From 867f3c6e4f757fb2f18558d9c8c2e80f5d339bc3 Mon Sep 17 00:00:00 2001
From: goodale <goodale@1faa4e14-9dd3-4be0-9f0e-ffe519881164>
Date: Wed, 20 Sep 2000 09:50:50 +0000
Subject: Make sure the user is authorised to control the simulation, not just
 to get to the control page 8-)

Tom


git-svn-id: http://svn.cactuscode.org/arrangements/CactusConnect/HTTPD/trunk@59 1faa4e14-9dd3-4be0-9f0e-ffe519881164
---
 src/Content.c | 73 ++++++++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 50 insertions(+), 23 deletions(-)

(limited to 'src/Content.c')

diff --git a/src/Content.c b/src/Content.c
index 0a92ee6..6f7ffb7 100644
--- a/src/Content.c
+++ b/src/Content.c
@@ -1170,38 +1170,65 @@ static int ControlSet(cGH *cctkGH, httpRequest *request)
   char message[4098];
   const char *runstate;
 
-  runstate = HTTP_ArgumentValue(request,"runstate");
+  int notauthorised;
+  char thisuser[USER_LENGTH+1];
 
-  switch(*runstate)
+  notauthorised = HTTP_AuthenticateBasic(request, "user", thisuser, USER_LENGTH);
+
+  if(!notauthorised)
   {
-    case 'T' : HTTP_SteerQueue(CCTK_THORNSTRING, "terminate", "yes");
-               ControlTerminationPage(cctkGH, request);
-               break;
-    case 'P' : HTTP_SteerQueue(CCTK_THORNSTRING, "pause", "yes");
-               break;
-    case 'R' : HTTP_SteerQueue(CCTK_THORNSTRING, "pause", "no");
-               break;
-    default  :
-      fprintf(stderr, "Unknown runstate '%s'\n", runstate);
-  }
+    runstate = HTTP_ArgumentValue(request,"runstate");
+
+    switch(*runstate)
+    {
+      case 'T' : HTTP_SteerQueue(CCTK_THORNSTRING, "terminate", "yes");
+                 ControlTerminationPage(cctkGH, request);
+                 break;
+      case 'P' : HTTP_SteerQueue(CCTK_THORNSTRING, "pause", "yes");
+                 break;
+      case 'R' : HTTP_SteerQueue(CCTK_THORNSTRING, "pause", "no");
+                 break;
+      default  :
+        fprintf(stderr, "Unknown runstate '%s'\n", runstate);
+    }
   
-  /* Now redirect the browser to the normal page */
-  /* Status message */
-  if(request->http_major_version < 1 || 
-     (request->http_major_version == 1 && request->http_minor_version < 1))
-  {
-    /* Older browsers don't understand 303 */
-    strcpy(message,"HTTP/1.0 302 Found\r\n");
+    /* Now redirect the browser to the normal page */
+    /* Status message */
+    if(request->http_major_version < 1 || 
+       (request->http_major_version == 1 && request->http_minor_version < 1))
+    {
+      /* Older browsers don't understand 303 */
+      strcpy(message,"HTTP/1.0 302 Found\r\n");
+    }
+    else
+    {
+      strcpy(message,"HTTP/1.0 303 See Other\r\n");
+    }
+  
+    sprintf(message, "%sLocation: /control.html/\r\n\r\n", message);
+  
+    HTTP_Write(request, message, strlen(message));
   }
   else
   {
-    strcpy(message,"HTTP/1.0 303 See Other\r\n");
-  }
+    /* Not authorised */
+    strcpy(message,"HTTP/1.0 401 Unauthorized\r\n"); 
   
-  sprintf(message, "%sLocation: /control.html/\r\n\r\n", message);
+    HTTP_Write(request, message, strlen(message)); 
+
+    strcpy(message,"WWW-Authenticate: Basic realm=\"Cactus Control\"\r\n"); 
   
-  HTTP_Write(request, message, strlen(message));
+    HTTP_Write(request, message, strlen(message)); 
+
+    HTTP_CookieCancel(request,"user", "/");
+
+    strcpy(message,"Content-Type: text/html\r\n\r\n");
+
+    HTTP_Write(request, message, strlen(message));
   
+    HTTP_Write(request, notauthorized_page, strlen(notauthorized_page));
+  }
+
   return 0;
 }
 
-- 
cgit v1.2.3