/follow no longer makes you leave current place

place/rating.c

@@ -0,0 +1,66 @@
+#include <net.h>
+#include <text.h>
+#include <ht/http.h>
+
+#define NAME "rating"
+#define PRIVATE
+#define SECURE
+#include <place.gen>
+
+#define RATING_TITLE "This is a demonstration of psyced's rating tool"
+#define RATING_ITEMS 3
+#define RATING_ITEM_HEIGHT 100
+#define DEFAULT_RATING_AMOUNT 5
+#define RATING_UNIFORM_PREFIX "https://www.psyced.org/rating/"
+
+// hack, should be using w() instead
+#define htfs(BLA) write("<body bgcolor='black' text='white'><center>"+ BLA +"</center");
+
+mapping rating = ([ ]);
+
+htget(prot, query, headers, qs, data, noprocess) {
+	htnotify(query, headers, "_rating_test",
+	    "[_nick_place] by [_web_on] from [_web_from] using '[_parameters]'.", 0, qs);
+	sTextPath(query["layout"], query["lang"], "html");
+	string j = query["juror"];
+	unless (j) {
+		hterror(prot, R_PAYMENTREQ, "Hello!? Who are you?");
+		return 1;
+	}
+	mapping previous = rating[lower_case(j)];
+	htok(prot);
+	if (query["c001"]) {
+		if (previous) {
+			htfs("Replaced old evaluation by new one. Thank you, "+j);
+		} else {
+			htfs("Evaluation stored. Thank you, "+j);
+		}
+		rating[lower_case(j)] = query;
+		log_file("RATING", "\n%O from %O using %O got %O\n",
+			ME, query_ip_name(), headers["user-agent"], query);
+		return 1;
+	}
+	w("_PAGES_start_group_rating", 0,
+	    ([ "_title_page" : htquote(RATING_TITLE),
+//	       "_parameters" : query["parameters"] || qs,
+	       "_uniform_logo" : HT_LOGO,
+	       "_nick_juror" : j || query_ip_number(),
+	       "_amount_height_item" : RATING_ITEM_HEIGHT,
+	       "_nick_place" : MYNICK ]) );
+	// printf("%O vs %O\n", query, headers);
+	for (int i=1; i <= RATING_ITEMS; i++) {
+		string ii=sprintf("%03d", i);
+		w("_HTML_item_rating", 0, ([
+		   "_index_item" : ii,
+		   "_uniform_item" : RATING_UNIFORM_PREFIX +ii,
+		   "_amount_rating_item" : previous? previous["r"+ii]: DEFAULT_RATING_AMOUNT,
+		   "_comment_item" : previous? previous["c"+ii] || "": "",
+		   "_nick_place" : MYNICK ]) );
+	}
+	w("_PAGES_end_group_rating", 0, ([
+	       "_comment_notes" : previous? previous["notes"] || "": "",
+	       "_nick_place" : MYNICK ]) );
+	return 1;
+
+}
+

place/remotor.c

@@ -1,5 +1,5 @@
 // this place is configured in a suitable way for receiving
-// syslog events from the syslog2psyc tool in perlpsyc
+// tor router events from the remotor tool in perlpsyc
 //
 #include <net.h>
 

utility/powwow.patch

@@ -16,7 +16,7 @@ but in the year 2005 this is still not the case.	-lynX
  #define ESC2		'`'	/* other special escape char */
  #define STRESC2		"`"
 -#define CMDSEP		';'	/* command separator character */
-+#define CMDSEP		'§'	/* command separator character */
++#define CMDSEP		'\\'	/* command separator character */
  #define SPECIAL_CHARS	"{}();\"=" /* specials chars needing escape */
  #define MPI		"~$#E"	/* MUME protocol introducer */
  #define MPILEN		4	/* strlen(MPI) */

