Subversion Repositories wimsdev

Rev

Rev 15005 | Rev 15743 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
10 reyssat 1 
/*    Copyright (C) 1998-2003 XIAO, Gang of Universite de Nice - Sophia Antipolis
2 
 *
3 
 *  This program is free software; you can redistribute it and/or modify
4 
 *  it under the terms of the GNU General Public License as published by
5 
 *  the Free Software Foundation; either version 2 of the License, or
6 
 *  (at your option) any later version.
7 
 *
8 
 *  This program is distributed in the hope that it will be useful,
9 
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
10 
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11 
 *  GNU General Public License for more details.
12 
 *
13 
 *  You should have received a copy of the GNU General Public License
14 
 *  along with this program; if not, write to the Free Software
15 
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
16 
 */
7673 bpr 17 
/* routines to process variables */
10 reyssat 18 
 
8185 bpr 19 
#include "wims.h"
10 reyssat 20 
char *computed_var_start; /* pointer to read-in var def file */
21 
int session_var_ready=0;
22 
char last_host[32]="";
23 
char *robotcheck="";
24 
 
25 
char *header_var_name[]={
26 
    "REMOTE_ADDR", "HTTP_REFERER", "QUERY_STRING", "HTTP_USER_AGENT",
27 
     "HTTP_COOKIE"
28 
};
29 
#define HEADER_VAR_NO (sizeof(header_var_name)/sizeof(header_var_name[0]))
30 
 
8368 bpr 31 
struct special_name {char *name; int value;} special_name[]={
8479 bpr 32 
  {"MAX_EXAMS",MAX_EXAMS},
8368 bpr 33 
  {"MAX_EXOS",MAX_EXOS},
14769 guerimand 34 
  {"MAX_FREEWORKS",MAX_FREEWORKS},
8368 bpr 35 
  {"MAX_OEFCHOICES",MAX_OEFCHOICES},
36 
  {"MAX_OEFREPLIES",MAX_OEFREPLIES},
37 
  {"MAX_SHEETS",MAX_SHEETS},
12021 guerimand 38 
  {"MAX_TECHVARVAL",MAX_TECHVARVAL},
14329 guerimand 39 
  {"MAX_USERFORGRADES",MAX_USERFORGRADES},
8368 bpr 40 
  {"MAX_VOTES",MAX_VOTES},
41 
};
42 
int special_name_no=(sizeof(special_name)/sizeof(special_name[0]));
10 reyssat 43 
char *var_allow[]={
44 
    "deny" , "init" , "config" ,
45 
      "reply", "any", "help"
46 
};
47 
enum {
7673 bpr 48 
    var_allow_deny, var_allow_init, var_allow_config,
10 reyssat 49 
      var_allow_reply, var_allow_any, var_allow_help
50 
} VAR_ALLOWS;
51 
#define VAR_ALLOW_NO (sizeof(var_allow)/sizeof(var_allow[0]))
52 
 
12381 bpr 53 
struct internal_name internaldef_name[]={
54 
  {"exotrymax",var_allow_init}
55 
};
56 
int INTERNALDEF_NAME_NO=(sizeof(internaldef_name)/sizeof(internaldef_name[0]));
57 
 
7673 bpr 58 
/* install a temporary directory for the session */
10 reyssat 59 
void mktmpdir(char *p)
60 
{
12216 bpr 61 
  char *base;
62 
  if(p==NULL || *p==0 || strstr(p,"robot")!=NULL) return;
63 
  if(strstr(tmp_dir,"sessions")!=NULL) return;
64 
  if(ftest("../chroot/tmp/sessions/.chroot")==is_file) base="chroot/tmp";
65 
  else base="tmp";
66 
  mkfname(tmp_dir,"../%s/sessions/%s",base,p);
67 
  remove_tree(tmp_dir); mkdirs(tmp_dir);
68 
  chmod(tmp_dir,S_IRUSR|S_IWUSR|S_IXUSR
7673 bpr 69 
       |S_IRGRP|S_IWGRP|S_IXGRP|S_IROTH|S_IWOTH|S_IXOTH);
12216 bpr 70 
  setenv("tmp_dir",tmp_dir,1); setenv("TMPDIR",tmp_dir,1);
10 reyssat 71 
}
72 
 
7673 bpr 73 
/* Open session variable file */
10 reyssat 74 
FILE *fopen_session_var_file(char read_or_write[])
75 
{
12216 bpr 76 
  char *nbuf; FILE *f;
10 reyssat 77 
 
12216 bpr 78 
  nbuf=mkfname(NULL,"%s/var",session_prefix);
79 
  if(read_or_write[0]=='r') {
80 
    if(open_working_file(&m_file,nbuf)!=0) return NULL;
81 
    mkfname(m_file.name,"session_var");
82 
    return stdin;
83 
  }
84 
  f=fopen(nbuf,read_or_write);
85 
  if(f==NULL) {
7673 bpr 86 
/* expired_session */
12216 bpr 87 
    internal_error("fopen_session_var_file(): unable to create session variable file.");
88 
  }
89 
  mkfname(m_file.name,"session_var");
90 
  m_file.l=0;
91 
  return f;
10 reyssat 92 
}
93 
 
7673 bpr 94 
/* Open a module file, read only, with name checking.
8155 bpr 95 
 * returns NULL if error.
96 
 */
10 reyssat 97 
int read_module_file(char *fname)
98 
{
12216 bpr 99 
  char nbuf[MAX_FNAME+1];
10 reyssat 100 
 
12216 bpr 101 
  if(get_cached_file(fname)>=0) return 0;
102 
  if(find_module_file(fname,nbuf,0)) return -1;
103 
  if(open_working_file(&m_file,nbuf)!=0) return -1;
104 
  untrust|=(untrust>>8);
105 
  mystrncpy(m_file.name,fname,sizeof(m_file.name));
106 
  if(strncmp(module_prefix,module_dir,strlen(module_dir))!=0) m_file.nocache|=8;
107 
  return 0;
10 reyssat 108 
}
12011 bpr 109 
/* list of variables get from the query parms */
10 reyssat 110 
int varget[]={ro_module,ro_lang,ro_useropts,ro_worksheet};
111 
#define varget_no (sizeof(varget)/sizeof(varget[0]))
112 
 
7673 bpr 113 
/* set up ref strings according to protocol */
10 reyssat 114 
void set_protocol(void)
115 
{
12216 bpr 116 
  if(strcmp(protocol,"https")!=0) return;
117 
  if(strncmp(ref_name,"http:",5)==0) {
118 
    string_modify(ref_name,ref_name+4,ref_name+4,"s");
119 
    string_modify(ref_base,ref_base+4,ref_base+4,"s");
120 
    force_setvar("wims_ref_name",ref_name);
121 
  }
10 reyssat 122 
}
123 
 
7673 bpr 124 
/* verify class participant connection data */
10 reyssat 125 
void classlock(void)
126 
{
12216 bpr 127 
  int lvl;
128 
  char *p;
7673 bpr 129 
 
12216 bpr 130 
  p=getvar("wims_classlock"); if(p==NULL) lvl=0; else {
131 
    p=find_word_start(p);
132 
    lvl=*p-'0'; if(lvl<0 || lvl>7) lvl=0;
133 
  }
134 
  if(lvl==7) { /* closed */
135 
    p=getvar("wims_user");
136 
    if(p==NULL || strcmp(p,"supervisor")!=0) user_error("class_closed");
137 
  }
138 
  if(lvl==2 || lvl==4 || lvl==6) { /* https */
139 
    p=getenv("HTTPS");
140 
    if(p==NULL || strcasecmp(p,"on")!=0) user_error("need_https");
141 
  }
142 
  if(lvl==3 || lvl>=5) {
143 
    if(strcmp(last_host,remote_addr)!=0) user_error("bad_host");
144 
  }
145 
  if((lvl==1 || lvl>=4) && cookiegot[0]==0) { /* cookie */
146 
    setcookie=1;
147 
    setvar("cookie_module",getvar(ro_name[ro_module]));
148 
    setvar("cookie_cmd",getvar(ro_name[ro_cmd]));
149 
    force_setvar(ro_name[ro_module],home_module);
150 
    force_setvar(ro_name[ro_cmd],commands[cmd_new]);
151 
    setvar("wims_askcookie","yes");
152 
    return;
153 
  }
154 
  else setcookie=0;
10 reyssat 155 
}
156 
 
7673 bpr 157 
/* get static session variables */
10 reyssat 158 
void get_static_session_var(void)
159 
{
12216 bpr 160 
  char *p, *pe, *p2, *p3;
161 
  char sbuf[MAX_FNAME+1], tbuf[MAX_LINELEN+1];
162 
  mystrncpy(sbuf,session_prefix,sizeof(sbuf));
163 
  for(p=sbuf+strlen(sbuf);p>sbuf && *p!='_' && *p!='/'; p--);
164 
  if(p>sbuf && *p=='_') *p=0;
165 
  accessfile(tbuf,"r","%s/var.stat",sbuf);
166 
  p=strrchr(sbuf,'/'); if(p!=NULL) p++; else p=sbuf;
167 
  mktmpdir(p);
168 
  for(p=find_word_start(tbuf);*p;p=find_word_start(pe)) {
169 
    pe=strchr(p,'\n'); if(pe!=NULL) *pe++=0; else pe=p+strlen(p);
170 
    p2=strchr(p,'='); if(p2==NULL) continue;
171 
    *p2++=0; force_setvar(p,p2);
172 
  }
173 
  p=getvar("wims_class"); if(p==NULL || *p==0) return;
174 
  mkfname(class_dir,"%s/%s",class_base,p);
175 
  classlock();
176 
  p3=getvar("wims_class_refcolor");
177 
  if(p3!=NULL && *p3!=0) force_setvar("wims_ref_bgcolor",p3);
178 
  p3=getvar("wims_class_ref_menucolor");
179 
  if(p3!=NULL && *p3!=0) force_setvar("wims_ref_menucolor",p3);
180 
  p3=getvar("wims_class_ref_button_color");
181 
  if(p3!=NULL && *p3!=0) force_setvar("wims_ref_button_color",p3);
182 
  p3=getvar("wims_class_ref_button_bgcolor");
183 
  if(p3!=NULL && *p3!=0) force_setvar("wims_ref_button_bgcolor",p3);
184 
  p3=getvar("wims_class_ref_button_help_bgcolor");
185 
  if(p3!=NULL && *p3!=0) force_setvar("wims_ref_button_help_bgcolor",p3);
186 
  p3=getvar("wims_class_ref_button_help_color");
187 
  if(p3!=NULL && *p3!=0) force_setvar("wims_ref_button_help_color",p3);
188 
  p2=getvar(ro_name[ro_module]);
189 
  if(p2==NULL || strncmp(p2,"classes/",strlen("classes/"))!=0) return;
190 
  mkfname(sbuf,"classes/%s",lang);
191 
  if(strcmp(sbuf,p2)!=0) force_setvar(ro_name[ro_module],sbuf);
10 reyssat 192 
}
193 
 
