src/http/pages/peerdetailspage.cpp\r
src/http/pages/peermaintenancepage.cpp\r
src/http/pages/peertrustpage.cpp\r
+src/http/pages/recentlyaddedpage.cpp\r
src/http/pages/showcaptchapage.cpp\r
src/http/pages/versioninfopage.cpp\r
src/nntp/extensiontrust.cpp\r
\r
#define VERSION_MAJOR "0"\r
#define VERSION_MINOR "3"\r
-#define VERSION_RELEASE "12"\r
+#define VERSION_RELEASE "13"\r
#define FMS_VERSION VERSION_MAJOR"."VERSION_MINOR"."VERSION_RELEASE\r
\r
typedef Poco::ScopedLock<Poco::FastMutex> Guard;\r
\r
void CreateQueryVarMap(Poco::Net::HTTPServerRequest &request, std::map<std::string,std::string> &vars);\r
\r
+ const std::string CreateFormPassword();\r
+ const bool ValidateFormPassword(const std::map<std::string,std::string> &vars);\r
+\r
// replaces html elements with encoded characters (i.e. < becomes <)\r
const std::string SanitizeOutput(const std::string &input);\r
\r
--- /dev/null
+#ifndef _recentlyaddedpage_\r
+#define _recentlyaddedpage_\r
+\r
+#include "../ipagehandler.h"\r
+#include "../../idatabase.h"\r
+\r
+class RecentlyAddedPage:public IPageHandler,public IDatabase\r
+{\r
+public:\r
+ RecentlyAddedPage(const std::string &templatestr):IPageHandler(templatestr) {}\r
+\r
+ IPageHandler *New() { return new RecentlyAddedPage(m_template); }\r
+\r
+private:\r
+ const bool WillHandleURI(const std::string &uri);\r
+ const std::string GeneratePage(const std::string &method, const std::map<std::string,std::string> &queryvars);\r
+\r
+};\r
+\r
+#endif // _recentlyaddedpage_\r
LocalIdentityID INTEGER\\r
);");\r
\r
+ // Temporary table for form passwords\r
+ db->Execute("CREATE TEMPORARY TABLE IF NOT EXISTS tmpFormPassword(\\r
+ Date DATETIME,\\r
+ Password TEXT\\r
+ );");\r
+\r
// low / high / message count for each board\r
db->Execute("CREATE VIEW IF NOT EXISTS vwBoardStats AS \\r
SELECT tblBoard.BoardID AS 'BoardID', IFNULL(MIN(MessageID),0) AS 'LowMessageID', IFNULL(MAX(MessageID),0) AS 'HighMessageID', COUNT(MessageID) AS 'MessageCount' \\r
// identity doesn't have any non-solved puzzles for today - start a new insert\r
if(rs2.Empty()==true)\r
{\r
- if(m_lastinserted.find(rs.GetInt(0))==m_lastinserted.end() || m_lastinserted[rs.GetInt(0)]<=lastinsert)\r
+ // make sure we are on the next day or the appropriate amount of time has elapsed since the last insert\r
+ if(m_lastinserted.find(rs.GetInt(0))==m_lastinserted.end() || m_lastinserted[rs.GetInt(0)]<=lastinsert || m_lastinserted[rs.GetInt(0)].day()!=now.day())\r
{\r
StartInsert(rs.GetInt(0));\r
m_lastinserted[rs.GetInt(0)]=now;\r
if((*i)!="" && (*i).find("index.htm")==std::string::npos && (*i).find("trustlist.htm")==std::string::npos && (*i).find("files.htm")==std::string::npos)\r
{\r
filename=(*i);\r
- infile=fopen(filename.c_str(),"r+b");\r
+ infile=fopen(filename.c_str(),"rb");\r
if(infile)\r
{\r
fseek(infile,0,SEEK_END);\r
long index;\r
int insertcount=0;\r
int dayinsertcount=0;\r
+ int previnsertcount=0;\r
\r
StringFunctions::Split(message["Identifier"],"|",idparts);\r
StringFunctions::Convert(message["DataLength"],datalength);\r
{\r
m_log->error("TrustListRequester::HandleAllData couldn't get count of identities added in last 24 hours");\r
}\r
+\r
+ // get count of identities added more than 24 hours ago - if 0 then we will accept more than 100 identities now\r
+ st=m_db->Prepare("SELECT COUNT(*) FROM tblIdentity WHERE DateAdded<?;");\r
+ st.Bind(0,Poco::DateTimeFormatter::format(now,"%Y-%m-%d %H:%M:%S"));\r
+ st.Step();\r
+ if(st.RowReturned())\r
+ {\r
+ if(st.ResultNull(0)==false)\r
+ {\r
+ st.ResultInt(0,previnsertcount);\r
+ }\r
+ }\r
+ else\r
+ {\r
