summaryrefslogtreecommitdiff
path: root/IkiWiki/CGI.pm
blob: 6f5d8aee65d2a8b20333be29fba60df15786f569 (plain)
  1. #!/usr/bin/perl
  2. package IkiWiki;
  3. use warnings;
  4. use strict;
  5. use IkiWiki;
  6. use IkiWiki::UserInfo;
  7. use open qw{:utf8 :std};
  8. use Encode;
  9. sub printheader ($) { #{{{
  10. my $session=shift;
  11. if ($config{sslcookie}) {
  12. print $session->header(-charset => 'utf-8',
  13. -cookie => $session->cookie(-httponly => 1, -secure => 1));
  14. } else {
  15. print $session->header(-charset => 'utf-8',
  16. -cookie => $session->cookie(-httponly => 1));
  17. }
  18. } #}}}
  19. sub showform ($$$$;@) { #{{{
  20. my $form=shift;
  21. my $buttons=shift;
  22. my $session=shift;
  23. my $cgi=shift;
  24. if (exists $hooks{formbuilder}) {
  25. run_hooks(formbuilder => sub {
  26. shift->(form => $form, cgi => $cgi, session => $session,
  27. buttons => $buttons);
  28. });
  29. }
  30. printheader($session);
  31. print misctemplate($form->title, $form->render(submit => $buttons), @_);
  32. }
  33. sub redirect ($$) { #{{{
  34. my $q=shift;
  35. my $url=shift;
  36. if (! $config{w3mmode}) {
  37. print $q->redirect($url);
  38. }
  39. else {
  40. print "Content-type: text/plain\n";
  41. print "W3m-control: GOTO $url\n\n";
  42. }
  43. } #}}}
  44. sub check_canedit ($$$;$) { #{{{
  45. my $page=shift;
  46. my $q=shift;
  47. my $session=shift;
  48. my $nonfatal=shift;
  49. my $canedit;
  50. run_hooks(canedit => sub {
  51. return if defined $canedit;
  52. my $ret=shift->($page, $q, $session);
  53. if (defined $ret) {
  54. if ($ret eq "") {
  55. $canedit=1;
  56. }
  57. elsif (ref $ret eq 'CODE') {
  58. $ret->() unless $nonfatal;
  59. $canedit=0;
  60. }
  61. elsif (defined $ret) {
  62. error($ret) unless $nonfatal;
  63. $canedit=0;
  64. }
  65. }
  66. });
  67. return $canedit;
  68. } #}}}
  69. sub decode_cgi_utf8 ($) { #{{{
  70. # decode_form_utf8 method is needed for 5.10
  71. if ($] < 5.01) {
  72. my $cgi = shift;
  73. foreach my $f ($cgi->param) {
  74. $cgi->param($f, map { decode_utf8 $_ } $cgi->param($f));
  75. }
  76. }
  77. } #}}}
  78. sub decode_form_utf8 ($) { #{{{
  79. if ($] >= 5.01) {
  80. my $form = shift;
  81. foreach my $f ($form->field) {
  82. $form->field(name => $f,
  83. value => decode_utf8($form->field($f)),
  84. force => 1,
  85. );
  86. }
  87. }
  88. } #}}}
  89. # Check if the user is signed in. If not, redirect to the signin form and
  90. # save their place to return to later.
  91. sub needsignin ($$) { #{{{
  92. my $q=shift;
  93. my $session=shift;
  94. if (! defined $session->param("name") ||
  95. ! userinfo_get($session->param("name"), "regdate")) {
  96. $session->param(postsignin => $ENV{QUERY_STRING});
  97. cgi_signin($q, $session);
  98. cgi_savesession($session);
  99. exit;
  100. }
  101. } #}}}
  102. sub cgi_signin ($$) { #{{{
  103. my $q=shift;
  104. my $session=shift;
  105. decode_cgi_utf8($q);
  106. eval q{use CGI::FormBuilder};
  107. error($@) if $@;
  108. my $form = CGI::FormBuilder->new(
  109. title => "signin",
  110. name => "signin",
  111. charset => "utf-8",
  112. method => 'POST',
  113. required => 'NONE',
  114. javascript => 0,
  115. params => $q,
  116. action => $config{cgiurl},
  117. header => 0,
  118. template => {type => 'div'},
  119. stylesheet => baseurl()."style.css",
  120. );
  121. my $buttons=["Login"];
  122. if ($q->param("do") ne "signin" && !$form->submitted) {
  123. $form->text(gettext("You need to log in first."));
  124. }
  125. $form->field(name => "do", type => "hidden", value => "signin",
  126. force => 1);
  127. decode_form_utf8($form);
  128. run_hooks(formbuilder_setup => sub {
  129. shift->(form => $form, cgi => $q, session => $session,
  130. buttons => $buttons);
  131. });
  132. decode_form_utf8($form);
  133. if ($form->submitted) {
  134. $form->validate;
  135. }
  136. showform($form, $buttons, $session, $q);
  137. } #}}}
  138. sub cgi_postsignin ($$) { #{{{
  139. my $q=shift;
  140. my $session=shift;
  141. # Continue with whatever was being done before the signin process.