7673 bpr 194 
/* set one static session variable */
10 reyssat 195 
void set_static_session_var(char *name, char *val)
196 
{
12216 bpr 197 
  char *p;
198 
  char sbuf[MAX_FNAME+1], tbuf[MAX_LINELEN+1];
199 
  mystrncpy(sbuf,session_prefix,sizeof(sbuf));
200 
  for(p=sbuf+strlen(sbuf);p>sbuf && *p!='_' && *p!='/'; p--)
201 
  ;
202 
  if(p>sbuf && *p=='_') *p=0;
203 
  snprintf(sbuf+strlen(sbuf),sizeof(sbuf)-strlen(sbuf),"/var.stat");
204 
  snprintf(tbuf,sizeof(tbuf),"%s=%s",name,val);
205 
  setdef(sbuf,tbuf); setvar(name,val);
10 reyssat 206 
}
207 
 
7673 bpr 208 
/* The session is probably robot. */
10 reyssat 209 
void robot_doubt(void)
210 
{
12216 bpr 211 
  char *h, *p;
7673 bpr 212 
 
12216 bpr 213 
  p=getvar("special_parm"); h=getvar("module");
214 
  if(p==NULL || h==NULL) {
215 
    bad: user_error("robot_doubt"); return;
216 
  }
217 
  p=find_word_start(p); strip_trailing_spaces(p);
218 
  if(strcmp(p,"wims")!=0 || strcmp(h,home_module)!=0) goto bad;
219 
  set_static_session_var("wims_robotcheck","manual");
10 reyssat 220 
}
221 
 
7673 bpr 222 
/* User has changed module within an operation.
8155 bpr 223 
 * Probably due to robot access.
224 
 */
10 reyssat 225 
void bad_module(void)
226 
{
12216 bpr 227 
  char *p;
228 
  p=getvar("wims_user"); if(p==NULL) p="";
229 
  if(*p==0 && strcmp(robotcheck,"manual")!=0) set_static_session_var("wims_robotcheck","robot");
230 
  else setvar("wims_human_access","yes");
231 
  user_error("module_change");
10 reyssat 232 
}
233 
 
7673 bpr 234 
/* returns 1 if session directory exists */
10 reyssat 235 
int session_exists(char *s)
236 
{
12216 bpr 237 
  if(ftest(mkfname(NULL,"../%s/%s/var",SESSION_BASE,s))==is_file) return 1;
238 
  else return 0;
10 reyssat 239 
}
240 
 
7673 bpr 241 
/* Check the validity of session number .
8155 bpr 242 
 * returns 0 if OK, else -1.
243 
 */
10 reyssat 244 
int check_session(void)
245 
{
12216 bpr 246 
  char tbuf[MAX_LINELEN+1], vbuf[MAX_LINELEN+1];
247 
  char *p, *pp, *pr;
248 
  int i,m,n,pl,rapid,badmod;
249 
  struct stat st;
10 reyssat 250 
 
12216 bpr 251 
  rapid=badmod=0; pr="";
252 
  if(fopen_session_var_file("r")==NULL) return -1;
253 
  if(ftest(s2_prefix)!=is_dir) mkdirs(s2_prefix);
254 
  session_var_ready=1; memmove(&svar_file,&m_file,sizeof(WORKING_FILE));
7673 bpr 255 
/* REMOTE_ADDR */
12216 bpr 256 
  wgetline(vbuf,MAX_LINELEN,&m_file);
257 
  mystrncpy(last_host,vbuf+strlen("REMOTE_ADDR="),sizeof(last_host));
258 
  m_file.linepointer++; /* now it points to query_string */
259 
  pp=getenv("QUERY_STRING");
260 
  if(pp!=NULL && *pp!=0 && strlen(pp)<=MAX_LINELEN) {
7673 bpr 261 
/* we compare the query string with the last one. */
12216 bpr 262 
    char *p1, *p2;
263 
    wgetline(tbuf,MAX_LINELEN,&m_file);
264 
    p1=tbuf+strlen("QUERY_STRING=");
265 
    if(strncmp(tbuf,"QUERY_STRING=",strlen("QUERY_STRING="))==0 &&
7673 bpr 266 
        strcmp(pp,p1)==0 && strstr(session_prefix,"_test")==NULL) {
267 
/* query string does not change */
12216 bpr 268 
      if(ftest(mkfname(NULL,"%s/%s",s2_prefix,lastout))==is_file &&
7673 bpr 269 
            ftest_size > 0) {
12216 bpr 270 
        uselast:
271 
        putlastout(); delete_pid(); exit(0);
272 
      }
273 
      else {
274 
        if(cmd_type==cmd_new || cmd_type==cmd_renew ||
7673 bpr 275 
             cmd_type==cmd_reply || cmd_type==cmd_next) {
12216 bpr 276 
          cmd_type=cmd_resume;
277 
          force_setvar(ro_name[ro_cmd],"resume");
278 
          forceresume=1;
279 
        }
280 
      }
281 
    }
7673 bpr 282 
/* stop rapidfire requests */
12216 bpr 283 
    if((cmd_type==cmd_new || cmd_type==cmd_renew) &&
7673 bpr 284 
        strncmp(p1,"session=",strlen("session="))==0 &&
285 
        strncmp(pp,"session=",strlen("session="))==0) {
12216 bpr 286 
      p1=strchr(p1,'&'); if(p1==NULL) p1="";
287 
      p2=strchr(pp,'&'); if(p2==NULL) p2=""; pr=p2;
288 
      if(strcmp(p1,p2)==0) rapid=1;
10 reyssat 289 
    }
12216 bpr 290 
  }
291 
  m_file.linepointer=3;
292 
  wgetline(vbuf,MAX_LINELEN,&m_file); /* stored user_agent */
10 reyssat 293 
/*    p=getenv("HTTP_USER_AGENT"); if(p==NULL) p="";
294 
    if(strcmp(vbuf+strlen("HTTP_USER_AGENT="),p)!=0) bad_ident(); */
12216 bpr 295 
  m_file.linepointer=HEADER_VAR_NO;
296 
  pl=strlen(var_prefix);i=-1;
297 
  while(wgetline(tbuf,MAX_LINELEN,&m_file)!=EOF) {
298 
    if(tbuf[0]==0) break; /* blank line */
299 
    if(strncmp(tbuf,var_prefix,pl)!=0) break;
300 
    i++;if(i>=RO_NAME_NO) break;
301 
    for(n=0;n<varget_no && varget[n]!=i;n++)
302 
    ;
303 
      if(n>=varget_no) continue;
304 
    m=pl+strlen(ro_name[i]);
305 
    if(tbuf[m]!='=' || tbuf[m+1]==0) continue;
306 
    if(i==ro_module && cmd_type!=cmd_new && cmd_type!=cmd_intro && cmd_type!=cmd_help) {
307 
      char *pp;
308 
      pp=getvar(ro_name[i]);
309 
      if(pp!=NULL && *pp!=0 && strcmp(pp,tbuf+m+1)!=0) badmod=1;
10 reyssat 310 
    }
12216 bpr 311 
    if(i==ro_lang && !user_lang)
312 
      force_setvar(ro_name[i],tbuf+m+1);
313 
    else setvar(ro_name[i],tbuf+m+1);
314 
  }
7673 bpr 315 
/* recover internal variables */
12216 bpr 316 
  do
317 
  {
318 
    char *v;
319 
    if(tbuf[0]==0) break;
320 
    v=strchr(tbuf,'=');
321 
    if(v==NULL) break; else *(v++)=0;
322 
    if(strncmp(tbuf,var_prefix,strlen(var_prefix))!=0) setenv(tbuf,v,1);
323 
    else if(tbuf[strlen(var_prefix)]) force_setvar(tbuf+strlen(var_prefix),v);
324 
  }
325 
  while(wgetline(tbuf,MAX_LINELEN,&m_file)!=EOF);
326 
  get_static_session_var();
327 
  robotcheck=getvar("wims_robotcheck"); if(robotcheck==NULL) robotcheck="";
7673 bpr 328 
/* form access means manual access. Mark this. */
12216 bpr 329 
  if(form_access && strcmp(robotcheck,"manual")!=0) {
330 
    robotcheck="manual";
331 
    set_static_session_var("wims_robotcheck","manual");
332 
  }
333 
  else if(strcmp(robotcheck,"robot")==0) robot_doubt();
334 
  if(badmod) bad_module();
335 
  if(cookiegot[0]!=0) {
336 
    p=getvar("wims_sescookie");
337 
    if(p!=NULL && *p!=0 && strcmp(cookiegot,p)!=0) bad_ident();
338 
  }
339 
  p=getvar("wims_sreferer");
340 
  if(p!=NULL && *p!=0) {
341 
    setenv("HTTP_REFERER",p,1); setvar("httpd_HTTP_REFERER",p);
342 
  }
343 
  if(rapid) {
344 
    int rapidfiredelay;
345 
    char *pw, fnbuf[MAX_FNAME+1];
346 
/* Delay: 10 seconds within worksheets, 1 second otherwise. */
347 
    pw=getvar("wims_developer");
348 
    if(pw!=NULL && *pw!=0) goto delcheckend;
349 
    pw=getvar("wims_user");
350 
    if(pw==NULL || *pw==0 || strcmp(pw,"supervisor")==0) rapidfiredelay=1;
351 
    else {
352 
      pw=strstr(pr,"&+worksheet=");
353 
      if(pw!=NULL && myisdigit(*(pw+strlen("&+worksheet=")))) rapidfiredelay=10;
354 
        else rapidfiredelay=2;
10 reyssat 355 
    }
12216 bpr 356 
    if(ftest(mkfname(fnbuf,"%s/%s",s2_prefix,lastout))==is_file
7673 bpr 357 
        && ftest_size > 0
358 
        && stat(fnbuf,&st) == 0
359 
        && st.st_mtime > nowtime-rapidfiredelay && st.st_mtime <= nowtime)
12216 bpr 360 
      goto uselast;
361 
  }
7673 bpr 362 
/* set protocol string */
12216 bpr 363 
  delcheckend: pp=getvar("wims_protocol");
364 
  if(pp!=NULL && strcmp(pp,"https")==0) {
365 
    protocol="https"; set_protocol();
366 
  }
367 
  useropts(); return 0;
10 reyssat 368 
}
7673 bpr 369 
/* check whether a session is trapped. */
10 reyssat 370 
void trap_check(char *s)
371 
{
12216 bpr 372 
  char buf[64];
373 
  char *p;
374 
  time_t t1;
10 reyssat 375 
 
12216 bpr 376 
  setvar("wims_session_expired",s);
377 
  accessfile(tmplbuf,"r","../tmp/log/trap.check");
378 
  if(tmplbuf[0]==0) return;
379 
  p=getenv("REMOTE_ADDR");if(p==NULL) return;
380 
  snprintf(buf,sizeof(buf),":%s,%s,",s,p);
381 
  p=strstr(tmplbuf,buf); if(p==NULL) return;
382 
  p+=strlen(buf);*find_word_end(p)=0;
383 
  t1=atoi(p);
384 
  if(t1>nowtime) user_error("trapped");
10 reyssat 385 
}
386 
 
387 
char cars[]="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
388 
 
389 
void set_cookie(void)
390 
{
12216 bpr 391 
  #define keylen 20
392 
  char sesbuf[16], keybuf[keylen+8];
393 
  char *p;
10 reyssat 394 
 