world/net/http/header.i

@@ -24,18 +24,16 @@ varargs http_error(string prot, int code, string comment, string html) {
 	P2(("hterror(%O,%O,%O,%O) in %O\n", prot,code,comment,html, ME))
 #if defined(T)
 	// use the textdb if available
-	out = psyctext( T("_PAGES_error",
-			      "<html><title id='code'>[_code]</title>\n"
-		"<body><h1 id='comment'>[_comment]</h1></body></html>\n"),
+	out = psyctext( T("_PAGES_error", "<title>Error [_code]</title><body><h1 id='code'>[_code]</h1><div id='comment'>[_comment]</div>"),
 		    ([ "_comment": comment, "_code": code ]) );
 #else
 	// use some hardcoded defaults
-	out = "<body text=white bgcolor=black link=green vlink=green>\n";
+	out = "<body text='white' bgcolor='black' link='green' vlink='green'>\n";
 	if (html) out = sprintf("<title>%s</title>\n%s%s", comment, out, html);
 	else out = sprintf("\
-<title>error %d</title>\n\
+<title>Error %d</title>\n\
 %s\n\
-<table width=\"100%%\" height=\"90%%\"><tr><th><h1><br>\n\n\
+<table width=\"100%%\" height=\"90%%\"><tr><th><h1><br/>\n\n\
 %s\n\n\
 </h1></th></tr></table>\n\
 ",

world/net/http/library.i

@@ -95,12 +95,19 @@ varargs string htredirect(string prot, string target, string comment, int perman
 		printf("%s %d %s\n%s", HTTP_SVERS,
 		  permanent ? R_MOVED : R_FOUND, comment, htheaders());
 	}
+	// this page might actually be visible
+	// if content-disposition: attachment is given
+	// or redirects are otherwise intercepted by plugin
+	// so a proper _PAGES form could be appropriate
 	printf("\
 Location: %s\n%s\
 \n\
-<a href=\"%s\">%s</a>.\n\
-",
-		target, extra, target, comment);
+<title>%s</title>\n\
+<body bgcolor='black' text='white' link='red' vlink='red'>\n\
+%s\n",
+	// exposing the link to end-user may not be intended:
+	// <a href=\"%s\">%s</a>.
+		target, extra, comment, comment);
 	return 0;
 }
 

world/net/include/place.gen

@@ -18,6 +18,13 @@
 #include <status.h>
 #include <uniform.h>
 
+#ifndef DEFAULT_HT_LOGO
+# define DEFAULT_HT_LOGO "/img/psyc.gif"
+#endif
+#ifndef HT_LOGO
+# define HT_LOGO DEFAULT_HT_LOGO
+#endif
+
 #ifdef BRAIN
 
 # ifdef SLAVE
@@ -610,8 +617,9 @@ htget(prot, query, headers, qs) {
 }
 #endif
 
-#ifdef CHALLENGE_MATCH
+#ifdef CHALLENGE_QUESTION   // should make media player etc work also w/o challenge FIXME
 #include <sys/regexp.h>
+#include "ht/http.h"
 
 #define CHALOG(verb)	log_file("CHALLENGE", "%s %s %O A:%O P:%O C:%O\n", \
 		 MYNICK, verb, query_ip_name(), \
@@ -619,50 +627,118 @@ htget(prot, query, headers, qs) {
 