+ m_log->error("TrustListRequester::HandleAllData couldn't get count of identities added more than 24 hours ago");\r
+ }\r
+\r
now=Poco::DateTime();\r
\r
// parse file into xml and update the database\r
st.Step();\r
if(st.RowReturned()==false)\r
{\r
- if(insertcount<50 && dayinsertcount<100)\r
+ if(insertcount<50 && (dayinsertcount<100 || previnsertcount==0))\r
{\r
idinsert.Bind(0,identity);\r
idinsert.Bind(1,Poco::DateTimeFormatter::format(now,"%Y-%m-%d %H:%M:%S"));\r
{\r
m_log->warning("TrustListRequester::HandleAllData TrustList contained more than 50 new identities : "+message["Identifier"]);\r
}\r
- if(dayinsertcount>=100)\r
+ if(dayinsertcount>=100 && previnsertcount>0)\r
{\r
m_log->warning("TrustListRequester::HandleAllData TrustList would have inserted more than 100 new identities in the last 24 hours : "+message["Identifier"]);\r
}\r
#include "../../include/http/pages/peermaintenancepage.h"\r
#include "../../include/http/pages/peertrustpage.h"\r
#include "../../include/http/pages/versioninfopage.h"\r
+#include "../../include/http/pages/recentlyaddedpage.h"\r
\r
FMSHTTPRequestHandlerFactory::FMSHTTPRequestHandlerFactory()\r
{\r
m_pagehandlers.push_back(new PeerMaintenancePage(templatestr));\r
m_pagehandlers.push_back(new PeerTrustPage(templatestr));\r
m_pagehandlers.push_back(new VersionInfoPage(templatestr));\r
+ m_pagehandlers.push_back(new RecentlyAddedPage(templatestr));\r
// homepage must be last - catch all page handler\r
m_pagehandlers.push_back(new HomePage(templatestr));\r
\r
#include "../../include/http/ipagehandler.h"\r
#include "../../include/stringfunctions.h"\r
#include "../../include/http/multipartparser.h"\r
+#include "../../include/db/sqlite3db.h"\r
\r
#include <Poco/Net/HTMLForm.h>\r
+#include <Poco/UUIDGenerator.h>\r
+#include <Poco/UUID.h>\r
+#include <Poco/DateTime.h>\r
+#include <Poco/DateTimeFormatter.h>\r
+#include <Poco/Timespan.h>\r
\r
#include <cstring>\r
\r
}\r
}\r
\r
+const std::string IPageHandler::CreateFormPassword()\r
+{\r
+ Poco::DateTime date;\r
+ Poco::UUIDGenerator uuidgen;\r
+ Poco::UUID uuid;\r
+ try\r
+ {\r
+ uuid=uuidgen.createRandom();\r
+ }\r
+ catch(...)\r
+ {\r
+ }\r
+\r
+ SQLite3DB::Statement st=SQLite3DB::DB::Instance()->Prepare("INSERT INTO tmpFormPassword(Date,Password) VALUES(?,?);");\r
+ st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));\r
+ st.Bind(1,uuid.toString());\r
+ st.Step();\r
+\r
+ return "<input type=\"hidden\" name=\"formpassword\" value=\""+uuid.toString()+"\">";\r
+\r
+}\r
+\r
const std::string IPageHandler::CreateTrueFalseDropDown(const std::string &name, const std::string &selected)\r
{\r
std::string rval="";\r
output=StringFunctions::Replace(output," "," ");\r
return output;\r
}\r
+\r
+const bool IPageHandler::ValidateFormPassword(const std::map<std::string,std::string> &vars)\r
+{\r
+ Poco::DateTime date;\r
+ date-=Poco::Timespan(0,1,0,0,0);\r
+\r
+ SQLite3DB::Statement st=SQLite3DB::DB::Instance()->Prepare("DELETE FROM tmpFormPassword WHERE Date<?;");\r
+ st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));\r
+ st.Step();\r
+\r
+ std::map<std::string,std::string>::const_iterator i=vars.find("formpassword");\r
+ if(i!=vars.end())\r
+ {\r
+ st=SQLite3DB::DB::Instance()->Prepare("SELECT COUNT(*) FROM tmpFormPassword WHERE Password=?;");\r
+ st.Bind(0,(*i).second);\r
+ st.Step();\r
+ if(st.RowReturned())\r
+ {\r
+ if(st.ResultNull(0)==false)\r
+ {\r
+ int rval=0;\r
+ st.ResultInt(0,rval);\r
+ if(rval>0)\r
+ {\r
+ return true;\r
+ }\r
+ else\r
+ {\r
+ return false;\r
+ }\r
+ }\r
+ else\r
+ {\r
+ return false;\r
+ }\r
+ }\r