12216 bpr 395 
  p=getvar(ro_name[ro_session]); if(p==NULL) return;
396 
  mystrncpy(sesbuf,p,sizeof(sesbuf));
397 
  if(strchr(sesbuf,'_')==NULL) { /* main session */
398 
    int i;
399 
    for(i=0;i<keylen;i++) keybuf[i]=cars[random()%36];
400 
    keybuf[keylen]=0; cookiegot[0]=0;
401 
    snprintf(cookieset,sizeof(cookieset),"%s-%s",sesbuf,keybuf);
402 
    set_static_session_var("wims_sescookie",cookieset);
403 
    setcookie=1;
404 
  }
405 
  else { /* subsession */
406 
    p=getvar("wims_sescookie"); if(p && *p)
407 
    mystrncpy(cookieset,p,sizeof(cookieset));
408 
  }
10 reyssat 409 
}
410 
 
7673 bpr 411 
/* create a session number */
10 reyssat 412 
void create_session(void)
413 
{
12216 bpr 414 
  long t; char session_str[64],*s;
415 
  char *p, ses_dir_buf[MAX_FNAME+1], sesrandbuf[MAX_LINELEN+1];
416 
  int i;
7673 bpr 417 
 
418 
/* no session is created for robots */
12216 bpr 419 
  if(robot_access) return;
420 
  sesrandbuf[0]=0;
7673 bpr 421 
/* If session is given in request_string: use it. */
12216 bpr 422 
  s=getvar(ro_name[ro_session]); if(s==NULL) goto creat;
423 
  mystrncpy(session_str,s,sizeof(session_str));
424 
  s=strchr(session_str,'.'); if(s!=NULL) *s=0;
425 
  s=session_str;
426 
  if(*s!=0) {
427 
    int i;
428 
    mkfname(ses_dir_buf,"%s/%s",session_dir,s);
429 
    i=ftest(ses_dir_buf);
430 
    if(i<0) {
431 
      trap_check(s);
7673 bpr 432 
/* subsession */
12216 bpr 433 
      if(strlen(s)>10 && strchr(s,'_')!=NULL) {
434 
        char *tt;
435 
        tt=strrchr(ses_dir_buf,'_'); if(tt!=NULL) *tt=0;
7673 bpr 436 
/* parent session gone. */
12216 bpr 437 
        if(ftest(ses_dir_buf)<0) goto creat;
438 
        goto creat2;
439 
      }
440 
      else goto creat;
10 reyssat 441 
    }
12216 bpr 442 
    if(i!=is_dir) {
443 
      trap_check(s);
444 
      remove_tree(ses_dir_buf); goto creat;
445 
    }
446 
    return;
447 
  }
448 
  creat:
449 
  t=create_job_ident();
450 
  for(i=0;i<MAX_SESRANDOM;i++)
451 
    snprintf(sesrandbuf+strlen(sesrandbuf),
7673 bpr 452 
            sizeof(sesrandbuf)-strlen(sesrandbuf),
453 
            "%d,",sesrandomtab[i]);
12216 bpr 454 
  sesrandbuf[strlen(sesrandbuf)-1]='\n';
455 
  snprintf(session_str,sizeof(session_str),"%c%c%08lX",
7673 bpr 456 
          cars[random()%36],cars[random()%36],t);
12216 bpr 457 
  creat2:
458 
  force_setvar(ro_name[ro_session],session_str);
459 
  setsesdir(session_str);
7673 bpr 460 
/* check whether the environment is created. */
12216 bpr 461 
  s=getvar(ro_name[ro_session]);
462 
  if(s==NULL || strcmp(s,session_str))
463 
    internal_error("cannot_create_session_number");
464 
  snprintf(ses_dir_buf,sizeof(ses_dir_buf)-100,"%s/%s",
7673 bpr 465 
          session_dir,session_str);
12216 bpr 466 
  if(mkdir(ses_dir_buf,S_IRWXU)==-1)
467 
    internal_error("cannot_create_session_directory");
468 
  mkfname(s2_prefix,"%s/%s",s2_dir,session_str);
469 
  if(mkdir(s2_prefix,S_IRWXU)==-1) mkdirs(s2_prefix);
470 
  mystrncpy(session_prefix,ses_dir_buf,sizeof(session_prefix)); create_pid();
471 
  if(strchr(session_str,'_')==NULL) {
472 
    if((s=getenv("HTTP_REFERER"))!=NULL && *s!=0 && strlen(s)<MAX_FNAME-20
7673 bpr 473 
        && strstr(s,"wims")==NULL) {
12216 bpr 474 
      char *tt;
475 
      tt=getenv("SERVER_NAME");
476 
      if(tt==NULL || *tt==0 || strstr(s,tt)==NULL)
477 
        set_static_session_var("wims_sreferer",s);
10 reyssat 478 
    }
12216 bpr 479 
    if(sesrandbuf[0]) set_static_session_var("wims_sesrandom",sesrandbuf);
480 
  }
7673 bpr 481 
/* determine http protocol name. How to detect? */
12216 bpr 482 
  p=getenv("HTTPS"); if(p!=NULL && strcmp(p,"on")==0) {
10 reyssat 483 
      protocol="https"; set_protocol();
12216 bpr 484 
  }
485 
  force_setvar("wims_protocol",protocol);
486 
  new_session=1; session_serial=0;
487 
  setvar("wims_new_session","yes");
488 
  if(strchr(session_str,'_')!=NULL) get_static_session_var();
489 
  set_cookie();
10 reyssat 490 
}
491 
 
7673 bpr 492 
/* Register time of the request. */
10 reyssat 493 
void set_req_time(void)
494 
{
12216 bpr 495 
  char tstr[64];
7673 bpr 496 
 
12216 bpr 497 
  snprintf(tstr,sizeof(tstr),"%04d-%02d-%02d.%02d:%02d:%02d=%lu",
7673 bpr 498 
         (now->tm_year)+1900, (now->tm_mon)+1, now->tm_mday,
499 
         now->tm_hour, now->tm_min, now->tm_sec, nowtime);
12216 bpr 500 
  force_setvar("wims_req_time",tstr);
501 
  if(cmd_type == cmd_new || cmd_type == cmd_renew)
502 
    force_setvar("wims_module_start_time",tstr);
503 
  if(new_session) force_setvar("wims_session_start_time",tstr);
10 reyssat 504 
}
12011 bpr 505 
/* choose a seed and put in in wims_seed*/
506 
void seed_time(void)
507 
{
12216 bpr 508 
  int r; char buf[64];
509 
  struct timeval t;
510 
  gettimeofday(&t,NULL);
511 
  r=t.tv_usec+t.tv_sec*1000;
512 
  if(r<=0) r=1-r;
513 
  snprintf(buf,sizeof(buf),"%d",r);
514 
  force_setvar("wims_seed",buf);
12011 bpr 515 
}
10 reyssat 516 
 
7673 bpr 517 
/* set up module_prefix. */
10 reyssat 518 
void set_module_prefix(void)
519 
{
12216 bpr 520 
  char tbuf[MAX_FNAME+1], mmbuf[MAX_FNAME+1], *p, *pp, *ps;
521 
  int t,ft;
522 
  struct stat st;
10 reyssat 523 
 
12216 bpr 524 
  isclassmodule=0;
525 
  p=getvar(ro_name[ro_module]);
526 
  if(p==NULL || *p==0) user_error("no_module_name");
7673 bpr 527 
/* security measure: we should not allow users to go back to
8155 bpr 528 
 * parent directories.
529 
 */
12216 bpr 530 
  if(strstr(p,parent_dir_string)!=NULL) user_error("wrong_module");
531 
  if(strncmp(p,"classes/",strlen("classes/"))==0) isclassmodule=1;
532 
  if(strncmp(p,"devel/",strlen("devel/"))==0) isdevelmodule=1;
533 
  mkfname(module_prefix,"%s/%s",module_dir,p);
7673 bpr 534 
/* Now no symbolic link should appear in the module path. */
12216 bpr 535 
  mkfname(tbuf,"modules/%s",p);
536 
  for(t=0,ps=pp=strchr(tbuf+strlen("modules/"),'/'); pp;
537 
  *pp='/', ps=pp, pp=strchr(pp+1,'/'), t++) {
538 
  *pp=0; if(lstat(tbuf,&st)) user_error("wrong_module");
539 
  if(t>0 && S_ISLNK(st.st_mode)) {
540 
    if(strcmp(ps,"/local")!=0 ||
541 
          strncmp(tbuf,"modules/home",strlen("modules/home"))==0)
542 
      user_error("wrong_module");
10 reyssat 543 
    }
12216 bpr 544 
  }
7673 bpr 545 
/* Check validity of the module. */
12216 bpr 546 
  mkfname(tbuf,"%s/%s",module_prefix,html_file);
547 
  ft=stat(tbuf,&st);
548 
  if(ft!=0 && p[strlen(p)-3]!='.') {
549 
    int i,j;
550 
    char *l;
551 
    l=getvar(ro_name[ro_lang]);
552 
    j=available_lang_no;
553 
    for(i=-1;i<j && ft!=0;i++) {
554 
      if(i<0) mkfname(mmbuf,"%s.%s",p,l);
555 
      else mkfname(mmbuf,"%s.%s",p,available_lang[i]);
556 
      mkfname(module_prefix,"%s/%s",module_dir,mmbuf);
557 
      mkfname(tbuf,"%s/%s",module_prefix,html_file);
558 
      ft=stat(tbuf,&st);
10 reyssat 559 
    }
12216 bpr 560 
    if(ft==0) force_setvar(ro_name[ro_module],mmbuf);
561 
  }
562 
  if(ft!=0 && !isclassmodule) user_error("wrong_module");
563 
  setenv("module_dir",module_prefix,1); setvar("module_dir",module_prefix);
564 
  module_index();
10 reyssat 565 
}
566 
 
7673 bpr 567 
/* set up session_prefix. */
10 reyssat 568 
int set_session_prefix(void)
569 
{
12216 bpr 570 
  char *p, s[32];
10 reyssat 571 
 
12216 bpr 572 
  if(robot_access) {
573 
    mystrncpy(session_prefix,robot_session,sizeof(session_prefix));
574 
    mystrncpy(s2_prefix,robot_session,sizeof(session_prefix));
575 
    return 0;
576 
  }
577 
  p=getvar(ro_name[ro_session]);
578 
  if(p==NULL || *p==0) user_error("no_session");
7673 bpr 579 
/* same reason as for modules */
12216 bpr 580 
  if (strchr(p,'/')!=NULL || strstr(p,parent_dir_string)!=NULL
7673 bpr 581 
     || *find_word_end(p)!=0) user_error("wrong_session");
12216 bpr 582 
  mystrncpy(s,p,sizeof(s));
583 
  p=strchr(s,'.'); if(p!=NULL) *p=0;
584 
  mkfname(session_prefix,"%s/%s",session_dir,s);
585 
  p=strstr(session_prefix,"_mhelp"); if(p!=NULL) *p=0;
586 
  if(ftest(session_prefix)!=is_dir) return -1;
587 
  mkfname(s2_prefix,"%s/%s",s2_dir,s);
588 
  setenv("session_dir",session_prefix,1);
589 
  setenv("s2_dir",s2_prefix,1);
590 
  if(ftest(mkfname(NULL,"%s/.trap",s2_prefix))==is_file)
10 reyssat 591 
      user_error("trapped");
12216 bpr 592 
  return 0;
10 reyssat 593 
}
594 
 
