/ipagehandler.cpp
@@ -1,8 +1,14 @@
 #include "../../include/http/ipagehandler.h"
 #include "../../include/stringfunctions.h"
 #include "../../include/http/multipartparser.h"
+#include "../../include/db/sqlite3db.h"
 
 #include <Poco/Net/HTMLForm.h>
+#include <Poco/UUIDGenerator.h>
+#include <Poco/UUID.h>
+#include <Poco/DateTime.h>
+#include <Poco/DateTimeFormatter.h>
+#include <Poco/Timespan.h>
 
 #include <cstring>
 
@@ -35,6 +41,28 @@ void IPageHandler::CreateArgArray(const std::map<std::string,std::string> &vars,
 	}
 }
 
+const std::string IPageHandler::CreateFormPassword()
+{
+	Poco::DateTime date;
+	Poco::UUIDGenerator uuidgen;
+	Poco::UUID uuid;
+	try
+	{
+		uuid=uuidgen.createRandom();
+	}
+	catch(...)
+	{
+	}
+
+	SQLite3DB::Statement st=SQLite3DB::DB::Instance()->Prepare("INSERT INTO tmpFormPassword(Date,Password) VALUES(?,?);");
+	st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));
+	st.Bind(1,uuid.toString());
+	st.Step();
+
+	return "<input type=\"hidden\" name=\"formpassword\" value=\""+uuid.toString()+"\">";
+
+}
+
 const std::string IPageHandler::CreateTrueFalseDropDown(const std::string &name, const std::string &selected)
 {
 	std::string rval="";
@@ -102,7 +130,10 @@ void IPageHandler::handleRequest(Poco::Net::HTTPServerRequest &request, Poco::Ne
 
 	CreateQueryVarMap(request,vars);
 
-	response.setChunkedTransferEncoding(true);
+	if(request.getVersion()==Poco::Net::HTTPRequest::HTTP_1_1)
+	{
+		response.setChunkedTransferEncoding(true);
+	}
 	response.setContentType("text/html");
 
 	std::ostream &ostr = response.send();
@@ -120,3 +151,71 @@ const std::string IPageHandler::SanitizeOutput(const std::string &input)
 	output=StringFunctions::Replace(output," ","&nbsp;");
 	return output;
 }
+
+const std::string IPageHandler::SanitizeTextAreaOutput(const std::string &input)
+{
+	// must do & first because all other elements have & in them!
+	std::string output=StringFunctions::Replace(input,"&","&amp;");
+	output=StringFunctions::Replace(output,"<","&lt;");
+	output=StringFunctions::Replace(output,">","&gt;");
+	output=StringFunctions::Replace(output,"\"","&quot;");
+	return output;
+}
+
+const bool IPageHandler::ValidateFormPassword(const std::map<std::string,std::string> &vars)
+{
+	Poco::DateTime date;
+	date-=Poco::Timespan(0,1,0,0,0);
+
+	SQLite3DB::Statement st=SQLite3DB::DB::Instance()->Prepare("DELETE FROM tmpFormPassword WHERE Date<?;");
+	st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));
+	st.Step();
+
+	std::map<std::string,std::string>::const_iterator i=vars.find("formpassword");
+	if(i!=vars.end())
+	{
+		st=SQLite3DB::DB::Instance()->Prepare("SELECT COUNT(*) FROM tmpFormPassword WHERE Password=?;");
+		st.Bind(0,(*i).second);
+		st.Step();
+		if(st.RowReturned())
+		{
+			if(st.ResultNull(0)==false)
+			{
+				int rval=0;
+				st.ResultInt(0,rval);
+				if(rval>0)
+				{
+					return true;
+				}
+				else
+				{
+					return false;
+				}
+			}
+			else
+			{
+				return false;
+			}
+		}
+		else
+		{
+			return false;
+		}
+	}
+	else
+	{
+		return false;
+	}
+}
+
+const bool IPageHandler::WillHandleURI(const std::string &uri)
+{
+	if(uri.find(m_pagename)!=std::string::npos)
+	{
+		return true;
+	}
+	else
+	{
+		return false;
+	}
+}