+ else\r
+ {\r
+ return false;\r
+ }\r
+ }\r
+ else\r
+ {\r
+ return false;\r
+ }\r
+}\r
{\r
std::string content="";\r
\r
- if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="add")\r
+ if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="add" && ValidateFormPassword(queryvars))\r
{\r
Poco::DateTime date;\r
std::string publickey="";\r
\r
content+="<h2>Add Peer</h2>";\r
content+="<form name=\"frmaddpeer\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"add\">";\r
content+="Public Key : ";\r
content+="<input type=\"text\" name=\"publickey\" size=\"100\">";\r
int requestindex=0;\r
bool willshow=false;\r
\r
- if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="announce")\r
+ if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="announce" && ValidateFormPassword(queryvars))\r
{\r
SQLite3DB::Statement insert=m_db->Prepare("INSERT INTO tblIdentityIntroductionInserts(LocalIdentityID,Day,UUID,Solution) VALUES(?,?,?,?);");\r
std::string localidentityidstr="";\r
\r
content+="<h2>Announce Identity</h2>";\r
content+="<form name=\"frmannounce\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"announce\">";\r
content+="<table>";\r
content+="<tr><td colspan=\"4\"><center>Select Identity : ";\r
\r
if(queryvars.find("formaction")!=queryvars.end())\r
{\r
- if((*queryvars.find("formaction")).second=="addboard" && queryvars.find("boardname")!=queryvars.end() && queryvars.find("boarddescription")!=queryvars.end())\r
+ if((*queryvars.find("formaction")).second=="addboard" && queryvars.find("boardname")!=queryvars.end() && queryvars.find("boarddescription")!=queryvars.end() && ValidateFormPassword(queryvars))\r
{\r
std::string boardname="";\r
std::string boarddescription="";\r
addst.Bind(3,"Added manually");\r
addst.Step();\r
}\r
- if((*queryvars.find("formaction")).second=="remove0messages")\r
+ if((*queryvars.find("formaction")).second=="remove0messages" && ValidateFormPassword(queryvars))\r
{\r
m_db->Execute("DELETE FROM tblBoard WHERE BoardID IN (SELECT BoardID FROM vwBoardStats WHERE MessageCount=0 AND BoardID NOT IN (SELECT BoardID FROM tblAdministrationBoard));");\r
}\r
- if((*queryvars.find("formaction")).second=="update")\r
+ if((*queryvars.find("formaction")).second=="update" && ValidateFormPassword(queryvars))\r
{\r
int boardid;\r
std::vector<std::string> boardids;\r
\r
content+="<tr>";\r
content+="<td colspan=\"3\"><center>";\r
- content+="<form name=\"frmboardsearch\" action=\"boards.htm\" method=\"POST\"><input type=\"text\" name=\"boardsearch\" value=\""+SanitizeOutput(boardsearch)+"\"><input type=\"submit\" value=\"Search\"></form>";\r
+ content+="<form name=\"frmboardsearch\" action=\"boards.htm\" method=\"POST\"><input type=\"text\" name=\"boardsearch\" value=\""+SanitizeOutput(boardsearch)+"\">"+CreateFormPassword()+"<input type=\"submit\" value=\"Search\"></form>";\r
content+="</center></td>";\r
content+="</tr>";\r
\r
content+="<tr>";\r
content+="<td colspan=\"3\"><center>";\r
- content+="<form name=\"frmremoveboard\" action=\"boards.htm\" method=\"POST\"><input type=\"hidden\" name=\"formaction\" value=\"remove0messages\">Remove boards with 0 messages<input type=\"submit\" value=\"Remove\"></form>";\r
+ content+="<form name=\"frmremoveboard\" action=\"boards.htm\" method=\"POST\">"+CreateFormPassword()+"<input type=\"hidden\" name=\"formaction\" value=\"remove0messages\">Remove boards with 0 messages<input type=\"submit\" value=\"Remove\"></form>";\r
content+="</center></td>";\r
content+="</tr>";\r
\r
content+="<tr>";\r