7673 bpr 595 
/* check reserved name values in query_string */
10 reyssat 596 
void parse_ro_names(void)
597 
{
12216 bpr 598 
  int i;
599 
  char *cmd, *p;
600 
  char sesbuf[64];
601 
  create:
602 
  cmd=getvar(ro_name[ro_cmd]);
603 
  if(cmd==NULL || *cmd==0) user_error("no_command");
604 
  for(i=0;i<CMD_NO;i++) if(strcmp(cmd,commands[i])==0) break;
605 
  if(i>=CMD_NO) user_error("bad_command");
606 
  cmd_type=i;
607 
  if(cmd_type == cmd_new) {
608 
    create_session();
609 
    if(set_session_prefix()==0) {
610 
      check_session();
611 
      set_module_prefix();
10 reyssat 612 
    }
12216 bpr 613 
    else goto redo;
614 
  }
615 
  if (set_session_prefix()==-1 || (cmd_type != cmd_new && check_session())) {
616 
    redo:
617 
    force_setvar(ro_name[ro_cmd],commands[cmd_new]);
618 
    if(strcmp(ro_name[ro_module],home_module)!=0) user_var_no=0;
7673 bpr 619 
     goto create;
12216 bpr 620 
  }
621 
  if(!new_session) create_pid();
622 
  session_serial++;
623 
  if(robot_access) session_serial=1;
624 
  snprintf(sesbuf,sizeof(sesbuf),"%d",session_serial);
625 
  force_setvar("wims_session_serial",sesbuf);
626 
  p=getvar(ro_name[ro_session]);
627 
  if(p==NULL || *p==0) internal_error("parse_ro_names(): bad session.\n");
628 
  mystrncpy(sesbuf,p,sizeof(sesbuf));
629 
  p=strchr(sesbuf+5,'.');
630 
  if(p!=NULL) *p=0;
631 
  mktmpdir(sesbuf);
632 
  if(!robot_access) {
633 
    setsesdir(sesbuf);
634 
    p=strchr(sesbuf,'_');
635 
    if(p!=NULL) force_setvar("wims_subsession",p);
636 
  }
637 
  snprintf(sesbuf+strlen(sesbuf),sizeof(sesbuf)-strlen(sesbuf),
7673 bpr 638 
          ".%d",session_serial);
12216 bpr 639 
  force_setvar(ro_name[ro_session],sesbuf);
640 
  if(cmd_type != cmd_new) set_module_prefix();
641 
  set_req_time();
642 
  if(robot_access) check_load(0);
643 
  else {
644 
    if(new_session) auth();
10 reyssat 645 
    else {
12216 bpr 646 
      p=getvar("wims_user"); if(p==NULL || *p==0) check_load(2);
10 reyssat 647 
    }
12216 bpr 648 
  }
649 
  if(cmd_type==cmd_help && open_working_file(&m_file,module_about_file)==0)
650 
    var_proc(NULL,0);
10 reyssat 651 
}
652 
 
653 
 
7673 bpr 654 
/* returns positive or 0 if var_def found, otherwise returns -1. */
10 reyssat 655 
int var_def_check(char *name)
656 
{
12216 bpr 657 
  char *p, nbuf[MAX_NAMELEN+1];
658 
  int i,tt;
7673 bpr 659 
 
12216 bpr 660 
  tt=-1;
661 
  for(p=name+strlen(name);p>name && myisdigit(*(p-1));p--)
662 
  ;
663 
  if(*p && *p!='0' && p>name) tt=atoi(p);
664 
  else p=name+strlen(name);
665 
  if(p>name+MAX_NAMELEN) p=name+MAX_NAMELEN;
666 
  memmove(nbuf,name,p-name); nbuf[p-name]=0;
667 
  i=search_list(var_def,defined_var_total,sizeof(var_def[0]),nbuf);
668 
  if(i<0) return -1;
669 
  while(i>0 && tt<var_def[i].beg && strcmp(nbuf,var_def[i-1].name)==0) i--;
670 
  while(i<defined_var_total-1 && tt>var_def[i].end &&
7673 bpr 671 
           strcmp(nbuf,var_def[i+1].name)==0) i++;
12216 bpr 672 
  if(tt<var_def[i].beg || tt>var_def[i].end) return -1;
673 
  return i;
10 reyssat 674 
}
675 
 
676 
int var_def_name(char *n, int v)
677 
{
12216 bpr 678 
  char *q, *r;
679 
  int j;
680 
  if(strlen(n)>=MAX_NAMELEN) module_error("defn_too_long");
681 
  var_def[v].name=n;
682 
  if((strncmp(n,wims_prefix,wpflen)==0 &&
683 
        (strncmp(n,"wims_priv_",strlen("wims_priv_"))==0 ||
684 
        search_list(internal_name,INTERNAL_NAME_NO,
7673 bpr 685 
               sizeof(internal_name[0]),n+wpflen)>=0)) ||
12216 bpr 686 
          search_list(ro_name,RO_NAME_NO,sizeof(ro_name[0]),n)>=0) {
687 
    setvar("wims_reserved_name",n);
688 
    module_error("name_is_reserved");
689 
  }
690 
  for(q=n;myisalnum(*q) || *q=='_'; q++);
691 
  if(q==n) {
692 
    illegal: setvar("wims_bad_name",n);
693 
    module_error("illegal_name");
694 
  }
8368 bpr 695 
 
12216 bpr 696 
  if(*q=='[') {
697 
    *q++=0; r=find_matching(q,']');
698 
    if(r==NULL) goto illegal;
699 
    *r=0; int i;
700 
    for(i=0;i<special_name_no && strcmp(q, special_name[i].name)!=0; i++);
701 
    if(i<special_name_no) j=special_name[i].value; else j=atoi(q);
702 
    if(j<1) j=1;
703 
    if(j>MAX_VAR_NUM) j=MAX_VAR_NUM;
704 
    var_def[v].beg=1; var_def[v].end=j;
705 
    return j;
706 
  }
707 
  if(*q) goto illegal;
708 
  for(r=q; r>n && myisdigit(*(r-1)); r--);
709 
  if(*r && *r!='0' && r>n) {
710 
    var_def[v].beg=var_def[v].end=atoi(r); *r=0;
711 
  }
712 
  else var_def[v].beg=var_def[v].end=-1;
713 
  return 1;
10 reyssat 714 
}
715 
 
716 
int var_def_allow(char *p, int v)
717 
{
12216 bpr 718 
  int i;
719 
  for(i=0;i<VAR_ALLOW_NO && strcasecmp(p,var_allow[i])!=0; i++);
720 
  if(i>=VAR_ALLOW_NO) module_error("bad_allow");
721 
  else var_def[v].allow=i;
722 
  return i;
10 reyssat 723 
}
724 
 
725 
int varsort(const void *p1, const void *p2)
726 
{
12216 bpr 727 
  int i; const struct VAR_DEF *pp1, *pp2;
728 
  pp1=p1; pp2=p2; i=strcmp(pp1->name,pp2->name);
729 
  if(i) return i; else return pp1->end - pp2->end;
10 reyssat 730 
}
731 
 
12381 bpr 732 
/* parse module's variable definitions */
10 reyssat 733 
void get_var_defs(void)
734 
{
12216 bpr 735 
  int i, j, k, v, add;
736 
  char *p, *p1, *wlist[MAX_VAR_NUM];
7673 bpr 737 
 
12216 bpr 738 
  defined_var_total=0;
739 
  if(read_module_file(var_def_file)!=0) return;
740 
  var_def_buf=m_file.textbuf;
741 
  for(m_file.l=v=add=0;v<MAX_VAR_NUM && m_file.l<m_file.linecnt;m_file.l++) {
742 
    if(m_file.lines[m_file.l].isstart!=1) continue;
743 
    p=find_word_start(m_file.lines[m_file.l].address);
744 
    if(*p==0 || *p==comment_prefix_char) continue;  /* empty or comment lines */
745 
    items2words(p);
746 
    if((p1=strchr(p,':'))!=NULL) {  /* new format */
747 
      *p1=' '; i=cutwords(p,wlist,MAX_VAR_NUM); if(i<=1) continue;
748 
      k=var_def_allow(wlist[0],v);
749 
      for(j=1;j<i && v<MAX_VAR_NUM;j++) {
750 
        add+=var_def_name(wlist[j],v); var_def[v].allow=k;
751 
        v++;
752 
      }
10 reyssat 753 
    }
12216 bpr 754 
    else {
755 
      i=cutwords(p,wlist,3); if(i<2) module_error("too_few_columns");
12381 bpr 756 
      add+=var_def_name(wlist[0],v);
757 
      var_def_allow(wlist[1],v);
12216 bpr 758 
      var_def[v].defined_in_parm=0;
759 
      v++;
760 
    }
761 
  }
12381 bpr 762 
  for(j=0;j<INTERNALDEF_NAME_NO;j++) {
763 
    add+=var_def_name(internaldef_name[j].name,v);
764 
    var_def[v].allow=internaldef_name[j].stat;
765 
    v++;
766 
  }
767 
 
12216 bpr 768 
  if(v>=MAX_VAR_NUM) module_error("too_many_variables");
769 
  defined_var_total=v;
770 
  qsort(var_def,v,sizeof(var_def[0]),varsort);
771 
  p=getvar(ro_name[ro_module]);
772 
  if(p==NULL || strncmp(p,"devel/",6)!=0) return;
773 
  for(v=1;v<defined_var_total;v++) {
774 
    if(strcmp(var_def[v].name,var_def[v-1].name)==0 &&
7673 bpr 775 
        var_def[v].beg<=var_def[v-1].end) {
12381 bpr 776 
      for(j=0;j<INTERNALDEF_NAME_NO;j++) {
777 
        if(strcmp(internaldef_name[j].name,var_def[v-1].name)==0){
778 
          setvar("wims_reserved_name",internaldef_name[j].name);
779 
          module_error("name_is_reserved");
780 
        }
781 
      }
12216 bpr 782 
      setvar("wims_bad_name",var_def[v].name);
783 
      module_error("multiple_declaration");
12381 bpr 784 
    }
12216 bpr 785 
  }
10 reyssat 786 
}
787 
 
7673 bpr 788 
/* returns 1 if hacked, else 0. */
10 reyssat 789 
int try_hack(char *var)
790 
{
12216 bpr 791 
  int i, al;
792 
  char vbuf[16];
793 
  i=var_def_check(var);
794 
  if(i<0) return 0;
795 
  al=var_def[i].allow;
796 
  if(al != var_allow_any) switch(cmd_type) {
797 
    case cmd_new:
798 
    case cmd_renew: {
799 
      if (al != var_allow_init && al != var_allow_config) return 0;
800 
      else break;
10 reyssat 801 
    }
12216 bpr 802 
    case cmd_config: {
803 
      if(al != var_allow_config) return 0;
804 
      else break;
805 
    }
806 
    case cmd_reply: {
807 
      if(al != var_allow_reply) return 0;
808 
      else break;
809 
    }
810 
    case cmd_help: {
811 
      if(al != var_allow_help) return 0;
812 
      else break;
813 
    }
814 
    default: return 0;
815 
  }
816 
  snprintf(vbuf,sizeof(vbuf),"%d",(int) irand(21));
817 
  var_hacking=1; setvar(var,vbuf); var_hacking=0;
818 
  return 1;
10 reyssat 819 
}
7673 bpr 820 
 
