liquid_feedback_frontend
changeset 1110:9461c738ea0b
Backported support for pseudonymous access to fastpath image interface from version 3.0.3
author | jbe |
---|---|
date | Mon Nov 10 18:48:58 2014 +0100 (2014-11-10) |
parents | 68d91f47bb98 |
children | 5b77825ecfa6 |
files | fastpath/getpic.c |
line diff
1.1 --- a/fastpath/getpic.c Thu Jul 10 01:02:36 2014 +0200 1.2 +++ b/fastpath/getpic.c Mon Nov 10 18:48:58 2014 +0100 1.3 @@ -23,6 +23,9 @@ 1.4 const char *sql_member_image_params[2]; 1.5 1.6 #ifndef PUBLIC_ACCESS 1.7 +#ifdef PUBLIC_AVATAR_ACCESS 1.8 + int authorization_required = 0; 1.9 +#endif 1.10 char *cookies; 1.11 regex_t session_ident_regex; 1.12 ssize_t start, length; 1.13 @@ -35,40 +38,48 @@ 1.14 PGresult *dbr; 1.15 1.16 args_string = getenv("QUERY_STRING"); 1.17 -#ifdef PUBLIC_ACCESS 1.18 if (!args_string) { 1.19 fputs("Status: 403 Access Denied\n\n", stdout); 1.20 return 0; 1.21 } 1.22 -#else 1.23 - cookies = getenv("HTTP_COOKIE"); 1.24 - if (!args_string || !cookies) { 1.25 + 1.26 + member_id = strtok(args_string, "+"); 1.27 + image_type = strtok(NULL, "+"); 1.28 + if (!member_id || !image_type) { 1.29 fputs("Status: 403 Access Denied\n\n", stdout); 1.30 return 0; 1.31 } 1.32 -#endif 1.33 - 1.34 - member_id = strtok(args_string, "+"); 1.35 - image_type = strtok(NULL, "+"); 1.36 sql_member_image_params[0] = member_id; 1.37 sql_member_image_params[1] = image_type; 1.38 1.39 #ifndef PUBLIC_ACCESS 1.40 - if (regcomp(&session_ident_regex, "(^|[; \t])liquid_feedback_session=([0-9A-Za-z]+)", REG_EXTENDED) != 0) { 1.41 - // shouldn't happen 1.42 - abort(); 1.43 - } 1.44 - if (regexec(&session_ident_regex, cookies, 3, session_ident_regmatch, 0) != 0) { 1.45 - fputs("Status: 403 Access Denied\n\n", stdout); 1.46 - return 0; 1.47 +#ifdef PUBLIC_AVATAR_ACCESS 1.48 + if (strcmp(image_type, "avatar")) { 1.49 + authorization_required = 1; 1.50 +#endif 1.51 + cookies = getenv("HTTP_COOKIE"); 1.52 + if (!args_string || !cookies) { 1.53 + fputs("Status: 403 Access Denied\n\n", stdout); 1.54 + return 0; 1.55 + } 1.56 + if (regcomp(&session_ident_regex, "(^|[; \t])liquid_feedback_session=([0-9A-Za-z]+)", REG_EXTENDED) != 0) { 1.57 + // shouldn't happen 1.58 + abort(); 1.59 + } 1.60 + if (regexec(&session_ident_regex, cookies, 3, session_ident_regmatch, 0) != 0) { 1.61 + fputs("Status: 403 Access Denied\n\n", stdout); 1.62 + return 0; 1.63 + } 1.64 + start = session_ident_regmatch[2].rm_so; 1.65 + length = session_ident_regmatch[2].rm_eo - session_ident_regmatch[2].rm_so; 1.66 + session_ident = malloc(length + 1); 1.67 + if (!session_ident) abort(); // shouldn't happen 1.68 + strncpy(session_ident, cookies + start, length); 1.69 + session_ident[length] = 0; 1.70 + sql_session_params[0] = session_ident; 1.71 +#ifdef PUBLIC_AVATAR_ACCESS 1.72 } 1.73 - start = session_ident_regmatch[2].rm_so; 1.74 - length = session_ident_regmatch[2].rm_eo - session_ident_regmatch[2].rm_so; 1.75 - session_ident = malloc(length + 1); 1.76 - if (!session_ident) abort(); // shouldn't happen 1.77 - strncpy(session_ident, cookies + start, length); 1.78 - session_ident[length] = 0; 1.79 - sql_session_params[0] = session_ident; 1.80 +#endif 1.81 #endif 1.82 1.83 conn = PQconnectdb(GETPIC_CONNINFO); 1.84 @@ -83,20 +94,26 @@ 1.85 } 1.86 1.87 #ifndef PUBLIC_ACCESS 1.88 - dbr = PQexecParams(conn, 1.89 - "SELECT NULL FROM session JOIN member ON member.id = session.member_id WHERE session.ident = $1 AND member.active", 1.90 - 1, NULL, sql_session_params, NULL, NULL, 0 1.91 - ); 1.92 - if (PQresultStatus(dbr) != PGRES_TUPLES_OK) { 1.93 - fputs(PQresultErrorMessage(dbr), stderr); 1.94 - PQfinish(conn); 1.95 - return 1; 1.96 +#ifdef PUBLIC_AVATAR_ACCESS 1.97 + if (authorization_required) { 1.98 +#endif 1.99 + dbr = PQexecParams(conn, 1.100 + "SELECT NULL FROM session JOIN member ON member.id = session.member_id WHERE session.ident = $1 AND member.active", 1.101 + 1, NULL, sql_session_params, NULL, NULL, 0 1.102 + ); 1.103 + if (PQresultStatus(dbr) != PGRES_TUPLES_OK) { 1.104 + fputs(PQresultErrorMessage(dbr), stderr); 1.105 + PQfinish(conn); 1.106 + return 1; 1.107 + } 1.108 + if (PQntuples(dbr) != 1) { 1.109 + fputs("Status: 403 Access Denied\n\n", stdout); 1.110 + PQfinish(conn); 1.111 + return 0; 1.112 + } 1.113 +#ifdef PUBLIC_AVATAR_ACCESS 1.114 } 1.115 - if (PQntuples(dbr) != 1) { 1.116 - fputs("Status: 403 Access Denied\n\n", stdout); 1.117 - PQfinish(conn); 1.118 - return 0; 1.119 - } 1.120 +#endif 1.121 #endif 1.122 1.123 dbr = PQexecParams(conn,