- content+="<td><form name=\"frmaddboard\" method=\"POST\"><input type=\"hidden\" name=\"formaction\" value=\"addboard\"><input type=\"text\" name=\"boardname\"></td><td><input type=\"text\" name=\"boarddescription\" size=\"40\" maxlength=\"50\"></td><td><input type=\"submit\" value=\"Add Board\"></form></td>";\r
+ content+="<td><form name=\"frmaddboard\" method=\"POST\">"+CreateFormPassword()+"<input type=\"hidden\" name=\"formaction\" value=\"addboard\"><input type=\"text\" name=\"boardname\"></td><td><input type=\"text\" name=\"boarddescription\" size=\"40\" maxlength=\"50\"></td><td><input type=\"submit\" value=\"Add Board\"></form></td>";\r
content+="</tr>";\r
\r
- content+="<tr><td colspan=\"4\"><hr><form name=\"frmboards\" method=\"POST\"><input type=\"hidden\" name=\"formaction\" value=\"update\"></td></tr>";\r
+ content+="<tr><td colspan=\"4\"><hr><form name=\"frmboards\" method=\"POST\"><input type=\"hidden\" name=\"formaction\" value=\"update\">"+CreateFormPassword()+"</td></tr>";\r
content+="<tr>";\r
content+="<th>Name</th><th>Description</th><th>Save Received Messages *</th><th>Added Method</th>";\r
content+="</tr>"; \r
\r
if(queryvars.find("formaction")!=queryvars.end())\r
{\r
- if((*queryvars.find("formaction")).second=="remove" && queryvars.find("boardid")!=queryvars.end())\r
+ if((*queryvars.find("formaction")).second=="remove" && queryvars.find("boardid")!=queryvars.end() && ValidateFormPassword(queryvars))\r
{\r
int boardid=0;\r
StringFunctions::Convert((*queryvars.find("boardid")).second,boardid);\r
st.Step();\r
\r
}\r
- if((*queryvars.find("formaction")).second=="addboard" && queryvars.find("boardname")!=queryvars.end() && (*queryvars.find("boardname")).second!="")\r
+ if((*queryvars.find("formaction")).second=="addboard" && queryvars.find("boardname")!=queryvars.end() && (*queryvars.find("boardname")).second!="" && ValidateFormPassword(queryvars))\r
{\r
Poco::DateTime date;\r
st=m_db->Prepare("INSERT INTO tblBoard(BoardName,DateAdded) VALUES(?,?);");\r
content+="<td>"+changetrustlisttruststr+"</td>\r\n";\r
content+="<td>";\r
content+="<form name=\"frmremove\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"remove\">";\r
content+="<input type=\"hidden\" name=\"boardid\" value=\""+boardidstr+"\">";\r
content+="<input type=\"submit\" value=\"Remove\">";\r
content+="<tr>";\r
content+="<td>";\r
content+="<form name=\"frmaddboard\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"addboard\">";\r
content+="<input type=\"text\" name=\"boardname\">";\r
content+="</td>\r\n<td>";\r
{\r
std::string content="";\r
\r
- if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="create")\r
+ if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="create" && ValidateFormPassword(queryvars))\r
{\r
SQLite3DB::Statement st=m_db->Prepare("INSERT INTO tblLocalIdentity(Name,PublishTrustList,DateCreated) VALUES(?,'false',?);");\r
std::string name="";\r
{\r
content+="<h2>Create Identity</h2>";\r
content+="<form name=\"frmcreateidentity\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"create\">";\r
content+="Name : <input type=\"text\" name=\"name\" maxlength=\"40\">";\r
content+=" <input type=\"submit\" value=\"Create\">";\r
std::string content="";\r
std::string query="";\r
\r
- if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!="")\r
+ if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="execute" && queryvars.find("query")!=queryvars.end() && (*queryvars.find("query")).second!="" && ValidateFormPassword(queryvars))\r
{\r
query=(*queryvars.find("query")).second;\r
SQLite3DB::Recordset rs=m_db->Query(query);\r
\r
content+="<h2>Execute Query</h2>";\r