821 
/* set environ variables from last session save
822 
 * The session var file starts with variables which should not
823 
 * be restored. Variables which are restored follow a blank line. */
10 reyssat 824 
void set_vars_from_session(void)
825 
{
12216 bpr 826 
  char lbuf[MAX_LINELEN+1];
827 
  int i;
828 
  char *p;
10 reyssat 829 
 
12216 bpr 830 
  if(session_var_ready) memmove(&m_file,&svar_file,sizeof(WORKING_FILE));
831 
  else fopen_session_var_file("r");
12522 bpr 832 
  /* look for the first blank line. */
12216 bpr 833 
  for(i=0;i<m_file.linecnt && (m_file.lines[i].isstart==0 || m_file.lines[i].llen>0);i++);
834 
  for(i++;i<m_file.linecnt && m_file.lines[i].llen==0;i++);
835 
  if(i>=m_file.linecnt) return;
836 
  m_file.linepointer=i;
837 
  if(isdevelmodule && strstr(session_prefix,"_test")==NULL) isdevelmodule=0;
838 
  while(wgetline(lbuf,MAX_LINELEN, &m_file)!=EOF) {
839 
    p=strchr(lbuf,'=');
840 
    if(p==NULL || p<=lbuf || isspace(lbuf[0]) ) {
12522 bpr 841 
  /* this time it is corrupted var file */
12216 bpr 842 
      call_ssh("cat %s/var >%s/corrupt.var.bak",session_prefix,log_dir);
843 
      internal_error("get_vars_from_session(): corrupt session variable file.");
844 
    }
845 
    *p=0;p++;
12522 bpr 846 
    /* Here we suppose that nobody can tamper session variable
847 
     * file, and do not check variable names against module's
848 
     * definition file. Policy under reserve. */
849 
    /* We do not allow override though.
850 
     * Especially because reply variables should
851 
     * be preserved. */
12216 bpr 852 
    if(strncmp(lbuf,var_prefix,strlen(var_prefix))!=0)
853 
      setenv(lbuf,p,0);
854 
    else
855 
      if(lbuf[strlen(var_prefix)]!=0 && getvar(lbuf+strlen(var_prefix))==NULL) {
856 
        if(!isdevelmodule || !try_hack(lbuf+strlen(var_prefix))) {
7673 bpr 857 
          setvar(lbuf+strlen(var_prefix),p);
12216 bpr 858 
        }
859 
      }
860 
  }
861 
  close_working_file(&m_file,0);
10 reyssat 862 
}
863 
 
11104 bpr 864 
void start_tracefile(void)
865 
{
866 
  int i;
867 
  putc('\n',trace_file);
868 
  for(i=1; i<=2*trace_indent; i++) putc(' ',trace_file);
869 
  fprintf(trace_file,"%s:",m_file.filepath);
870 
  fflush(trace_file);
871 
  trace_indent++;
872 
}
873 
 
874 
void stop_tracefile(void)
875 
{
876 
  trace_indent--;
877 
}
878 
 
7673 bpr 879 
/* Initialize environment variables according to module's
880 
 * variable init or calculation file.
881 
 * init is only used when cmd=new or renew.
882 
 * Requires get_var_defs be run first. */
10 reyssat 883 
void var_proc(char *fname,int cache)
884 
{
12216 bpr 885 
  int  t;
886 
  char *p, tbuf[MAX_LINELEN+1];
10 reyssat 887 
 
12216 bpr 888 
  if(fname!=NULL && read_module_file(fname)) return;
889 
  if(untrust&6) get_var_privileges();
890 
  if (trace_file) start_tracefile();
891 
  while(m_file.linepointer<m_file.linecnt) {
892 
    if (trace_file) {fprintf(trace_file," %d",m_file.linepointer+1);
893 
      fflush(trace_file);
10 reyssat 894 
    }
12216 bpr 895 
    t=m_file.lines[m_file.linepointer].isstart;
896 
    if((t&~2)!=1 || m_file.lines[m_file.linepointer].llen==0) {
897 
      m_file.linepointer++; continue;
898 
    }
899 
    wgetline(tbuf,MAX_LINELEN,&m_file); substnest=0;
900 
    p=find_word_start(tbuf); if(*p==0) continue;
901 
    if((t&2)!=0) exec_main(p+1);
902 
    else exec_set(p);
903 
  }
904 
  if (trace_file) stop_tracefile();
905 
  close_working_file(&m_file,cache);
10 reyssat 906 
}
907 
 
7673 bpr 908 
/* Deposit the content of wims_deposit into a file */
10 reyssat 909 
void var_deposit(char *p)
910 
{
12216 bpr 911 
  char fn[MAX_FNAME+1];
912 
  int l,fd;
913 
  if(!trusted_module()) return;
914 
  if(deplen>0) l=deplen; else {
915 
    while(isspace(*p)) p++;
916 
    l=strlen(p);
917 
  }
918 
  if(l<=0) return;
919 
  if(l>MAX_DEPOSITLEN) l=MAX_DEPOSITLEN; /* silent truncation, should not occur */
920 
  mkfname(fn,"%s/user-deposit",session_prefix);
921 
  fd=creat(fn,S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); if(fd==-1) return;
922 
  write(fd,p,l); close(fd);
12455 bpr 923 
  snprintf(fn,sizeof(fn),"%u",l); setvar("wims_deposit_len",fn);
10 reyssat 924 
}
925 
 
7673 bpr 926 
/* Check and set variables passed in query_string */
10 reyssat 927 
void set_vars_from_parm(void)
928 
{
12216 bpr 929 
  int i,j,al;
930 
  char *s, vbuf[MAX_LINELEN+1];
931 
  if(forceresume) return;
932 
  for(i=0; i<user_var_no; i++) {
933 
    j=var_def_check(user_variable[i].name);
934 
    if(j<0) continue;
12381 bpr 935 
    /* check permissions */
12216 bpr 936 
    al=var_def[j].allow;
937 
    if(al != var_allow_any) switch(cmd_type) {
938 
      case cmd_new:
939 
      case cmd_renew:
940 
        if (al != var_allow_init && al != var_allow_config) {
7673 bpr 941 
violat:        /* setvar(error_data_string,user_variable[i].name);
942 
              user_error("allow_violation"); */
12216 bpr 943 
          goto loopend;
944 
        }
945 
      break;
10 reyssat 946 
 
12216 bpr 947 
      case cmd_config:
948 
      if(al != var_allow_config) goto violat;
949 
      break;
7673 bpr 950 
 
12216 bpr 951 
      case cmd_reply:
952 
        if(al != var_allow_reply) goto violat;
953 
        break;
7673 bpr 954 
 
12216 bpr 955 
      case cmd_help:
956 
        if(al != var_allow_help) goto violat;
957 
        break;
7673 bpr 958 
 
12216 bpr 959 
      default: goto violat;
10 reyssat 960 
    }
12216 bpr 961 
    var_def[j].defined_in_parm=1;
962 
    if(strcmp(user_variable[i].name,"wims_deposit")==0) {
963 
      var_deposit(user_variable[i].value); continue;
964 
    }
965 
    mystrncpy(vbuf,user_variable[i].value,sizeof(vbuf));
966 
    if(strchr(vbuf,'$')!=NULL) {
967 
      char *p;
968 
      while((p=strchr(vbuf,'$'))!=NULL)
969 
        string_modify(vbuf,p,p+1,"&#36;");
970 
    }
971 
    s=getvar(user_variable[i].name);
972 
    if(s==NULL || *s==0) setvar(user_variable[i].name, vbuf);
973 
    else {  /* concatenate */
974 
      int k;
975 
      k=strlen(s)+strlen(vbuf);
976 
      if(k>=MAX_LINELEN-2) user_error("string_too_long");
977 
      snprintf(tmplbuf,sizeof(tmplbuf),"%s, %s",s,vbuf);
978 
      setvar(user_variable[i].name, tmplbuf);
979 
    }
980 
    loopend: ;
981 
  }
10 reyssat 982 
}
983 
 
7673 bpr 984 
/* parms to be eliminated from module_init_parm */
10 reyssat 985 
/* char *init_elim[]={
986 
    "module","cmd","session","lang","worksheet","wims_access","useropts"
987 
};
988 
#define init_elim_no (sizeof(init_elim)/sizeof(init_elim[0]))
989 
*/
990 
 
991 
void elim_parm(char *str, char *parm)
992 
{
12216 bpr 993 
  char *p1, *p2;
994 
  for(p1=strstr(str,parm);p1!=NULL;p1=strstr(p1+1,parm)) {
995 
    if( (p1>str && *(p1-1)!='&') || *(p1+strlen(parm))!='=')
996 
      continue;
997 
    p2=strchr(p1,'&');
998 
    if(p2==NULL) {
999 
      if(p1>str) *(p1-1)=0; else *p1=0;
1000 
      return;
10 reyssat 1001 
    }
12216 bpr 1002 
    ovlstrcpy(p1,p2+1); p1--;
1003 
  }
10 reyssat 1004 
}
1005 
 
12011 bpr 1006 
/* eliminate technical definitions form parameter string
1007 
 * that is parameters from the list RO_NAMES
1008 
 */
10 reyssat 1009 
void prep_init_parm(char rqv[])
1010 
{
12216 bpr 1011 
  int i;
1012 
  char *p;
10 reyssat 1013 
 
12216 bpr 1014 
  for(p=strstr(rqv,"&+"); p!=NULL; p=strstr(++p,"&+"))
1015 
    ovlstrcpy(p+1,p+2);
1016 
  for(i=0;i<RO_NAME_NO;i++) elim_parm(rqv,ro_name[i]);
1017 
  if(strlen(rqv)>=MAX_LINELEN) rqv[0]=0;
1018 
  while(rqv[0]=='&') ovlstrcpy(rqv,rqv+1);
1019 
  while(rqv[0]!=0 && rqv[strlen(rqv)-1]=='&') rqv[strlen(rqv)-1]=0;
10 reyssat 1020 
}
1021 
 
7673 bpr 1022 
/* retain initializing parameters, for use in user references */
10 reyssat 1023 
void set_init_parm(void)
1024 
{
12216 bpr 1025 
  char *rq, rqv[MAX_LINELEN*2+2], *u, *sh, *seedr, *exotrymax;
1026 
  char *shname;
1027 
  int public_sheet;
10 reyssat 1028 
 