  142. if (defined $session->param("postsignin")) {
  143. my $postsignin=CGI->new($session->param("postsignin"));
  144. $session->clear("postsignin");
  145. cgi($postsignin, $session);
  146. cgi_savesession($session);
  147. exit;
  148. }
  149. else {
  150. error(gettext("login failed, perhaps you need to turn on cookies?"));
  151. }
  152. } #}}}
  153. sub cgi_prefs ($$) { #{{{
  154. my $q=shift;
  155. my $session=shift;
  156. needsignin($q, $session);
  157. decode_cgi_utf8($q);
  158. # The session id is stored on the form and checked to
  159. # guard against CSRF.
  160. my $sid=$q->param('sid');
  161. if (! defined $sid) {
  162. $q->delete_all;
  163. }
  164. elsif ($sid ne $session->id) {
  165. error(gettext("Your login session has expired."));
  166. }
  167. eval q{use CGI::FormBuilder};
  168. error($@) if $@;
  169. my $form = CGI::FormBuilder->new(
  170. title => "preferences",
  171. name => "preferences",
  172. header => 0,
  173. charset => "utf-8",
  174. method => 'POST',
  175. validate => {
  176. email => 'EMAIL',
  177. },
  178. required => 'NONE',
  179. javascript => 0,
  180. params => $q,
  181. action => $config{cgiurl},
  182. template => {type => 'div'},
  183. stylesheet => baseurl()."style.css",
  184. fieldsets => [
  185. [login => gettext("Login")],
  186. [preferences => gettext("Preferences")],
  187. [admin => gettext("Admin")]
  188. ],
  189. );
  190. my $buttons=["Save Preferences", "Logout", "Cancel"];
  191. decode_form_utf8($form);
  192. run_hooks(formbuilder_setup => sub {
  193. shift->(form => $form, cgi => $q, session => $session,
  194. buttons => $buttons);
  195. });
  196. decode_form_utf8($form);
  197. $form->field(name => "do", type => "hidden", value => "prefs",
  198. force => 1);
  199. $form->field(name => "sid", type => "hidden", value => $session->id,
  200. force => 1);
  201. $form->field(name => "email", size => 50, fieldset => "preferences");
  202. my $user_name=$session->param("name");
  203. # XXX deprecated, should be removed eventually
  204. $form->field(name => "banned_users", size => 50, fieldset => "admin");
  205. if (! is_admin($user_name)) {
  206. $form->field(name => "banned_users", type => "hidden");
  207. }
  208. if (! $form->submitted) {
  209. $form->field(name => "email", force => 1,
  210. value => userinfo_get($user_name, "email"));
  211. if (is_admin($user_name)) {
  212. my $value=join(" ", get_banned_users());
  213. if (length $value) {
  214. $form->field(name => "banned_users", force => 1,
  215. value => join(" ", get_banned_users()),
  216. comment => "deprecated; please move to banned_users in setup file");
  217. }
  218. else {
  219. $form->field(name => "banned_users", type => "hidden");
  220. }
  221. }
  222. }
  223. if ($form->submitted eq 'Logout') {
  224. $session->delete();
  225. redirect($q, $config{url});
  226. return;
  227. }
  228. elsif ($form->submitted eq 'Cancel') {
  229. redirect($q, $config{url});
  230. return;
  231. }
  232. elsif ($form->submitted eq 'Save Preferences' && $form->validate) {
  233. if (defined $form->field('email')) {
  234. userinfo_set($user_name, 'email', $form->field('email')) ||
  235. error("failed to set email");
  236. }
  237. # XXX deprecated, should be removed eventually
  238. if (is_admin($user_name)) {
  239. set_banned_users(grep { ! is_admin($_) }
  240. split(' ',
  241. $form->field("banned_users"))) ||
  242. error("failed saving changes");
  243. if (! length $form->field("banned_users")) {
  244. $form->field(name => "banned_users", type => "hidden");
  245. }
  246. }
  247. $form->text(gettext("Preferences saved."));
  248. }
  249. showform($form, $buttons, $session, $q);
  250. } #}}}
  251. sub cgi_editpage ($$) { #{{{
  252. my $q=shift;
  253. my $session=shift;
  254. decode_cgi_utf8($q);