content+="<form name=\"frmquery\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"execute\">";\r
content+="<textarea name=\"query\" rows=\"10\" cols=\"80\">"+StringFunctions::Replace(query,"<","<")+"</textarea>";\r
content+="<input type=\"submit\" value=\"Execute Query\">";\r
Option::Instance()->Get("FCPHost",fcphost);\r
Option::Instance()->Get("FProxyPort",fproxyport);\r
\r
- if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="shutdown")\r
+ if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="shutdown" && ValidateFormPassword(queryvars))\r
{\r
m_log->trace("HomePage::GeneratePage requested shutdown");\r
((FMSApp *)&FMSApp::instance())->Terminate();\r
\r
content+="<p class=\"paragraph\">";\r
content+="<form name=\"frmshutdown\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"shutdown\">";\r
content+="<input type=\"submit\" value=\"Shutdown FMS\">";\r
content+="</form>";\r
Option::Instance()->Get("FProxyPort",fproxyport);\r
\r
\r
- if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="removefile" && queryvars.find("fileid")!=queryvars.end())\r
+ if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="removefile" && queryvars.find("fileid")!=queryvars.end() && ValidateFormPassword(queryvars))\r
{\r
SQLite3DB::Statement del=m_db->Prepare("DELETE FROM tblFileInserts WHERE FileInsertID=?;");\r
del.Bind(0,(*queryvars.find("fileid")).second);\r
\r
content+="<a href=\"http://"+node+":"+fproxyport+"/"+StringFunctions::UriEncode(key)+"\">"+SanitizeOutput(filename)+"</a> - "+sizestr+" bytes";\r
content+="<form name=\"frmRemove"+insertidstr+"\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"removefile\">";\r
content+="<input type=\"hidden\" name=\"fileid\" value=\""+insertidstr+"\">";\r
content+="<input type=\"submit\" value=\"Remove\">";\r
content+="<table><tr><th>Export Identities</th><th>Import Identities</th></tr>";\r
content+="<tr><td>";\r
content+="<form name=\"frmexport\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"export\">";\r
content+="<input type=\"submit\" value=\"Export Identities\">";\r
content+="</form>";\r
content+="</td><td>";\r
content+="<form name=\"frmimport\" method=\"POST\" enctype=\"multipart/form-data\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"import\">";\r
content+="<input type=\"file\" name=\"file\">";\r
content+="<input type=\"submit\" value=\"Import Identities\">";\r
st.ResultText(9,maxmessagedelay);\r
\r
content+="<tr>";\r
- content+="<td title=\""+publickey+"\"><form name=\"frmupdate\""+countstr+"\" method=\"POST\"><input type=\"hidden\" name=\"formaction\" value=\"update\"><input type=\"hidden\" name=\"chkidentityid["+countstr+"]\" value=\""+id+"\">"+SanitizeOutput(CreateShortIdentityName(name,publickey))+"</td>";\r
+ content+="<td title=\""+publickey+"\"><form name=\"frmupdate\""+countstr+"\" method=\"POST\"><input type=\"hidden\" name=\"formaction\" value=\"update\">"+CreateFormPassword()+"<input type=\"hidden\" name=\"chkidentityid["+countstr+"]\" value=\""+id+"\">"+SanitizeOutput(CreateShortIdentityName(name,publickey))+"</td>";\r
content+="<td>"+CreateTrueFalseDropDown("singleuse["+countstr+"]",singleuse)+"</td>";\r
content+="<td>"+CreateTrueFalseDropDown("publishtrustlist["+countstr+"]",publishtrustlist)+"</td>";\r
content+="<td>"+CreateTrueFalseDropDown("publishboardlist["+countstr+"]",publishboardlist)+"</td>";\r
trustst.Reset();\r
\r
content+="<td><input type=\"submit\" value=\"Update\"></form></td>";\r