12216 bpr 1029 
  if(isexam) return;
1030 
  force_setvar("wims_sheet",""); force_setvar("wims_exo","");
1031 
  rq=getenv("QUERY_STRING");
1032 
  if(rq==NULL || *rq==0) {
1033 
    empty:
1034 
    setvar("module_init_parm",""); return;
1035 
  }
1036 
  if(strlen(rq)>=MAX_LINELEN*2) goto empty;
1037 
  _http2env(rqv,rq); prep_init_parm(rqv);
1038 
  setvar("module_init_parm",rqv); public_sheet=0;
12295 bpr 1039 
/* seedrepeat=1 or an integer
1040 
  must be in the url and seedrepeat
12273 bpr 1041 
  in the var.def of the module to be used */
12216 bpr 1042 
  seedr=getvar("seedrepeat");
1043 
  force_setvar("wims_seed_repeat",seedr);
1044 
  exotrymax=getvar("exotrymax");
1045 
  force_setvar("wims_exotrymax",exotrymax);
7673 bpr 1046 
/* now determine the sheet number for user */
12216 bpr 1047 
  sh=getvar(ro_name[ro_worksheet]); if(sh==NULL) return;
1048 
  if(*sh=='P') {public_sheet=1; sh++;}
1049 
  shname="sheet";
1050 
  u=getvar("wims_user"); if(u==NULL) u="";
1051 
  if(sh!=NULL && *sh!=0) {
1052 
    char buf[MAX_LINELEN+1],ubuf[32], nbuf[1024], *c, *m;
1053 
    char *p1,*p2,*p3,*p4,*p5;
1054 
    int i,j,sheet;
1055 
    sheet=atoi(sh); if(sheet<=0 || sheet>256) return;
1056 
    m=getvar(ro_name[ro_module]);
1057 
    if(m==NULL) internal_error("set_init_parm(): module name disapears.");
1058 
    if(*u==0) public_sheet=1;
1059 
    if(!public_sheet) {
1060 
      c=getvar("wims_class"); if(c==NULL) c="";
1061 
      snprintf(nbuf,sizeof(nbuf),"%s/sheets/.%s%d",
7673 bpr 1062 
               class_dir,shname,sheet);
12216 bpr 1063 
    }
1064 
    else {
1065 
      char bf[MAX_LINELEN+1];
1066 
      int i;
1067 
      accessfile(bf,"r","%s/.sheets",session_prefix);
1068 
      if(bf[0]==0) return;
1069 
      for(i=1, p1=bf;i<sheet;i++,p1=p2) {
1070 
        p2=strchr(p1,'\n');
1071 
        if(p2!=NULL) *p2++=0; else p2=p1+strlen(p1);
1072 
      }
1073 
      p2=strchr(p1,'\n'); if(p2) *p2=0;
1074 
      snprintf(nbuf,sizeof(nbuf),"bases/sheet/%s.def",p1);
1075 
    }
1076 
    if(readfile(nbuf,buf,sizeof(buf))==NULL) return;
1077 
    for(p1=strstr(buf,"&+");p1!=NULL;p1=strstr(++p1,"&+"))
1078 
      ovlstrcpy(p1+1,p1+2);
1079 
    if(strncmp(m,"classes/",strlen("classes/"))==0) {
1080 
      m="classes/";
1081 
      for(p1=strstr(buf,":classes/");p1;p1=strstr(p1+1,":classes/")) {
1082 
        if(p1==buf || *(p1-1)=='\n') {
1083 
          p1+=strlen(":classes/");
1084 
          p2=find_word_end(p1); if(p2>p1 && *p2=='\n') ovlstrcpy(p1,p2);
1085 
        }
1086 
      }
1087 
    }
1088 
    snprintf(nbuf,sizeof(nbuf),":%s\n%s\n",m,rqv);
1089 
    p1=strstr(buf,nbuf);
1090 
    while(p1>buf && *(p1-1)!='\n') p1=strstr(p1+1,nbuf);
1091 
    if(p1!=NULL) {
1092 
      p2=strchr(buf,':');
1093 
      while(p2>buf && *(p2-1)!='\n') p2=strchr(p2+1,':');
1094 
      for(i=1;p2!=NULL && p2<p1;i++) {
1095 
        p2=strchr(p2+1,':');
1096 
        while(p2>buf && *(p2-1)!='\n') p2=strchr(p2+1,':');
1097 
      }
1098 
      if(p2==NULL) return; /* error which should not occur */
1099 
      snprintf(ubuf,sizeof(ubuf),"%d",i);
7673 bpr 1100 
/* look for dependency information */
12216 bpr 1101 
      for(j=0, p3=strchr(p1+strlen(nbuf),'\n');
1102 
      j<3 && p3 && *(p3+1)!=':';
1103 
      j++, p3=strchr(p3+1,'\n'));
1104 
      if(j>=3 && p3!=NULL && *(p3+1)!=':') {
1105 
        p3++; p4=strchr(p3,'\n');
1106 
        if(p4) {
1107 
          *p4++=0;
1108 
          if(*p4!=':') { /* options */
1109 
            p5=strchr(p4,'\n'); if(p5) *p5=0;
1110 
            force_setvar("wims_exoption",p4);
7673 bpr 1111 
          }
12216 bpr 1112 
        }
1113 
        p3=find_word_start(p3); strip_trailing_spaces(p3);
7673 bpr 1114 
/* non-empty dependency information */
12216 bpr 1115 
        if(*p3 && !public_sheet) {
1116 
          exodepOK=depcheck(sh,i,p3);
1117 
          if(!exodepOK) setvar("wims_exodep","pending");
1118 
        }
1119 
      }
1120 
      if(public_sheet) {
1121 
        char bf[32];
1122 
        snprintf(bf,16,"P%s",sh);
1123 
        force_setvar("wims_sheet",bf);
1124 
      }
1125 
      else force_setvar("wims_sheet",sh);
1126 
      force_setvar("wims_exo",ubuf);
1127 
      wims_sheet=sheet; wims_exo=i;
10 reyssat 1128 
    }
12216 bpr 1129 
  }
10 reyssat 1130 
}
1131 
 
7673 bpr 1132 
/* user with class: whether exercise is registered
1133 
 * Returns 1 if got, 0 otherwise. */
10 reyssat 1134 
int get_parmreg(void)
1135 
{
12216 bpr 1136 
  char *p, *cl, *u, nbuf[MAX_FNAME+1];
1137 
  struct stat st;
10 reyssat 1138 
 
12216 bpr 1139 
  u=getvar("wims_user"); cl=getvar("wims_class");
1140 
  if(u==NULL || cl==NULL || *u==0 || *cl==0 || strcmp(u,"supervisor")==0
10 reyssat 1141 
       || wims_sheet<=0 || wims_exo<=0) return 0;
12216 bpr 1142 
  mkfname(nbuf,"%s/.parmreg/%s.%d.%d", class_dir,u,wims_sheet,wims_exo);
12381 bpr 1143 
  p=getvar("wims_scorereg");
1144 
  if(p!=NULL && strcmp(p,"suspend")==0) {
12216 bpr 1145 
    unlink(nbuf); return 0;
1146 
  }
1147 
  if(stat(nbuf,&st)) return 0;
12455 bpr 1148 
  /* latency is 10 min. */
12216 bpr 1149 
  if(st.st_mtime<nowtime-600 || st.st_mtime > nowtime) {
7673 bpr 1150 
     unlink(nbuf); return 0;
12216 bpr 1151 
  }
1152 
  if(open_working_file(&m_file,nbuf)!=0) return 0;
1153 
  mkfname(m_file.name,"parmreg/%s.%d.%d",u,wims_sheet,wims_exo);
1154 
  while(wgetline(tmplbuf,MAX_LINELEN, &m_file)!=EOF) {
1155 
    p=strchr(tmplbuf,'=');
1156 
    if(p==NULL || p<=tmplbuf || isspace(tmplbuf[0]) )
12455 bpr 1157 
      /* this time it is corrupted var file */
12216 bpr 1158 
      internal_error("get_parmreg(): corrupt parmreg file.");
13381 bpr 1159 
    *p=0;p++;
1160 
    if(strncmp(tmplbuf,var_prefix,strlen(var_prefix))!=0) setenv(tmplbuf,p,1);
1161 
    else if(tmplbuf[strlen(var_prefix)]!=0) force_setvar(tmplbuf+strlen(var_prefix),p);
12216 bpr 1162 
  }
1163 
  parm_restore=1;
1164 
  close_working_file(&m_file,0); return 1;
10 reyssat 1165 
}
1166 
 
12828 bpr 1167 
/* reset seed according to the values of
1168 
  wims_seed_repeat and wims_seed_score
12363 bpr 1169 
*/
12828 bpr 1170 
/* for non registered users or suspended score,
1171 
  save some variables wims_seedcnt and seedlastcnt in sessions/xxx/var
1172 
*/
12011 bpr 1173 
void reset_seed (void) {
12363 bpr 1174 
  char *p, *seedr, buf[64], *sh, *ex, *tseed, *seedcnt, *seedlastcnt;
12373 bpr 1175 
  char *mp=getvar("module");
12363 bpr 1176 
  sh=getvar("wims_sheet"); ex=getvar("wims_exo");
12216 bpr 1177 
  seedr=getvar("wims_seed_repeat");
12522 bpr 1178 
  /* number of seeds during the sessions only used for unregistered */
12363 bpr 1179 
  seedcnt=getvar("wims_seedcnt");
1180 
  if(seedcnt==NULL || *seedcnt==0) {
1181 
    force_setvar("wims_seedcnt","0");
1182 
    seedcnt=getvar("wims_seedcnt");
1183 
  }
12828 bpr 1184 
  /* number of tries with the actual seed only used for unregistered
1185 
    or score suspended */
12363 bpr 1186 
  seedlastcnt=getvar("wims_seedlastcnt");
1187 
  if(seedlastcnt==NULL || *seedlastcnt==0) {
12374 bpr 1188 
    force_setvar("wims_seedlastcnt","0");
12363 bpr 1189 
    seedlastcnt=getvar("wims_seedlastcnt");
1190 
  }
12990 bpr 1191 
  if(seedr!=NULL && atoi(seedr)>0) { /* seedrepeat>1 */
12216 bpr 1192 
    p=getvar("wims_seed_score");
12273 bpr 1193 
    if(evalue(p)>=10){
12216 bpr 1194 
      seed_time(); force_setvar("wims_seed_score",NULL);
12816 bpr 1195 
      snprintf(buf,sizeof(buf), "%d", atoi(seedcnt)+1);
1196 
      force_setvar("wims_seedcnt",buf);
12818 bpr 1197 
      seedcnt=getvar("wims_seedcnt");
12363 bpr 1198 
      force_setvar("wims_seedlastcnt","0");
1199 
      seedlastcnt=getvar("wims_seedlastcnt");
12011 bpr 1200 
    }
12374 bpr 1201 
    else { /* score < 10 */
12828 bpr 1202 
      /* is score suspended by the student ? */
1203 
      char *screg=getvar("wims_scorereg");
1204 
      /* is score suspended by the supervisor ? */
1205 
      int scregs=0;
1206 
      if(sh!=NULL && *sh!=0)
1207 
        scregs=getscorestatus(getvar("wims_class"),atoi(sh));
1208 
      if(sh!=NULL && *sh!=0 && ex!=NULL && *ex!=0
1209 
          && (screg==NULL || strcmp(screg,"suspend")!=0)
1210 
          && (scregs==1)){
1211 
        /* the case of a supervisor looking at the sheet is not treated */
12280 bpr 1212 
        tseed=getseedscore(getvar("wims_class"), getvar("wims_user"), atoi(sh), atoi(ex));
12302 bpr 1213 
        if( tseed!=0 ) {
12273 bpr 1214 
          mystrncpy(buf, tseed,sizeof(buf));
1215 
          force_setvar("wims_seed",buf);
1216 
        }
12834 bpr 1217 
        else seed_time();
12374 bpr 1218 
      }
12828 bpr 1219 
      else { /* non registered or score suspended
1220 
          and seedrepeat>1 and score <10 */
12834 bpr 1221 
        if (cmd_type==cmd_new ||cmd_type==cmd_renew) {
12835 bpr 1222 
          snprintf(buf,sizeof(buf),"%d",atoi(seedlastcnt)+1);
1223 
          force_setvar("wims_seedlastcnt",buf);
1224 
          seedlastcnt=getvar("wims_seedlastcnt");
1225 
          if(atoi(seedlastcnt) >= atoi(seedr)){
12834 bpr 1226 
            seed_time();
1227 
            if(strcmp(mp,home_module)!=0 && cmd_type!=cmd_intro){
1228 
              snprintf(buf,sizeof(buf),"%d",0);
1229 
              force_setvar("wims_seedlastcnt",buf);
1230 
              seedlastcnt=getvar("wims_seedlastcnt");
1231 
              snprintf(buf,sizeof(buf),"%d",atoi(seedcnt)+1);
1232 
              force_setvar("wims_seedcnt",buf);
1233 
              seedcnt=getvar("wims_seedcnt");
1234 
            }
1235 
            else {
1236 
              force_setvar("wims_seedcnt","0");
1237 
              force_setvar("wims_seedlastcnt","0");
1238 
            }
12373 bpr 1239 
          }
12363 bpr 1240 
        }
12273 bpr 1241 
      }
1242 
    }
12216 bpr 1243 
  }
12363 bpr 1244 
  else {// no seedrepeat
1245 
    seed_time();
12373 bpr 1246 
    if (cmd_type==cmd_reply && strcmp(mp,home_module)!=0){
12816 bpr 1247 
      snprintf(buf,sizeof(buf),"%d",atoi(seedcnt)+1);
1248 
      force_setvar("wims_seedcnt",buf);
12828 bpr 1249 
      seedcnt=getvar("wims_seedcnt");
12374 bpr 1250 
      force_setvar("wims_seedlastcnt","0");
12372 bpr 1251 
    }
12373 bpr 1252 
    else {
1253 
      if (strcmp(mp,home_module)==0 || cmd_type==cmd_intro) {
1254 
        force_setvar("wims_seedcnt","0");
12374 bpr 1255 
        force_setvar("wims_seedlastcnt","0");
12373 bpr 1256 
      }
1257 
    }
12363 bpr 1258 
  }
12216 bpr 1259 
  p=getvar("wims_seed");
1260 
  if(p!=NULL && (cmd_type==cmd_new || cmd_type==cmd_renew || cmd_type==cmd_next)){
1261 
    mystrncpy(buf,p,sizeof(buf)); setenv("tmp_seed",buf,1);
1262 
    exec_setseed(buf);
1263 
  }
12011 bpr 1264 
}
1265 
 
