liquid_feedback_frontend
diff fastpath/getpic.c @ 5:afd9f769c7ae
Version beta1
Final voting with Schulze-Method is now possible
Many bug fixes and code cleanup
Registration with invite codes
More sort and filter options
Seperated display of "supporters" and "potential supporters"
Optical changes
Flood limit / initiative contigent is now checked by frontend
Neccessary changes to access core beta11
Final voting with Schulze-Method is now possible
Many bug fixes and code cleanup
Registration with invite codes
More sort and filter options
Seperated display of "supporters" and "potential supporters"
Optical changes
Flood limit / initiative contigent is now checked by frontend
Neccessary changes to access core beta11
| author | bsw/jbe |
|---|---|
| date | Fri Dec 25 12:00:00 2009 +0100 (2009-12-25) |
| parents | 80c215dbf076 |
| children | 88ac7798b562 |
line diff
1.1 --- a/fastpath/getpic.c Thu Dec 10 12:00:00 2009 +0100 1.2 +++ b/fastpath/getpic.c Fri Dec 25 12:00:00 2009 +0100 1.3 @@ -16,67 +16,50 @@ 1.4 #endif 1.5 1.6 int main(int argc, const char * const *argv) { 1.7 - PGconn *conn; 1.8 - PGresult *dbr; 1.9 - 1.10 - char *cookies = getenv("HTTP_COOKIE"); 1.11 1.12 char *args_string; 1.13 char *member_id; 1.14 char *image_type; 1.15 - 1.16 - char *sql_session_params[1]; 1.17 char *sql_member_image_params[2]; 1.18 1.19 + char *cookies; 1.20 + regex_t session_ident_regex; 1.21 ssize_t start, length; 1.22 - 1.23 + regmatch_t session_ident_regmatch[3]; 1.24 char *session_ident; 1.25 + char *sql_session_params[1]; 1.26 1.27 - regex_t session_ident_regex; 1.28 - regmatch_t session_ident_regmatch[2]; 1.29 - 1.30 - cookies = getenv("HTTP_COOKIE"); 1.31 + PGconn *conn; 1.32 + PGresult *dbr; 1.33 1.34 args_string = getenv("QUERY_STRING"); 1.35 - 1.36 - if (!cookies || !args_string) { 1.37 + cookies = getenv("HTTP_COOKIE"); 1.38 + if (!args_string || !cookies) { 1.39 fputs("Status: 403 Access Denied\n\n", stdout); 1.40 return 0; 1.41 } 1.42 1.43 member_id = strtok(args_string, "+"); 1.44 image_type = strtok(NULL, "+"); 1.45 - 1.46 sql_member_image_params[0] = member_id; 1.47 sql_member_image_params[1] = image_type; 1.48 1.49 - // get session from cookie 1.50 - 1.51 - // TODO improve regex to fit better 1.52 - if (regcomp(&session_ident_regex, "liquid_feedback_session=([a-zA-Z0-9]+)", REG_EXTENDED) != 0) { 1.53 + if (regcomp(&session_ident_regex, "(^|[; \t])liquid_feedback_session=([0-9A-Za-z]+)", REG_EXTENDED) != 0) { 1.54 // shouldn't happen 1.55 abort(); 1.56 } 1.57 - 1.58 if (regexec(&session_ident_regex, cookies, 2, session_ident_regmatch, 0) != 0) { 1.59 fputs("Status: 403 Access Denied\n\n", stdout); 1.60 return 0; 1.61 } 1.62 - 1.63 - start = session_ident_regmatch[1].rm_so; 1.64 - length = session_ident_regmatch[1].rm_eo - session_ident_regmatch[1].rm_so; 1.65 - 1.66 + start = session_ident_regmatch[2].rm_so; 1.67 + length = session_ident_regmatch[2].rm_eo - session_ident_regmatch[2].rm_so; 1.68 session_ident = malloc(length + 1); 1.69 - 1.70 + if (!session_ident) abort(); // shouldn't happen 1.71 strncpy(session_ident, cookies + start, length); 1.72 - 1.73 session_ident[length] = 0; 1.74 - 1.75 sql_session_params[0] = session_ident; 1.76 1.77 - 1.78 - // connect to database 1.79 - 1.80 conn = PQconnectdb(GETPIC_CONNINFO); 1.81 if (!conn) { 1.82 fputs("Could not create PGconn structure.\n", stderr); 1.83 @@ -84,27 +67,25 @@ 1.84 } 1.85 if (PQstatus(conn) != CONNECTION_OK) { 1.86 fputs(PQerrorMessage(conn), stderr); 1.87 + PQfinish(conn); 1.88 return 1; 1.89 } 1.90 1.91 - // check session 1.92 dbr = PQexecParams(conn, 1.93 "SELECT NULL FROM session JOIN member ON member.id = session.member_id WHERE session.ident = $1 AND member.active", 1.94 1, NULL, sql_session_params, NULL, NULL, 0 1.95 ); 1.96 - 1.97 if (PQresultStatus(dbr) != PGRES_TUPLES_OK) { 1.98 fputs(PQresultErrorMessage(dbr), stderr); 1.99 + PQfinish(conn); 1.100 return 1; 1.101 } 1.102 - 1.103 if (PQntuples(dbr) != 1) { 1.104 fputs("Status: 403 Access Denied\n\n", stdout); 1.105 + PQfinish(conn); 1.106 return 0; 1.107 } 1.108 1.109 - 1.110 - // get picture 1.111 dbr = PQexecParams(conn, 1.112 "SELECT content_type, data " 1.113 "FROM member_image " 1.114 @@ -114,35 +95,34 @@ 1.115 "LIMIT 1;", 1.116 2, NULL, sql_member_image_params, NULL, NULL, 1 1.117 ); 1.118 - 1.119 if (PQresultStatus(dbr) != PGRES_TUPLES_OK) { 1.120 fputs(PQresultErrorMessage(dbr), stderr); 1.121 - return 1; 1.122 - } 1.123 - if (PQntuples(dbr) > 1) { 1.124 + PQfinish(conn); 1.125 return 1; 1.126 } 1.127 - fputs("Cache-Control: private; max-age=86400\n", stdout); 1.128 if (PQntuples(dbr) == 0) { 1.129 struct stat sb; 1.130 PQclear(dbr); 1.131 PQfinish(conn); 1.132 fputs("Content-Type: image/jpeg\n\n", stdout); 1.133 if (stat(GETPIC_DEFAULT_AVATAR, &sb)) return 1; 1.134 - fprintf(stdout, "Content-Length: %i\n", sb.st_size); 1.135 + fprintf(stdout, "Content-Length: %i\n", (int)sb.st_size); 1.136 execl("/bin/cat", "cat", GETPIC_DEFAULT_AVATAR, NULL); 1.137 return 1; 1.138 } else { 1.139 if (PQnfields(dbr) < 0) { 1.140 fputs("Too few columns returned by database.\n", stderr); 1.141 + PQfinish(conn); 1.142 return 1; 1.143 } 1.144 if (PQfformat(dbr, 0) != 1 || PQfformat(dbr, 1) != 1) { 1.145 fputs("Database did not return data in binary format.\n", stderr); 1.146 + PQfinish(conn); 1.147 return 1; 1.148 } 1.149 if (PQgetisnull(dbr, 0, 0) || PQgetisnull(dbr, 0, 1)) { 1.150 fputs("Unexpected NULL in database result.\n", stderr); 1.151 + PQfinish(conn); 1.152 return 1; 1.153 } 1.154 fputs("Content-Type: ", stdout); 1.155 @@ -151,7 +131,7 @@ 1.156 fputs("\n\n", stdout); 1.157 fwrite(PQgetvalue(dbr, 0, 1), PQgetlength(dbr, 0, 1), 1, stdout); 1.158 } 1.159 - PQclear(dbr); 1.160 PQfinish(conn); 1.161 return 0; 1.162 + 1.163 }