- content+="<td><form name=\"frmdel\""+countstr+"\" method=\"POST\" action=\"confirm.htm\"><input type=\"hidden\" name=\"formaction\" value=\"delete\"><input type=\"hidden\" name=\"chkidentityid["+countstr+"]\" value=\""+id+"\"><input type=\"hidden\" name=\"targetpage\" value=\"localidentities.htm\"><input type=\"hidden\" name=\"confirmdescription\" value=\"Are you sure you want to delete "+SanitizeOutput(CreateShortIdentityName(name,publickey))+"?\"><input type=\"submit\" value=\"Delete\"></form></td>";\r
+ content+="<td><form name=\"frmdel\""+countstr+"\" method=\"POST\" action=\"confirm.htm\">"+CreateFormPassword()+"<input type=\"hidden\" name=\"formaction\" value=\"delete\"><input type=\"hidden\" name=\"chkidentityid["+countstr+"]\" value=\""+id+"\"><input type=\"hidden\" name=\"targetpage\" value=\"localidentities.htm\"><input type=\"hidden\" name=\"confirmdescription\" value=\"Are you sure you want to delete "+SanitizeOutput(CreateShortIdentityName(name,publickey))+"?\"><input type=\"submit\" value=\"Delete\"></form></td>";\r
content+="</tr>";\r
content+="<tr><td></td><td colspan=\"7\" class=\"smaller\">"+publickey+"</td></tr>";\r
st.Step();\r
CreateQueryVarMap(request,vars);\r
\r
std::string formaction="";\r
- if(vars.find("formaction")!=vars.end())\r
+ if(vars.find("formaction")!=vars.end() && ValidateFormPassword(vars))\r
{\r
formaction=(*vars.find("formaction")).second;\r
if(formaction=="update")\r
{\r
std::string content="<h2 style=\"text-align:center;\">Options</h2>\r\n";\r
content+="<form name=\"frmoptions\" method=\"POST\"><input type=\"hidden\" name=\"formaction\" value=\"save\">";\r
+ content+=CreateFormPassword();\r
content+="<table><tr><th>Option</th><th>Value</th><th>Description</th></tr>";\r
\r
- if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="save")\r
+ if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="save" && ValidateFormPassword(queryvars))\r
{\r
SQLite3DB::Statement update=m_db->Prepare("UPDATE tblOption SET OptionValue=? WHERE Option=?;");\r
std::vector<std::string> options;\r
StringFunctions::Convert((*queryvars.find("identityid")).second,identityid);\r
}\r
\r
- if(identityid!=0 && queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="deletemessages")\r
+ if(identityid!=0 && queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="deletemessages" && ValidateFormPassword(queryvars))\r
{\r
SQLite3DB::Statement del=m_db->Prepare("DELETE FROM tblMessage WHERE IdentityID=?;");\r
del.Bind(0,identityid);\r
del.Step();\r
}\r
\r
- if(identityid!=0 && queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="hide")\r
+ if(identityid!=0 && queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="hide" && ValidateFormPassword(queryvars))\r
{\r
SQLite3DB::Statement del=m_db->Prepare("UPDATE tblIdentity SET Hidden='true' WHERE IdentityID=?;");\r
del.Bind(0,identityid);\r
del.Step();\r
}\r
\r
- if(identityid!=0 && queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="show")\r
+ if(identityid!=0 && queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="show" && ValidateFormPassword(queryvars))\r
{\r
SQLite3DB::Statement del=m_db->Prepare("UPDATE tblIdentity SET Hidden='false' WHERE IdentityID=?;");\r
del.Bind(0,identityid);\r
content+="<tr><td>Hidden in Main Peer Trust Page</td>";\r
content+="<td>"+hidden;\r
content+=" <form name=\"frmhidden\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"identityid\" value=\""+identityidstr+"\">";\r
if(hidden=="false")\r
{\r
content+="<td>Message Count</td>";\r
content+="<td>"+messagecountstr;\r
content+=" <form name=\"frmdeletemessages\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"identityid\" value=\""+identityidstr+"\">";\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"deletemessages\">";\r