  255. my @fields=qw(do rcsinfo subpage from page type editcontent comments);
  256. my @buttons=("Save Page", "Preview", "Cancel");
  257. eval q{use CGI::FormBuilder};
  258. error($@) if $@;
  259. my $form = CGI::FormBuilder->new(
  260. fields => \@fields,
  261. charset => "utf-8",
  262. method => 'POST',
  263. required => [qw{editcontent}],
  264. javascript => 0,
  265. params => $q,
  266. action => $config{cgiurl},
  267. header => 0,
  268. table => 0,
  269. template => scalar template_params("editpage.tmpl"),
  270. wikiname => $config{wikiname},
  271. );
  272. decode_form_utf8($form);
  273. run_hooks(formbuilder_setup => sub {
  274. shift->(form => $form, cgi => $q, session => $session,
  275. buttons => \@buttons);
  276. });
  277. decode_form_utf8($form);
  278. # This untaint is safe because we check file_pruned.
  279. my $page=$form->field('page');
  280. $page=possibly_foolish_untaint($page);
  281. my $absolute=($page =~ s#^/+##);
  282. if (! defined $page || ! length $page ||
  283. file_pruned($page, $config{srcdir})) {
  284. error("bad page name");
  285. }
  286. my $baseurl=$config{url}."/".htmlpage($page);
  287. my $from;
  288. if (defined $form->field('from')) {
  289. ($from)=$form->field('from')=~/$config{wiki_file_regexp}/;
  290. }
  291. my $file;
  292. my $type;
  293. if (exists $pagesources{$page} && $form->field("do") ne "create") {
  294. $file=$pagesources{$page};
  295. $type=pagetype($file);
  296. if (! defined $type || $type=~/^_/) {
  297. error(sprintf(gettext("%s is not an editable page"), $page));
  298. }
  299. if (! $form->submitted) {
  300. $form->field(name => "rcsinfo",
  301. value => rcs_prepedit($file), force => 1);
  302. }
  303. $form->field(name => "editcontent", validate => '/.*/');
  304. }
  305. else {
  306. $type=$form->param('type');
  307. if (defined $type && length $type && $hooks{htmlize}{$type}) {
  308. $type=possibly_foolish_untaint($type);
  309. }
  310. elsif (defined $from && exists $pagesources{$from}) {
  311. # favor the type of linking page
  312. $type=pagetype($pagesources{$from});
  313. }
  314. $type=$config{default_pageext} unless defined $type;
  315. $file=$page.".".$type;
  316. if (! $form->submitted) {
  317. $form->field(name => "rcsinfo", value => "", force => 1);
  318. }
  319. $form->field(name => "editcontent", validate => '/.+/');
  320. }
  321. $form->field(name => "do", type => 'hidden');
  322. $form->field(name => "sid", type => "hidden", value => $session->id,
  323. force => 1);
  324. $form->field(name => "from", type => 'hidden');
  325. $form->field(name => "rcsinfo", type => 'hidden');
  326. $form->field(name => "subpage", type => 'hidden');
  327. $form->field(name => "page", value => $page, force => 1);
  328. $form->field(name => "type", value => $type, force => 1);
  329. $form->field(name => "comments", type => "text", size => 80);
  330. $form->field(name => "editcontent", type => "textarea", rows => 20,
  331. cols => 80);
  332. $form->tmpl_param("can_commit", $config{rcs});
  333. $form->tmpl_param("indexlink", indexlink());
  334. $form->tmpl_param("helponformattinglink",
  335. htmllink($page, $page, "ikiwiki/formatting",
  336. noimageinline => 1,
  337. linktext => "FormattingHelp"));
  338. if ($form->submitted eq "Cancel") {
  339. if ($form->field("do") eq "create" && defined $from) {
  340. redirect($q, "$config{url}/".htmlpage($from));
  341. }
  342. elsif ($form->field("do") eq "create") {
  343. redirect($q, $config{url});
  344. }
  345. else {
  346. redirect($q, "$config{url}/".htmlpage($page));
  347. }
  348. return;
  349. }
  350. elsif ($form->submitted eq "Preview") {
  351. my $new=not exists $pagesources{$page};
  352. if ($new) {
  353. # temporarily record its type
  354. $pagesources{$page}=$page.".".$type;
  355. }
  356. my $content=$form->field('editcontent');
  357. run_hooks(editcontent => sub {
