X-Git-Url: https://git.plutz.net/?a=blobdiff_plain;f=index.cgi;h=ac9a110149f9e8b79a992b946b4cd6321c2df85c;hb=ecef5d8df4714fb141e42842e6df2028b151e831;hp=16bd9044053803c2ca16b840b5514ab3fde9d106;hpb=1b78a6c60a0c44a164dcf12f1e7683008f2cf402;p=httpchat

diff --git a/index.cgi b/index.cgi
index 16bd904..ac9a110 100755
--- a/index.cgi
+++ b/index.cgi
@@ -1,7 +1,8 @@
 #!/bin/sh
 
-_EXEC=.
-_DATA=.
+_EXEC="${_EXEC:-.}"
+_DATA="${_DATA:-.}"
+SESSION_TIMEOUT=43200
 . "$_EXEC/cgilite/logging.sh"
 . "$_EXEC/cgilite/cgilite.sh"
 . "$_EXEC/cgilite/session.sh"
@@ -11,9 +12,17 @@ LOCATION="$(PATH "$PATH_INFO")"
 LOCATION="${LOCATION#/}"
 LOCATION="${LOCATION%%/*}"
 
+NICK_REGISTRATION="${NICK_REGISTRATION:-on}"
+
+# ToDo:
+# COOKIE_NICK_EXPIRE=$((86400 * 14))
+# REGEISTERED_NICK_EXPIRE=$((86400 * 365))
+
 yield_page(){
   page="$1"
-  printf 'Content-Type: text/html; charset=utf-8\r\n\r\n'
+  printf '%s\r\n' 'Content-Type: text/html; charset=utf-8' \
+                  "Content-Security-Policy: script-src 'none'" \
+                  ''
   { printf '[html
     [head
       [meta name="viewport" content="width=device-width"]
@@ -29,13 +38,19 @@ yield_page(){
 
 settings_menu(){
   printf '
-    [form #settings method="POST" action="?"
-      [h1 Settings][a .settings href="?" Close]'
+    [form #settings method="POST" action="?settings"
+      [hidden "session_key" "%s"]
+      [h1 Settings][a .settings href="?" Close]
+  ' "$SESSION_KEY"
+  if [ "$ERROR" ]; then
+    printf '[p .error %s %s]' "${ERROR%% *}" "$(HTML "${ERROR#.* }")"
+    unset ERROR
+  fi
   printf '
       [a .section href="#nick" Nickname]
-      [div #nick [input name="nickname" value="%s"][submit "action" "nick" Set Cookie]]
+      [div #nick [input name="nickname" placeholder="%s"][submit "action" "nick" Set Cookie]]
   ' "$(HTML "${nickname#\?}")"
-  printf '
+  [ "$NICK_REGISTRATION" = on -a "$nickname" != '?Guest' ] && printf '
       [a .section href="#register" Register Nickname]
       [div #register
         [p Registration will set a permanent Cookie in your Browser.
@@ -50,11 +65,12 @@ settings_menu(){
 case ${LOCATION} in
   webchat.css)
     . "$_EXEC/cgilite/file.sh"
-    FILE "$_EXEC/webchat.css"
-    exit 0
+    FILE "$_EXEC/${LOCATION}"
+    return 0
     ;;
   \&?*)
-    chatfile="$_DATA/${LOCATION}"
+    [ "$(COOKIE nick)" -o "$QUERY_STRING" = settings ] || REDIRECT "/$LOCATION?settings#nick"
+    chatfile="$_DATA/${LOCATION}/channel"
     . "$_EXEC/channel.sh"
     exit 0
     ;;
@@ -71,6 +87,7 @@ case ${LOCATION} in
     if [ -d "$_DATA/@${LOCATION#~}" ]; then
       pubinfo="$_DATA/@${LOCATION#~}/pubinfo"
     else 
+      # ToDo Edit / Display of public user information
       REDIRECT /
     fi
     ;;