content+="<input type=\"submit\" value=\"Delete Messages\">";\r
std::string tempval;\r
Poco::DateTime date;\r
\r
- if(queryvars.find("formaction")!=queryvars.end())\r
+ if(queryvars.find("formaction")!=queryvars.end() && ValidateFormPassword(queryvars))\r
{\r
if((*queryvars.find("formaction")).second=="removenotseen")\r
{\r
\r
content+="<h2>Peer Maintenance</h2>";\r
content+="<p class=\"paragraph\">Removing a peer will not remove the messages they sent, but will remove everything else about that peer, including their trust levels.</p>";\r
+ content+="<p>";\r
+ content+="<a href=\"recentlyadded.htm\">Recently Added Peers</a>";\r
+ content+="</p>";\r
content+="<table>";\r
content+="<tr><th colspan=\"3\">Stats</th></tr>";\r
\r
content+="<td>never seen</td>";\r
content+="<td>";\r
content+="<form name=\"frmremove\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"removenotseen\">";\r
content+="<input type=\"submit\" value=\"Remove\">";\r
content+="</form>";\r
content+="<td>last seen more than 20 days ago</td>";\r
content+="<td>";\r
content+="<form name=\"frmremove\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"removelastseen20\">";\r
content+="<input type=\"submit\" value=\"Remove\">";\r
content+="</form>";\r
content+="<td>last sent a message more than 30 days ago</td>";\r
content+="<td>";\r
content+="<form name=\"frmremove\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"removeposted30daysago\">";\r
content+="<input type=\"submit\" value=\"Remove\">";\r
content+="</form>";\r
content+="<td>never sent a message</td>";\r
content+="<td>";\r
content+="<form name=\"frmremove\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"removeneversent\">";\r
content+="<input type=\"submit\" value=\"Remove\">";\r
content+="</form>";\r
content+="<td>added more than 20 days ago and never sent a message</td>";\r
content+="<td>";\r
content+="<form name=\"frmremove\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"removeadded20daysneversent\">";\r
content+="<input type=\"submit\" value=\"Remove\">";\r
content+="</form>";\r
content+="<td>last seen more than 20 days ago and never sent a message</td>";\r
content+="<td>";\r
content+="<form name=\"frmremove\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"removelastseenneversent20\">";\r
content+="<input type=\"submit\" value=\"Remove\">";\r
content+="</form>";\r
content+="</tr>";\r
\r
content+="<tr>";\r
- content+="<td><form name=\"frmdelete\" method=\"POST\"><input type=\"hidden\" name=\"formaction\" value=\"removedaysago\"></td>";\r
+ content+="<td><form name=\"frmdelete\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
+ content+="<input type=\"hidden\" name=\"formaction\" value=\"removedaysago\"></td>";\r
content+="<td>last seen <input type=\"text\" name=\"daysago\" size=\"2\"> days ago</td>";\r
content+="<td><input type=\"submit\" value=\"Remove\"></form></td>";\r
content+="</tr>";\r
\r
content+="<tr>";\r
- content+="<td><form name=\"frmdelete\" method=\"POST\"><input type=\"hidden\" name=\"formaction\" value=\"removenulldaysago\"></td>";\r
+ content+="<td><form name=\"frmdelete\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
+ content+="<input type=\"hidden\" name=\"formaction\" value=\"removenulldaysago\"></td>";\r
content+="<td>last seen <input type=\"text\" name=\"daysago\" size=\"2\"> days ago, and have null local trust</td>";\r
content+="<td><input type=\"submit\" value=\"Remove\"></form></td>";\r
content+="</tr>";\r
}\r
}\r
\r
- if(localidentityid!=-1 && queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="update")\r