  358. $content=shift->(
  359. content => $content,
  360. page => $page,
  361. cgi => $q,
  362. session => $session,
  363. );
  364. });
  365. my $preview=htmlize($page, $page, $type,
  366. linkify($page, $page,
  367. preprocess($page, $page,
  368. filter($page, $page, $content), 0, 1)));
  369. run_hooks(format => sub {
  370. $preview=shift->(
  371. page => $page,
  372. content => $preview,
  373. );
  374. });
  375. $form->tmpl_param("page_preview", $preview);
  376. if ($new) {
  377. delete $pagesources{$page};
  378. }
  379. # previewing may have created files on disk
  380. saveindex();
  381. }
  382. elsif ($form->submitted eq "Save Page") {
  383. $form->tmpl_param("page_preview", "");
  384. }
  385. if ($form->submitted ne "Save Page" || ! $form->validate) {
  386. if ($form->field("do") eq "create") {
  387. my @page_locs;
  388. my $best_loc;
  389. if (! defined $from || ! length $from ||
  390. $from ne $form->field('from') ||
  391. file_pruned($from, $config{srcdir}) ||
  392. $from=~/^\// ||
  393. $absolute ||
  394. $form->submitted eq "Preview") {
  395. @page_locs=$best_loc=$page;
  396. }
  397. else {
  398. my $dir=$from."/";
  399. $dir=~s![^/]+/+$!!;
  400. if ((defined $form->field('subpage') && length $form->field('subpage')) ||
  401. $page eq gettext('discussion')) {
  402. $best_loc="$from/$page";
  403. }
  404. else {
  405. $best_loc=$dir.$page;
  406. }
  407. push @page_locs, $dir.$page;
  408. push @page_locs, "$from/$page";
  409. while (length $dir) {
  410. $dir=~s![^/]+/+$!!;
  411. push @page_locs, $dir.$page;
  412. }
  413. push @page_locs, "$config{userdir}/$page"
  414. if length $config{userdir};
  415. }
  416. @page_locs = grep {
  417. ! exists $pagecase{lc $_}
  418. } @page_locs;
  419. if (! @page_locs) {
  420. # hmm, someone else made the page in the
  421. # meantime?
  422. if ($form->submitted eq "Preview") {
  423. # let them go ahead with the edit
  424. # and resolve the conflict at save
  425. # time
  426. @page_locs=$page;
  427. }
  428. else {
  429. redirect($q, "$config{url}/".htmlpage($page));
  430. return;
  431. }
  432. }
  433. my @editable_locs = grep {
  434. check_canedit($_, $q, $session, 1)
  435. } @page_locs;
  436. if (! @editable_locs) {
  437. # let it throw an error this time
  438. map { check_canedit($_, $q, $session) } @page_locs;
  439. }
  440. my @page_types;
  441. if (exists $hooks{htmlize}) {
  442. @page_types=grep { !/^_/ }
  443. keys %{$hooks{htmlize}};
  444. }
  445. $form->tmpl_param("page_select", 1);
  446. $form->field(name => "page", type => 'select',
  447. options => [ map { [ $_, pagetitle($_, 1) ] } @editable_locs ],
  448. value => $best_loc);
  449. $form->field(name => "type", type => 'select',
  450. options => \@page_types);
  451. $form->title(sprintf(gettext("creating %s"), pagetitle($page)));
  452. }
  453. elsif ($form->field("do") eq "edit") {
  454. check_canedit($page, $q, $session);
  455. if (! defined $form->field('editcontent') ||
  456. ! length $form->field('editcontent')) {
  457. my $content="";
  458. if (exists $pagesources{$page}) {
  459. $content=readfile(srcfile($pagesources{$page}));
  460. $content=~s/\n/\r\n/g;
  461. }
  462. $form->field(name => "editcontent", value => $content,
  463. force => 1);
  464. }
  465. $form->tmpl_param("page_select", 0);
  466. $form->field(name => "page", type => 'hidden');
  467. $form->field(name => "type", type => 'hidden');
  468. $form->title(sprintf(gettext("editing %s"), pagetitle($page)));
  469. }
  470. showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
  471. }
  472. else {
  473. # save page
  474. check_canedit($page, $q, $session);
  475. # The session id is stored on the form and checked to
  476. # guard against CSRF. But only if the user is logged in,
  477. # as anonok can allow anonymous edits.