 // maybe this all belongs into archetype.gen.. chesmo!
 htget(prot, query, headers, qs, data, noprocess) {
-	string item = headers[item] || "/@"+ MYNICK;
-	if (stringp(headers["cookie"]) && regmatch(headers["cookie"],
-		 "challenge=complete&answer="+ md5(CHALLENGE_MATCH))) {
+	PT(("%O place.gen::htget\n", ME))
+	if (probably_private(this_interactive()) <= PRIVACY_SURVEILLED) {
+		hterror(prot, R_PAYMENTREQ, "To protect against abuse in this nasty world this function needs 'https' instead of 'http'.");
+		htnotify(query, headers, "_challenge_disabled_encryption",
+		    "[_nick_place] sees no TLS by [_web_on] from [_web_from].");
+		return 0;
+	}
+	string item = "/@"+ MYNICK;
+	if (
+# ifdef CHALLENGE_AGENT
+	    stringp(headers["user-agent"]) &&
+	       regmatch(lower_case(headers["user-agent"]), CHALLENGE_AGENT)
+# else
+#  ifdef CHALLENGE_ACCOUNTS
+#   define CHALLENGE_CHECK CHALLENGE_ACCOUNTS
+#  else
+#   ifdef CHALLENGE_MATCH
+#    define CHALLENGE_CHECK CHALLENGE_MATCH
+#   endif
+#  endif
+	    stringp(headers["cookie"]) && regmatch(headers["cookie"],
+		 "challenge=complete&answer="+ md5(CHALLENGE_CHECK))
+# endif
+	     ) {
 		CHALOG("completes");
-		htnotify(query, headers, "_accomplished_web",
+		htnotify(query, headers, "_challenge_accomplished_web",
 		    "Challenge accomplished in [_nick_place] by [_web_on] coming from [_web_from].");
 # ifdef CHALLENGE_REDIRECT
-		return htredirect(prot, CHALLENGE_REDIRECT, "There you go", 0, "Set-Cookie: psycplace=\"challenge=done\"; Path="+ item +"; Secure; Max-Age=9\n");
+		sTextPath(query["layout"], query["lang"], "html");
+#  ifdef CHALLENGE_REDIRECT_TITLE
+#   ifdef CHALLENGE_QUESTION
+		htok3(prot, 0, "Set-Cookie: psycplace=\"challenge=done\"; Path="+ item +"; Secure; Max-Age=9\n");
+#   else
+		htok();
+#   endif
+		// you can output a player iframe instead of a redirect...
+		w("_PAGES_frame_redirect", 0,
+		    ([ "_uniform_page" : CHALLENGE_REDIRECT,
+		       "_title_page" : CHALLENGE_REDIRECT_TITLE,
+		       "_nick_place" : MYNICK ]) );
+		return 1;
+#  else
+		return htredirect(prot, CHALLENGE_REDIRECT, "Download or redirect initiated", 0, "Content-Disposition: attachment\nSet-Cookie: psycplace=\"challenge=done\"; Path="+ item +"; Secure; Max-Age=9\n");
+#  endif
 # else
 #  ifdef HTGET
-		// you may want to output a player iframe instead of a redirect...
 		return HTGET;
 #  else
 		return ::htget(prot, query, headers, qs, data, noprocess);
 #  endif
 # endif
 	}
-	if (stringp(query["answer"]) && headers["cookie"] &&
-	    regmatch(headers["cookie"], "challenge=given") &&
-	    regmatch(lower_case(query["answer"]), CHALLENGE_MATCH)) {
-		// lazy me could have used referer here ;)
-		string nu = stringp(query["parameters"]) &&
-			     strlen(query["parameters"]) ?
-			 item +"?"+ query["parameters"] : item;
-		CHALOG("reloads");
-		htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer="+ md5(CHALLENGE_MATCH) +"\"; Path="+ item +"; Secure; Max-Age=99\n");
-		return 1;
+# if defined(CHALLENGE_MATCH) || defined(CHALLENGE_ACCOUNTS)
+	if (stringp(query["answer"])) {
+		unless (headers["cookie"]) {
+			CHALOG("disabled");
+			hterror(prot, R_PAYMENTREQ, "To protect against abuse in this nasty world this function needs just temporarily enabled cookies. There are no de-anonymizing purposes involved. Or did you just lowercase my name in the URL?");
+			htnotify(query, headers, "_challenge_disabled_web",
+			    "[_nick_place] sees no cookies by [_web_on] from [_web_from].");
+			return 1;
+		}
+		string acct;
+		if (regmatch(headers["cookie"], "challenge=given")) {
+			if (query["answer"] && 
+#  ifdef CHALLENGE_ACCOUNTS
+			    (acct = CHALLENGE_ACCOUNTS->consult(query["answer"]))
+#  else
+			    regmatch(lower_case(query["answer"]), CHALLENGE_MATCH)
+#  endif
+			) {
+				// lazy me could have used referer here ;)
+				string nu = stringp(query["parameters"]) &&
+					     strlen(query["parameters"]) &&
+					     query["parameters"] != "0" ?
+					 item +"?"+ query["parameters"] : item;
+				CHALOG(acct? ("authenticates as "+ acct): "reloads");
+				htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer="+ md5(CHALLENGE_CHECK) +"\"; Path="+ item +"; Secure; Max-Age=99\n");
+				if (acct) htnotify(query, headers, "_challenge_authenticated_web",
+		    "[_web_on] authenticated for [_nick_place] coming from [_web_from].", acct);
+				return 1;
+			} else {
+				CHALOG("fails");
+				htnotify(query, headers, "_challenge_failed_web",
+				    "[_nick_place] sees [_web_on] from [_web_from] fail the challenge.");
+			}
+		}
+	} else
+# endif
+       	{
+		CHALOG("challenges");
+		htnotify(query, headers, "_challenge_presented_web",
+		    "[_nick_place] challenges [_web_on] coming from [_web_from].");
+		    //	(query [_web_query], cookie [_web_cookie]).");
 	}
+	// If you have trouble reloading the HTML template
+	// look out for both 'ht' and 'html' textdbs!
 	sTextPath(query["layout"], query["lang"], "html");
 	// using a non-psyced cookie here so that you can't construct a 
 	// url that allows other people to bypass the challenge.
-	// could add a timeout here...
 	htok3(prot, 0, "Set-Cookie: psycplace=\"challenge=given\"; Path="+ item +"; Secure; Max-Age=999\n");
-	CHALOG("challenges");
+# ifndef CHALLENGE_REDIRECT_TITLE
+#  define CHALLENGE_REDIRECT_TITLE "Challenge for "+ MYNICK
+# endif
 	w("_PAGES_group_challenge", 0,
 	    ([ "_challenge" : htquote(CHALLENGE_QUESTION),
 		    // if the user failed the challenge,
 		    // we maintain the original qs for next attempt:
 	       "_parameters" : query["parameters"] || qs,
+	       "_uniform_logo" : HT_LOGO,
+	       "_title_page" : CHALLENGE_REDIRECT_TITLE,
 	       "_nick_place" : MYNICK ]) );
 	// printf("%O vs %O\n", query, headers);
-	htnotify(query, headers, "_challenged_web",
-	    "[_nick_place] challenges [_web_on] coming from [_web_from].");
-	    //	(query [_web_query], cookie [_web_cookie]).");
 	return 1;
 }
 #endif