+ if(localidentityid!=-1 && queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="update" && ValidateFormPassword(queryvars))\r
{\r
std::vector<std::string> identityids;\r
std::vector<std::string> oldlmt;\r
content+="</div>";\r
\r
content+="<form name=\"frmtrust\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"update\">";\r
content+="<input type=\"hidden\" name=\"localidentityid\" value=\""+localidentityidstr+"\">";\r
content+="<input type=\"hidden\" name=\"startrow\" value=\""+startrowstr+"\">";\r
--- /dev/null
+#include "../../../include/http/pages/recentlyaddedpage.h"\r
+#include "../../../include/global.h"\r
+#include "../../../include/stringfunctions.h"\r
+\r
+#include <Poco/DateTime.h>\r
+#include <Poco/DateTimeFormatter.h>\r
+#include <Poco/Timespan.h>\r
+\r
+const std::string RecentlyAddedPage::GeneratePage(const std::string &method, const std::map<std::string,std::string> &queryvars)\r
+{\r
+ std::string content="";\r
+ Poco::DateTime date;\r
+ int count=0;\r
+ std::string countstr="0";\r
+\r
+ if(queryvars.find("formaction")!=queryvars.end() && (*queryvars.find("formaction")).second=="delete" && ValidateFormPassword(queryvars))\r
+ {\r
+ std::vector<std::string> identityids;\r
+ CreateArgArray(queryvars,"chkdel",identityids);\r
+\r
+ SQLite3DB::Statement del=m_db->Prepare("DELETE FROM tblIdentity WHERE IdentityID=?;");\r
+\r
+ for(std::vector<std::string>::iterator i=identityids.begin(); i!=identityids.end(); i++)\r
+ {\r
+ if((*i)!="")\r
+ {\r
+ del.Bind(0,(*i));\r
+ del.Step();\r
+ del.Reset();\r
+ }\r
+ }\r
+\r
+ }\r
+\r
+ content="<h2>Recently Added Peers</h2>";\r
+\r
+ SQLite3DB::Statement st=m_db->Prepare("SELECT IdentityID, PublicKey, Name, DateAdded, AddedMethod FROM tblIdentity WHERE DateAdded>=? ORDER BY DateAdded DESC;");\r
+ date-=Poco::Timespan(5,0,0,0,0);\r
+ st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));\r
+ st.Step();\r
+\r
+ content+="<form name=\"frmdel\" method=\"post\">";\r
+ content+=CreateFormPassword();\r
+ content+="<input type=\"hidden\" name=\"formaction\" value=\"delete\">";\r
+ content+="<table class=\"small90\">";\r
+ content+="<tr><th>Name</th><th>Date Added</th><th>Added Method</th></tr>";\r
+\r
+ while(st.RowReturned())\r
+ {\r
+ std::string identityidstr="";\r
+ std::string publickey="";\r
+ std::string name="";\r
+ std::string dateadded="";\r
+ std::string addedmethod="";\r
+\r
+ st.ResultText(0,identityidstr);\r
+ st.ResultText(1,publickey);\r
+ st.ResultText(2,name);\r
+ st.ResultText(3,dateadded);\r
+ st.ResultText(4,addedmethod);\r
+\r
+ StringFunctions::Convert(count,countstr);\r
+\r
+ content+="<tr>";\r
+ content+="<td title=\""+publickey+"\">";\r
+ content+="<a href=\"peerdetails.htm?identityid="+identityidstr+"\">";\r
+ content+=SanitizeOutput(CreateShortIdentityName(name,publickey));\r
+ content+="</a>";\r
+ content+="</td>";\r
+ content+="<td>"+dateadded+"</td>";\r
+ content+="<td>"+SanitizeOutput(addedmethod)+"</td>";\r
+ content+="<td><input type=\"checkbox\" name=\"chkdel["+countstr+"]\" value=\""+identityidstr+"\"></td>";\r
+ content+="</tr>";\r
+\r
+ count++;\r
+\r
+ st.Step();\r
+ }\r
+ content+="<tr><td colspan=\"4\"><center><input type=\"submit\" value=\"Delete Selected\"></center></td></tr>";\r
+ content+="</table>";\r
+\r
+ return StringFunctions::Replace(m_template,"[CONTENT]",content);\r
+}\r
+\r
+const bool RecentlyAddedPage::WillHandleURI(const std::string &uri)\r
+{\r
+ if(uri.find("recentlyadded.")!=std::string::npos)\r
+ {\r
+ return true;\r
+ }\r
+ else\r
+ {\r
+ return false;\r
+ }\r
+}\r
projects / fms.git / commitdiff