#include "../../include/http/multipartparser.h"\r
\r
#include <Poco/Net/HTMLForm.h>\r
+#include <Poco/UUIDGenerator.h>\r
+#include <Poco/UUID.h>\r
+#include <Poco/DateTime.h>\r
+#include <Poco/DateTimeFormatter.h>\r
+#include <Poco/Timespan.h>\r
\r
#include <cstring>\r
\r
}\r
}\r
\r
+const std::string IPageHandler::CreateFormPassword()\r
+{\r
+ Poco::DateTime date;\r
+ Poco::UUIDGenerator uuidgen;\r
+ Poco::UUID uuid;\r
+ try\r
+ {\r
+ uuid=uuidgen.createRandom();\r
+ }\r
+ catch(...)\r
+ {\r
+ }\r
+\r
+ SQLite3DB::Statement st=m_db->Prepare("INSERT INTO tmpFormPassword(Date,Password) VALUES(?,?);");\r
+ st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));\r
+ st.Bind(1,uuid.toString());\r
+ st.Step();\r
+\r
+ return "<input type=\"hidden\" name=\"formpassword\" value=\""+uuid.toString()+"\">";\r
+\r
+}\r
+\r
const std::string IPageHandler::CreateTrueFalseDropDown(const std::string &name, const std::string &selected)\r
{\r
std::string rval="";\r
vars[(*i).first]=(*i).second;\r
}\r
\r
+ // for a POST method, the HTMLForm won't grab vars off the query string so we\r
+ // temporarily set the method to GET and parse with the HTMLForm again\r
+ if(request.getMethod()=="POST")\r
+ {\r
+ request.setMethod("GET");\r
+ Poco::Net::HTMLForm form1(request,request.stream(),mpp);\r
+ for(Poco::Net::HTMLForm::ConstIterator i=form1.begin(); i!=form1.end(); i++)\r
+ {\r
+ vars[(*i).first]=(*i).second;\r
+ }\r
+ request.setMethod("POST");\r
+ }\r
+\r
// get any multiparts\r
std::map<std::string,std::string> mpvars=mpp.GetVars();\r
for(std::map<std::string,std::string>::iterator i=mpvars.begin(); i!=mpvars.end(); i++)\r
\r
CreateQueryVarMap(request,vars);\r
\r
- response.setChunkedTransferEncoding(true);\r
+ if(request.getVersion()==Poco::Net::HTTPRequest::HTTP_1_1)\r
+ {\r
+ response.setChunkedTransferEncoding(true);\r
+ }\r
response.setContentType("text/html");\r
\r
std::ostream &ostr = response.send();\r
output=StringFunctions::Replace(output," "," ");\r
return output;\r
}\r
+\r
+const std::string IPageHandler::SanitizeTextAreaOutput(const std::string &input)\r
+{\r
+ // must do & first because all other elements have & in them!\r
+ std::string output=StringFunctions::Replace(input,"&","&");\r
+ output=StringFunctions::Replace(output,"<","<");\r
+ output=StringFunctions::Replace(output,">",">");\r
+ output=StringFunctions::Replace(output,"\"",""");\r
+ return output;\r
+}\r
+\r
+const bool IPageHandler::ValidateFormPassword(const std::map<std::string,std::string> &vars)\r
+{\r
+ Poco::DateTime date;\r
+ date-=Poco::Timespan(0,1,0,0,0);\r
+\r
+ SQLite3DB::Statement st=m_db->Prepare("DELETE FROM tmpFormPassword WHERE Date<?;");\r
+ st.Bind(0,Poco::DateTimeFormatter::format(date,"%Y-%m-%d %H:%M:%S"));\r
+ st.Step();\r
+\r
+ std::map<std::string,std::string>::const_iterator i=vars.find("formpassword");\r
+ if(i!=vars.end())\r
+ {\r
+ st=m_db->Prepare("SELECT COUNT(*) FROM tmpFormPassword WHERE Password=?;");\r
+ st.Bind(0,(*i).second);\r
+ st.Step();\r
+ if(st.RowReturned())\r
+ {\r
+ if(st.ResultNull(0)==false)\r
+ {\r
+ int rval=0;\r
+ st.ResultInt(0,rval);\r
+ if(rval>0)\r
+ {\r
+ return true;\r
+ }\r
+ else\r
+ {\r
+ return false;\r
+ }\r
+ }\r
+ else\r
+ {\r
+ return false;\r
+ }\r
+ }\r
+ else\r
+ {\r
+ return false;\r
+ }\r
+ }\r
+ else\r
+ {\r
+ return false;\r
+ }\r
+}\r
+\r
+const bool IPageHandler::WillHandleURI(const std::string &uri)\r
+{\r
+ if(uri.find(m_pagename)!=std::string::npos)\r
+ {\r
+ return true;\r
+ }\r
+ else\r
+ {\r
+ return false;\r
+ }\r
+}\r
projects / fms.git / blobdiff