--- /home/michail/Downloads/awkiawki-0.1/awki.cgi 2004-07-13 20:34:45.000000000

1. --- /home/michail/Downloads/awkiawki-0.1/awki.cgi   2004-07-13 20:34:45.000000000 +0400
2. +++ awki.cgi    2014-11-27 22:30:30.314034481 +0300
3. @@ -49,11 +49,13 @@ BEGIN {
4.  
5.     #load external configfile
6.     load_config(scriptname)
7. -  
8. +      
9.     # PATH_INFO contains page name
10.     if (ENVIRON["PATH_INFO"]) {
11.         query["page"] = ENVIRON["PATH_INFO"]
12.     }
13. +
14. +   parse_cookies(cookies)
15.    
16.     if (ENVIRON["REQUEST_METHOD"] == "POST") {
17.          if (ENVIRON["CONTENT_TYPE"] == "application/x-www-form-urlencoded") {
18. @@ -94,21 +96,38 @@ BEGIN {
19.    
20.     #check if page is editable
21.     special_pages = "FullSearch|PageList|RecentChanges"
22. +
23. +   if (cookies["id"] != "")
24. +       if (system("[ -f sessions/" cookies["id"] " ]") == 0)
25. +           auth_access = 1
26.    
27.     if (query["page"] ~ "("special_pages")") {
28.         special_page = 1
29. -   } else if (!localconf["write_protection"] || query["page"] !~ "("localconf["write_protection"]")") {
30. +   } else if (auth_access || !localconf["write_protection"] ||
31. +          query["page"] !~ "("localconf["write_protection"]")") {
32.         page_editable = 1
33.     }
34.  
35. +   if (query["login"])
36. +       re = login(query["username"], query["password"])
37.  
38. +   #set_cookie("count", cookies["count"] ? cookies["count"] + 1 : 0, "", "/")
39. +   #set_cookie("user", "guest", "Tue, 15-Jan-2015 21:47:38 GMT", "/")
40.     header(query["page"])
41. +   #print "#" ENVIRON["HTTP_COOKIE"] "#"
42.    
43.     if (query["edit"] && page_editable)
44.         edit(query["page"], query["filename"], query["revision"])
45.     else if (query["save"] && query["text"] && page_editable)
46.         save(query["page"], query["text"], query["string"], query["filename"])
47. -   else if (query["page"] ~ "PageList")
48. +   else if (query["auth"])
49. +       auth()
50. +   else if (query["login"]) {
51. +       if (re == "ok")
52. +           print "<span>You are logged as " query["username"] "</span>"
53. +       else
54. +           auth(re)
55. +   } else if (query["page"] ~ "PageList")
56.         special_index(localconf["datadir"])
57.     else if (query["page"] ~ "RecentChanges")
58.         special_changes(localconf["datadir"])
59. @@ -125,8 +144,41 @@ BEGIN {
60.    
61.  }
62.  
63. -# print header
64. -function header(page) {
65. +function set_cookie(name, value, expires, path, domain) {
66. +   delete cookies_header_header[name]
67. +   cookies_header[name]["value"] = value
68. +
69. +   if (expires)
70. +       cookies_header[name]["expires"] = expires;
71. +   if (path)
72. +       cookies_header[name]["path"] = path;
73. +   if (domain)
74. +       cookies_header[name]["domain"] = domain;
75. +}
76. +
77. +function parse_cookies(cookies,        arr, n, i, key, value) {
78. +   gsub(/[ ]*/, "", ENVIRON["HTTP_COOKIE"]);
79. +
80. +   if (length(ENVIRON["HTTP_COOKIE"]) == 0)
81. +       return;
82. +
83. +   n = split(ENVIRON["HTTP_COOKIE"], arr, ";")
84. +   for (i = 1; i <= n; i++) {
85. +       if (match(arr[i], /=/)) {
86. +           key = substr(arr[i], 1, RSTART-1)
87. +           value = substr(arr[i], RSTART+RLENGTH)
88. +           cookies[key] = value
89. +       }
90. +   }
91. +}
92. +
93. +function header(page,  i) {
94. +   for (i in cookies_header)
95. +       print "Set-Cookie: " i "=" cookies_header[i]["value"] \
96. +           (cookies_header[i]["expires"] ? "; expires=" cookies_header[i]["expires"] : "") \
97. +           (cookies_header[i]["path"] ? "; path=" cookies_header[i]["path"] : "") \
98. +           (cookies_header[i]["domain"] ? "; domain=" cookies_header[i]["domain"] : "");
99. +
100.     print "Content-type: text/html\n"
101.     print "<html>\n<head>\n<title>" page "</title>"
102.     if (localconf["css"])
103. @@ -148,10 +200,12 @@ function footer(page) {
104.     print "<a href=\""scriptname"/RecentChanges\">RecentChanges</a>"
105.     if (localconf["rcs"] && !special_page)
106.         print "<a href=\""scriptname"/"page"?history=true\">PageHistory</a>"
107. +   print "<a href=\""scriptname"?auth=true\">Login</a>"
108.     print "<form action=\""scriptname"/FullSearch\" method=\"GET\" align=\"right\">"
109.     print "<input type=\"text\" name=\"string\">"
110.     print "<input type=\"submit\" value=\"search\">"
111.     print "</form>\n</body>\n</html>"
112. +  
113.  }
114.  
115.  # send page to parser script
116. @@ -181,6 +235,39 @@ function special_diff(page, filename, re
117.     }
118.  } 
119.  
120. +function auth(error) {
121. +   print "<h3>Login</h3> \
122. +<form action=\""scriptname"?login=true\" method=\"POST\"> \
123. +<label>Username :</label> \
124. +<input id=\"name\" name=\"username\" placeholder=\"username\" type=\"text\"> \
125. +<p/> \
126. +<label>Password :</label> \
127. +<input id=\"password\" name=\"password\" placeholder=\"**********\" type=\"password\"> \
128. +<input name=\"submit\" type=\"submit\" value=\"Login\">"
129. +   if (error)
130. +       print "<p/><span>" error "</span>"
131. +}
132. +
133. +function login(username, password) {
134. +   if (!username || !password)
135. +       return "username or password are empty"
136. +
137. +   if (username != "admin" && password != "secret")
138. +       return "username or password are wrong"
139. +
140. +   create_session(username)
141. +   return "ok"
142. +}
143. +
144. +function create_session(username,  cmd, id) {
145. +   cmd = "mktemp sessions/XXXXXXXXXXXXX"
146. +   cmd | getline id
147. +   close(cmd)
148. +   gsub(/^sessions\//, "", id)
149. +   set_cookie("id", id, "", "/")
150. +}
151. +
152. +# print header
153.  # print edit form
154.  function edit(page, filename, revision,   cmd) {
155.     if (revision)