  478. if (defined $session->param("name")) {
  479. my $sid=$q->param('sid');
  480. if (! defined $sid || $sid ne $session->id) {
  481. error(gettext("Your login session has expired."));
  482. }
  483. }
  484. my $exists=-e "$config{srcdir}/$file";
  485. if ($form->field("do") ne "create" && ! $exists &&
  486. ! defined srcfile($file, 1)) {
  487. $form->tmpl_param("message", template("editpagegone.tmpl")->output);
  488. $form->field(name => "do", value => "create", force => 1);
  489. $form->tmpl_param("page_select", 0);
  490. $form->field(name => "page", type => 'hidden');
  491. $form->field(name => "type", type => 'hidden');
  492. $form->title(sprintf(gettext("editing %s"), $page));
  493. showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
  494. return;
  495. }
  496. elsif ($form->field("do") eq "create" && $exists) {
  497. $form->tmpl_param("message", template("editcreationconflict.tmpl")->output);
  498. $form->field(name => "do", value => "edit", force => 1);
  499. $form->tmpl_param("page_select", 0);
  500. $form->field(name => "page", type => 'hidden');
  501. $form->field(name => "type", type => 'hidden');
  502. $form->title(sprintf(gettext("editing %s"), $page));
  503. $form->field("editcontent",
  504. value => readfile("$config{srcdir}/$file").
  505. "\n\n\n".$form->field("editcontent"),
  506. force => 1);
  507. showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
  508. return;
  509. }
  510. my $content=$form->field('editcontent');
  511. run_hooks(editcontent => sub {
  512. $content=shift->(
  513. content => $content,
  514. page => $page,
  515. cgi => $q,
  516. session => $session,
  517. );
  518. });
  519. $content=~s/\r\n/\n/g;
  520. $content=~s/\r/\n/g;
  521. $content.="\n" if $content !~ /\n$/;
  522. $config{cgi}=0; # avoid cgi error message
  523. eval { writefile($file, $config{srcdir}, $content) };
  524. $config{cgi}=1;
  525. if ($@) {
  526. $form->field(name => "rcsinfo", value => rcs_prepedit($file),
  527. force => 1);
  528. my $mtemplate=template("editfailedsave.tmpl");
  529. $mtemplate->param(error_message => $@);
  530. $form->tmpl_param("message", $mtemplate->output);
  531. $form->field("editcontent", value => $content, force => 1);
  532. $form->tmpl_param("page_select", 0);
  533. $form->field(name => "page", type => 'hidden');
  534. $form->field(name => "type", type => 'hidden');
  535. $form->title(sprintf(gettext("editing %s"), $page));
  536. showform($form, \@buttons, $session, $q,
  537. forcebaseurl => $baseurl);
  538. return;
  539. }
  540. my $conflict;
  541. if ($config{rcs}) {
  542. my $message="";
  543. if (defined $form->field('comments') &&
  544. length $form->field('comments')) {
  545. $message=$form->field('comments');
  546. }
  547. if (! $exists) {
  548. rcs_add($file);
  549. }
  550. # Prevent deadlock with post-commit hook by
  551. # signaling to it that it should not try to
  552. # do anything.
  553. disable_commit_hook();
  554. $conflict=rcs_commit($file, $message,
  555. $form->field("rcsinfo"),
  556. $session->param("name"), $ENV{REMOTE_ADDR});
  557. enable_commit_hook();
  558. rcs_update();
  559. }
  560. # Refresh even if there was a conflict, since other changes
  561. # may have been committed while the post-commit hook was
  562. # disabled.
  563. require IkiWiki::Render;
  564. refresh();
  565. saveindex();
  566. if (defined $conflict) {
  567. $form->field(name => "rcsinfo", value => rcs_prepedit($file),
  568. force => 1);
  569. $form->tmpl_param("message", template("editconflict.tmpl")->output);
  570. $form->field("editcontent", value => $conflict, force => 1);
  571. $form->field("do", "edit", force => 1);
  572. $form->tmpl_param("page_select", 0);
  573. $form->field(name => "page", type => 'hidden');
  574. $form->field(name => "type", type => 'hidden');
  575. $form->title(sprintf(gettext("editing %s"), $page));
  576. showform($form, \@buttons, $session, $q,
  577. forcebaseurl => $baseurl);
  578. return;
  579. }
  580. else {
  581. # The trailing question mark tries to avoid broken
  582. # caches and get the most recent version of the page.