7673 bpr 1266 
/* set environment variables */
10 reyssat 1267 
void set_variables(void)
1268 
{
12216 bpr 1269 
  outputing=0; readnest=0;
1270 
  get_var_defs();
1271 
  set_vars_from_parm();
1272 
  if(cmd_type != cmd_new && cmd_type != cmd_renew) {
1273 
    set_vars_from_session();
12522 bpr 1274 
    if(cmd_type==cmd_next) reset_seed();
12216 bpr 1275 
  }
1276 
  else {
1277 
    set_init_parm();
1278 
    reset_seed();
1279 
    if(wims_sheet>0 && get_parmreg()) {
1280 
      cmd_type=cmd_resume; force_setvar("cmd","resume");
1281 
      var_proc(main_var_proc_file,0); return;
12011 bpr 1282 
    }
12216 bpr 1283 
    checkrafale();
1284 
    var_proc(var_init_file,0);
1285 
  }
12011 bpr 1286 
/* check_var_bounds(); */
12216 bpr 1287 
  var_proc(main_var_proc_file,0);
10 reyssat 1288 
}
1289 
 
7673 bpr 1290 
/* Output a phtml file. */
10 reyssat 1291 
void phtml_put(char *fname,int cache)
1292 
{
12216 bpr 1293 
  int t;
1294 
  char tbuf[MAX_LINELEN+1];
10 reyssat 1295 
 
12216 bpr 1296 
  outputing=1;
10 reyssat 1297 
     /* File not found; we give empty output, but no error message. */
12216 bpr 1298 
  if(fname!=NULL && read_module_file(fname)!=0) return;
1299 
  if(untrust&6) get_var_privileges();
1300 
  if (trace_file) start_tracefile();
1301 
  while(m_file.linepointer<m_file.linecnt) {
12223 bpr 1302 
    if (trace_file) {
1303 
      fprintf(trace_file," %d",m_file.linepointer+1);
1304 
      fflush(trace_file);
12225 bpr 1305 
    }
12216 bpr 1306 
    t=m_file.lines[m_file.linepointer].isstart;
1307 
    if((t&~18)!=1) {m_file.linepointer++; continue;}
1308 
    wgetline(tbuf,MAX_LINELEN,&m_file); substnest=0;
1309 
    if((t&2)!=0) {exec_main(tbuf+1); continue;}
1310 
    substit(tbuf); output0(tbuf); _output_("\n");
1311 
  }
1312 
  if (trace_file) stop_tracefile();
1313 
  close_working_file(&m_file,cache);
10 reyssat 1314 
}
1315 
 
7673 bpr 1316 
/* output a file in base html directory. Internal use only. */
10 reyssat 1317 
void phtml_put_base(char *fname,int cache)
1318 
{
12216 bpr 1319 
  WORKING_FILE save;
1320 
  char modsave[MAX_FNAME+1];
1321 
  memmove(&save,&m_file,sizeof(WORKING_FILE));
1322 
  mystrncpy(modsave,module_prefix,sizeof(modsave));
1323 
  ovlstrcpy(module_prefix,"html");
1324 
  phtml_put(fname,cache);
1325 
  mystrncpy(module_prefix,modsave,sizeof(module_prefix));
1326 
  memmove(&m_file,&save,sizeof(WORKING_FILE));
10 reyssat 1327 
}
1328 
 
7673 bpr 1329 
/* Read main.phtml, process it, and write to stdout. */
10 reyssat 1330 
void main_phtml_put(char *mname)
1331 
{
12216 bpr 1332 
  char *p, buf[1024], txbuf[256], dirnbuf[256], bgbuf[256], spfbuf[256], ebuf[256];
12357 obado 1333 
  char *bcolor, *refcolor, *bg, *tx, *dirn, *vlink, *link, *hlink, *spf ;
12216 bpr 1334 
  define_html_header(); readnest=0;
1335 
  nph_header(200);
1336 
  p=getvar("wims_backslash_insmath");
1337 
  if(p!=NULL && strcasecmp(p,"yes")==0) backslash_insmath=1;
1338 
  p=getvar("wims_expire");
1339 
  if(p!=NULL) p=strstr(p,"no-cache");
13359 obado 1340 
  if(p!=NULL) _output_("Cache-Control: no-cache, no-store, must-revalidate\r\n");
11726 bpr 1341 
/* expiration date */
12216 bpr 1342 
  if(mode==mode_default) {
1343 
    if(!robot_access && (cmd_type!=cmd_intro || p!=NULL)) {
1344 
      char *expir="Sat, 26 Jul 1990 05:00:00 GMT";
1345 
      snprintf(ebuf,sizeof(ebuf),"%s",expir);
1346 
    }
1347 
    else {
11726 bpr 1348 
/* expiration in 10 days for robot access or intro page. */
12216 bpr 1349 
      time_t t=nowtime+(long) 10*24*3600;
1350 
      { struct tm *tt = localtime(&t);
1351 
        strftime(ebuf,sizeof(ebuf),"%a, %d %b %Y %T GMT", tt);
11726 bpr 1352 
      }
1353 
    }
12216 bpr 1354 
    strip_trailing_spaces(ebuf);
1355 
    output("Expires:%s\r\n",ebuf);
1356 
  }
11726 bpr 1357 
 
12216 bpr 1358 
  output("Server: %s %s (%s)\n", SHORTSWNAME,wims_version,LONGSWNAME);
1359 
  if(!robot_access && strcasecmp(usecookie,"yes")==0 && setcookie
10 reyssat 1360 
       && mode!=mode_popup) {
12216 bpr 1361 
    if(cookieset[0]==0) {
1362 
      p=getvar("wims_sescookie");
1363 
      if(p!=NULL && *p!=0) mystrncpy(cookieset,p,sizeof(cookieset));
1364 
    }
15276 obado 1365 
     output("Set-Cookie: %s%s;SameSite=Strict; path=/\r\n",cookieheader,cookieset);
12216 bpr 1366 
  }
1367 
  p=getvar("wims_main_font");
1368 
  if(p!=NULL && *p!=0) output("Content-type: text/html; charset=%s\r\n\r\n",p);
1369 
  else _output_("Content-type: text/html\r\n\r\n");
12357 obado 1370 
 
12216 bpr 1371 
  bcolor=getvar("wims_bgcolor");
1372 
  if(bcolor==NULL || *bcolor==0) bcolor=bgcolor;
12357 obado 1373 
 
12216 bpr 1374 
  link=getvar("wims_link_color");
1375 
  if(link==NULL || *link==0) link="blue";
12357 obado 1376 
 
12216 bpr 1377 
  vlink=getvar("wims_vlink_color");
1378 
  if(vlink==NULL || *vlink==0) vlink="blue";
12357 obado 1379 
 
1380 
  hlink=getvar("wims_hlink_color");
1381 
  if(hlink==NULL || *hlink==0) vlink="red";
1382 
 
12216 bpr 1383 
  refcolor=getvar("wims_ref_bgcolor");
1384 
  if(refcolor==NULL || *refcolor==0) {
1385 
    setvar("wims_ref_bgcolor","white");
1386 
    refcolor="white";
1387 
  }
12357 obado 1388 
 
12216 bpr 1389 
  bg=getvar("wims_bgimg"); bgbuf[0]=0;
1390 
  if(bg!=NULL && *bg!=0 && strchr(bg,'\"')==NULL) {
1391 
    if(strchr(bg,'/')==NULL)
1392 
      snprintf(bgbuf,sizeof(bgbuf),"background-image: url(\"gifs/bg/%s\");",bg);
7673 bpr 1393 
     else
12216 bpr 1394 
      snprintf(bgbuf,sizeof(bgbuf),"background-image: url(\"%s\");",bg);
1395 
  }
1396 
  setvar("wims_bodyimg",bgbuf);
1397 
  tx=getvar("wims_textcolor");
1398 
  if(tx!=NULL && *tx!=0 && strchr(tx,'\"')==NULL) {
1399 
    snprintf(txbuf,sizeof(txbuf),"color:%s;",tx);
1400 
  }
1401 
  else txbuf[0]=0;
6178 bpr 1402 
   /* special fonts defined in special_font -should also take the value specialfont in wims.conf */
12216 bpr 1403 
  if(spec_font==1){
1404 
    spf=getvar("wims_specialfont");
1405 
    if(spf!=NULL && *spf!=0) { snprintf(spfbuf,sizeof(spfbuf),"%s",spf);}
1406 
    else { snprintf(spfbuf,sizeof(spfbuf),"%s",special_font); }
1407 
    setvar("wims_special_font",spfbuf);
1408 
  }
12816 bpr 1409 
  dirn=getvar("wims_main_dirn"); /* "rtl" for arabic writing ; on pourrait laisser vide pour les autres ? */
12216 bpr 1410 
  if(dirn!=NULL && *dirn!=0 && strchr(dirn,'\"')==NULL) {
1411 
    snprintf(dirnbuf,sizeof(dirnbuf),"dir=\"%s\"",dirn);
1412 
  }
1413 
  else dirnbuf[0]=0;
15005 obado 1414 
  if(mode==mode_popup) {
1415 
    snprintf(buf,sizeof(buf), "class=\"main_body mode_popup\" %s", dirnbuf);
1416 
  }else{
1417 
    snprintf(buf,sizeof(buf), "class=\"main_body\" %s",dirnbuf);
1418 
  }
12216 bpr 1419 
  setvar("wims_htmlbody",buf);
1420 
  phtml_put(mname,0);
10 reyssat 1421 
}
1422 
 