world/net/jabber/server.c

@@ -191,7 +191,7 @@ jabberMsg(XMLNode node) {
 		    // super dirty.. this should all be in textdb
 		    packet = sprintf("<iq type='result' id='%s'>"
 				     "<query xmlns='jabber:iq:register'/>"
-	 "<error code='501>Registration by XMPP not permitted.</error></iq>",
+	 "<error code='501'>Registration by XMPP not permitted.</error></iq>",
 				     id);
 #else
 		    packet = sprintf("<iq type='result' id='%s'>"
@@ -235,7 +235,10 @@ jabberMsg(XMLNode node) {
 			// QUIT
 		    } else {
 #if defined(_flag_disable_unauthenticated_users_XMPP) || defined(_flag_disable_registration_XMPP)
-			// TODO: generate some error as above
+			emit(sprintf("<iq type='result' id='%s'>"
+				     "<query xmlns='jabber:iq:register'/>"
+	 "<error code='501'>Registration by XMPP not permitted.</error></iq>",
+				     id));
 #else
 			user -> vSet("password", t[Cdata]);
 			if (t = helper["/email"]) {

world/net/place/archetype.gen

@@ -474,7 +474,7 @@ _request_set_topic(source, mc, data, vars, b) {
 
 #if HAS_PORT(HTTP_PORT, HTTP_PATH) || HAS_PORT(HTTPS_PORT, HTTP_PATH)
 // for GDPR compliance server owners are expected not to log these messages
-htnotify(query, headers, mc, fmt) {
+htnotify(query, headers, mc, fmt, acct, qs) {
 	if (query["from"] == "") query["from"] = 0;
 	if (query["location"] == "") query["location"] = 0;
 
@@ -484,12 +484,14 @@ htnotify(query, headers, mc, fmt) {
 	([	"_web_referrer" : query["from"] || "bookmark",
 		"_web_page" : query["location"] || headers["referer"] || "",
 		"_web_browser" : headers["user-agent"] || "",
-		"_web_on" : query["location"] || headers["referer"] ||
+		"_web_on" : acct || query["location"] || headers["referer"] ||
 			    headers["user-agent"] || "",
 		"_web_from" : query["from"] ||
 			    query_ip_name(this_interactive()) ||
 			    headers["user-agent"] || "http",
 		"_host_name" : query_ip_name(this_interactive()) || "",
+		// so far used by 'rating' only
+		"_parameters" : query["parameters"] || qs,
 		"_nick_place" : MYNICK || "This place",
 	    ]) );
 }

world/net/usercmd.i

@@ -842,7 +842,7 @@ cmd(a, args, dest, command) {
         case "f":
 	case "follow":
 		if (v("invitationplace")) {
-			teleport(v("invitationplace"), "_follow");
+			teleport(v("invitationplace"), "_follow", 0, STAY);
 			vDel("invitationplace");
 			return;
 		}