  583. redirect($q, "$config{url}/".htmlpage($page)."?updated");
  584. }
  585. }
  586. } #}}}
  587. sub check_banned ($$) { #{{{
  588. my $q=shift;
  589. my $session=shift;
  590. my $name=$session->param("name");
  591. if (defined $name) {
  592. # XXX banned in userinfo is deprecated, should be removed
  593. # eventually, and only banned_users be checked.
  594. if (userinfo_get($session->param("name"), "banned") ||
  595. grep { $name eq $_ } @{$config{banned_users}}) {
  596. print $q->header(-status => "403 Forbidden");
  597. $session->delete();
  598. print gettext("You are banned.");
  599. cgi_savesession($session);
  600. exit;
  601. }
  602. }
  603. }
  604. sub cgi_getsession ($) { #{{{
  605. my $q=shift;
  606. eval q{use CGI::Session};
  607. error($@) if $@;
  608. CGI::Session->name("ikiwiki_session_".encode_utf8($config{wikiname}));
  609. my $oldmask=umask(077);
  610. my $session = eval {
  611. CGI::Session->new("driver:DB_File", $q,
  612. { FileName => "$config{wikistatedir}/sessions.db" })
  613. };
  614. if (! $session || $@) {
  615. error($@." ".CGI::Session->errstr());
  616. }
  617. umask($oldmask);
  618. return $session;
  619. } #}}}
  620. sub cgi_savesession ($) { #{{{
  621. my $session=shift;
  622. # Force session flush with safe umask.
  623. my $oldmask=umask(077);
  624. $session->flush;
  625. umask($oldmask);
  626. } #}}}
  627. sub cgi (;$$) { #{{{
  628. my $q=shift;
  629. my $session=shift;
  630. eval q{use CGI};
  631. error($@) if $@;
  632. $CGI::DISABLE_UPLOADS=$config{cgi_disable_uploads};
  633. if (! $q) {
  634. binmode(STDIN);
  635. $q=CGI->new;
  636. binmode(STDIN, ":utf8");
  637. run_hooks(cgi => sub { shift->($q) });
  638. }
  639. my $do=$q->param('do');
  640. if (! defined $do || ! length $do) {
  641. my $error = $q->cgi_error;
  642. if ($error) {
  643. error("Request not processed: $error");
  644. }
  645. else {
  646. error("\"do\" parameter missing");
  647. }
  648. }
  649. # Need to lock the wiki before getting a session.
  650. lockwiki();
  651. loadindex();
  652. if (! $session) {
  653. $session=cgi_getsession($q);
  654. }
  655. # Auth hooks can sign a user in.
  656. if ($do ne 'signin' && ! defined $session->param("name")) {
  657. run_hooks(auth => sub {
  658. shift->($q, $session)
  659. });
  660. if (defined $session->param("name")) {
  661. # Make sure whatever user was authed is in the
  662. # userinfo db.
  663. if (! userinfo_get($session->param("name"), "regdate")) {
  664. userinfo_setall($session->param("name"), {
  665. email => "",
  666. password => "",
  667. regdate => time,
  668. }) || error("failed adding user");
  669. }
  670. }
  671. }
  672. check_banned($q, $session);
  673. run_hooks(sessioncgi => sub { shift->($q, $session) });
  674. if ($do eq 'signin') {
  675. cgi_signin($q, $session);
  676. cgi_savesession($session);
  677. }
  678. elsif ($do eq 'prefs') {
  679. cgi_prefs($q, $session);
  680. }
  681. elsif ($do eq 'create' || $do eq 'edit') {
  682. cgi_editpage($q, $session);
  683. }
  684. elsif (defined $session->param("postsignin") || $do eq 'postsignin') {
  685. cgi_postsignin($q, $session);
  686. }
  687. else {
  688. error("unknown do parameter");
  689. }
  690. } #}}}
  691. # Does not need to be called directly; all errors will go through here.
  692. sub cgierror ($) { #{{{
  693. my $message=shift;
  694. print "Content-type: text/html\n\n";
  695. print misctemplate(gettext("Error"),
  696. "<p class=\"error\">".gettext("Error").": $message</p>");
  697. die $@;
  698. } #}}}
  699. 1