1423 
void _write_var(char *name, FILE *varf,int user,int skip)
1424 
{
12216 bpr 1425 
  char *s, buf[MAX_NAMELEN+9], nbf[MAX_NAMELEN+9];
10 reyssat 1426 
 
12216 bpr 1427 
  if((user&2)!=0) {
1428 
    snprintf(nbf,sizeof(nbf),"%s%s",wims_prefix,name); name=nbf;
1429 
  }
1430 
  if((user&1)!=0) {
1431 
    snprintf(buf,sizeof(buf),"%s%s",var_prefix,name); s=_getvar(name);
1432 
  }
1433 
  else {
1434 
    mystrncpy(buf,name,sizeof(buf)); s=getenv(name);
1435 
  }
1436 
  if(s==NULL) s="";
1437 
  if(skip && *s==0) return;
1438 
  fprintf(varf,"%s=",buf);
1439 
  if(strchr(s,'\n')==NULL) fputs(s,varf);
1440 
  else
1441 
    while(*s) {
1442 
      if(*s=='\n') fputc('\\',varf);
7673 bpr 1443 
       fputc(*s,varf); s++;
10 reyssat 1444 
    }
12216 bpr 1445 
  fputc('\n',varf);
10 reyssat 1446 
}
1447 
 
1448 
void _write_vars(FILE *varf)
1449 
{
12216 bpr 1450 
  int i,j,k;
1451 
  char nbuf[MAX_NAMELEN+1];
1452 
  for(i=0;i<defined_var_total;i++) {
1453 
    if(var_def[i].beg>=0) {
1454 
      if(var_def[i].end<=var_def[i].beg) {
1455 
        snprintf(nbuf,sizeof(nbuf),"%s%d",var_def[i].name,var_def[i].beg);
1456 
        _write_var(nbuf,varf,1,1);
1457 
      }
1458 
      else {
1459 
        char *pbuf[MAX_VAR_NUM];
1460 
        j=varsuite(var_def[i].name,var_def[i].beg,var_def[i].end,pbuf,MAX_VAR_NUM);
1461 
        for(k=0;k<j;k++) _write_var(pbuf[k],varf,1,1);
1462 
      }
10 reyssat 1463 
    }
12216 bpr 1464 
    else _write_var(var_def[i].name,varf,1,1);
1465 
  }
10 reyssat 1466 
}
1467 
 
7673 bpr 1468 
/* save exercise parm for registered users */
10 reyssat 1469 
void save_parmreg(void)
1470 
{
12216 bpr 1471 
  char *p, *u, *sh, *ex, nbuf[MAX_FNAME+1], dbuf[MAX_FNAME+1];
1472 
  int s;
1473 
  FILE *varf;
10 reyssat 1474 
 
12216 bpr 1475 
  if(cmd_type!=cmd_reply && cmd_type!=cmd_new && cmd_type!=cmd_renew)
1476 
    return;
1477 
  u=getvar("wims_user");
1478 
  if(class_dir[0]==0 || *u==0) return;
1479 
  sh=getvar("wims_sheet"); ex=getvar("wims_exo");
1480 
  if(sh==NULL || ex==NULL || *sh==0 || *ex==0) return;
12494 bpr 1481 
  mkfname(nbuf,"%s/.parmreg/%s.%s.%s", class_dir,u,sh,ex);
12216 bpr 1482 
  if(cmd_type==cmd_reply) {
1483 
    unlink(nbuf); return;
1484 
  }
1485 
  p=getvar("wims_scorereg");
1486 
  if(p!=NULL && strcmp(p,"suspend")==0) return;
7673 bpr 1487 
/* these two lines must be before random factor
1488 
 * in order to set variable wims_scoring */
12216 bpr 1489 
  s=atoi(sh); if(getscorestatus(getvar("wims_class"),s)==0) return;
1490 
  if(strcmp(u,"supervisor")==0) return;
7673 bpr 1491 
/* 0.2 is random factor to trigger exercise parm register */
8949 bpr 1492 
/*    return;*/
12508 bpr 1493 
 // if((double) random()<(double) RAND_MAX*0.2){ }
12494 bpr 1494 
  return;
12216 bpr 1495 
  mkfname(dbuf,"%s/.parmreg",class_dir);
1496 
  mkdirs(dbuf); varf=fopen(nbuf,"w"); if(varf==NULL) return;
1497 
  _write_var("module_init_parm",varf,1,0);
1498 
  _write_var("wims_sheet",varf,1,1);
1499 
  _write_var("wims_exo",varf,1,1);
1500 
  _write_var("wims_scoring",varf,1,1);
1501 
  _write_var("wims_seed",varf,1,1);
1502 
  _write_vars(varf);
1503 
  fclose(varf);
10 reyssat 1504 
}
1505 
 
1506 
void exolog(char *fname)
1507 
{
12216 bpr 1508 
  FILE *varf, *varg;
1509 
  int c;
1510 
  char logftmp[MAX_FNAME+1], *sess;
4639 guerimand 1511 
 
1512 
/* add by FG to put w_module_score at the top of the file */
12216 bpr 1513 
  if ((getenv("w_module_score"))!=NULL )
1514 
  {
1515 
    sess=getvar("wims_session");
1516 
    mkfname(logftmp,"%s/%s/.tmp%lu",s2_dir,sess,nowtime);
1517 
    rename(fname,logftmp);
1518 
    varf=fopen(fname,"a");
1519 
    if(varf!=NULL) {
1520 
      _write_var("module_score",varf,1,1);
1521 
      varg=fopen(logftmp, "r");
1522 
      if(varg!=NULL) {
1523 
        while ( (c=getc (varg)) != EOF)
7673 bpr 1524 
          putc (c,varf);
1525 
          fclose(varg);
12216 bpr 1526 
        }
1527 
        fclose(varf);
1528 
        remove(logftmp);
7673 bpr 1529 
     }
12216 bpr 1530 
  }
4639 guerimand 1531 
/* end of add */
12216 bpr 1532 
  varf=fopen(fname,"a");
1533 
  if(varf!=NULL) {
7673 bpr 1534 
/* The first 4 lines should not be modified */
12216 bpr 1535 
    fprintf(varf,"\n:\n");
1536 
    _write_var("QUERY_STRING",varf,0,0);
1537 
    _write_var("module",varf,1,0);
1538 
    _write_var("cmd",varf,1,0);
1539 
    _write_var("module_init_parm",varf,1,0);
1540 
    _write_var("wims_scoring",varf,1,1);
1541 
    _write_var("module_score",varf,1,1);
1542 
    fprintf(varf,"w_wims_checktime1=%lu\n\
10 reyssat 1543 
w_wims_checktime2=%s\n",nowtime,nowstr);
12216 bpr 1544 
    _write_var("wims_seed",varf,1,1);
1545 
    _write_vars(varf);
1546 
    fclose(varf);
1547 
  }
10 reyssat 1548 
}
4639 guerimand 1549 
 
7673 bpr 1550 
/* save variables to session var file */
10 reyssat 1551 
void save_session_vars(void)
1552 
{
12216 bpr 1553 
  int i;
1554 
  char *mp, *sh, *ex, *ll;
1555 
  FILE *varf;
7673 bpr 1556 
/* light pages don't need saved variables. ? */
1557 
/*    if(varchr(module_prefix,"light")!=NULL) return;*/
12216 bpr 1558 
  if(robot_access) return;
7673 bpr 1559 
/* no variable saving if cmd=help? */
12216 bpr 1560 
  if(cmd_type==cmd_help) return;
1561 
  lastdatafile[0]=lastftest[0]=0;
1562 
  lessrafale();
1563 
  mp=getvar("wims_nextmodule");
1564 
  if(mp!=NULL && *mp!=0) {
1565 
    mp=getvar("module");
1566 
    if(strcmp(mp,home_module)==0)
1567 
      force_setvar("module",getvar("wims_nextmodule"));
1568 
  }
1569 
  varf=fopen_session_var_file("w");
1570 
  for(i=0;i<HEADER_VAR_NO;i++) _write_var(header_var_name[i],varf,0,0);
1571 
  for(i=0;i<RO_NAME_NO;i++) _write_var(ro_name[i],varf,1,0);
1572 
  for(i=0;i<INTERNAL_NAME_NO;i++) {
1573 
    if(internal_name[i].stat==0)
1574 
      _write_var(internal_name[i].name,varf,3,0);
1575 
  }
1576 
  _write_var("password",varf,0,1);
1577 
  save_parmreg();
1578 
  if(new_session) fprintf(varf,"wims_new_session=yes\n");
1579 
  fprintf(varf,"\n");
1580 
  _write_var("module_init_parm",varf,1,0);
1581 
  _write_var("wims_sheet",varf,1,1);
1582 
  _write_var("wims_exo",varf,1,1);
1583 
  _write_var("wims_scoring",varf,1,1);
1584 
  _write_vars(varf);
1585 
  fclose(varf);
1586 
  if(cmd_type==cmd_new || cmd_type==cmd_renew || cmd_type==cmd_reply || cmd_type==cmd_next) {
1587 
    ll=getvar("wims_class_examlog");
1588 
    if(ll!=NULL && *ll!=0) i=atoi(ll); else i=examlog_limit;
1589 
    if(strstr(session_prefix,"_exam")!=NULL && examlogf[0]!=0 &&
1590 
        simuxam==0 && i>0) {
1591 
      mkdirs(examlogd); exolog(examlogf);
10 reyssat 1592 
    }
12216 bpr 1593 
    else {
1594 
      ll=getvar("wims_class_exolog");
1595 
      sh=getvar("wims_sheet"); ex=getvar("wims_exo");
1596 
      if(ll!=NULL && atoi(ll)>0) {
1597 
        char buf[MAX_FNAME+1];
1598 
        if(sh!=NULL && *sh!=0 && ex!=NULL && *ex!=0){
1599 
          mkfname(buf,"%s/exolog.%s.%s",session_prefix,sh,ex);
1600 
        }
1601 
        else { mkfname(buf,"%s/exolog",session_prefix);}
1602 
        if(cmd_type==cmd_new || cmd_type==cmd_renew) unlink(buf);
1603 
        exolog(buf);
8479 bpr 1604 
      }
10 reyssat 1605 
    }
12216 bpr 1606 
  }
1607 
  if(var_def_buf) free(var_def_buf);
10 reyssat 1608 
}