#!/usr/bin/env ruby # coding: utf-8 ############################################################################ # Copyright 2009-2019 Benjamin Kellermann # # # # This file is part of Dudle. # # # # Dudle is free software: you can redistribute it and/or modify it under # # the terms of the GNU Affero General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # # # # Dudle is distributed in the hope that it will be useful, but WITHOUT ANY # # WARRANTY; without even the implied warranty of MERCHANTABILITY or # # FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public # # License for more details. # # # # You should have received a copy of the GNU Affero General Public License # # along with dudle. If not, see . # ############################################################################ if __FILE__ == $0 load "../dudle.rb" require "digest" $d = Dudle.new acusers = {} File.open(".htdigest","r").each_line{|l| user,realm = l.scan(/^(.*):(.*):.*$/).flatten acusers[user] = realm } def write_htaccess(acusers) File.open(".htaccess","w"){|htaccess| if acusers.include?("admin") htaccess << < AuthType digest AuthName "dudle-#{$d.urlsuffix.gsub('"', '\\\\"')}" AuthUserFile "#{File.expand_path(".").gsub('"','\\\\"')}/.htdigest" Require user admin ErrorDocument 401 #{$cgi.script_name.gsub(/[^\/]*\/[^\/]*$/,"")}authorization_required.cgi?user=admin&poll=#{CGI.escape($d.urlsuffix)} HTACCESS end if acusers.include?("participant") htaccess << < FORM passwdstr = _("Password") repeatstr = _("repeat") 2.times{|i| ret += < " } ret += <
#{usernamestr} #{userarray[0]}
PASS if acusers.include?(userarray[0]) ret += PASSWORDSTAR*14 else ret += "" end ret += "
#{acusers.include?(userarray[0]) ? "" : hint}
FORM if acusers.include?(userarray[0]) if userarray[0] == "admin" && acusers.include?("participant") ret += "
" + _("You have to remove the participant user before you can remove the administrator.") + "
" else ret += "" ret += "" end else ret += "" ret += "" end ret += <
FORM ret end if $cgi.include?("ac_user") user = $cgi["ac_user"] if !(user =~ /^[\w]*$/) # add user usercreatenotice = "
" + _("Only letters and digits are allowed in the username.") + "
" elsif $cgi["ac_password0"] != $cgi["ac_password1"] usercreatenotice = "
" + _("Passwords did not match.") + "
" else if $cgi.include?("ac_create") add_to_htdigest(user,$cgi["ac_password0"]) acusers[user] = true write_htaccess(acusers) end # delete user deleteuser = "" acusers.each{|user,action| if $cgi.include?("ac_delete_#{user}") deleteuser = user end } acusers.delete(deleteuser) htdigest = [] File.open(".htdigest","r"){|file| htdigest = file.readlines } File.open(".htdigest","w"){|f| htdigest.each{|line| f << line unless line =~ /^#{deleteuser}:/ } } File.chmod(0600, ".htdigest") write_htaccess(acusers) end end $d.wizzard_redirect if $d.html.header["status"] != "REDIRECT" $d.html << "

" + _("Change access control settings") + "

" if acusers.empty? && $cgi["ac_activate"] != "Activate" acstatus = ["red",_("not activated")] acswitchbutton = "" acswitchbutton += "" else if acusers.empty? acstatus = ["blue",_("controls will be activated when at least the admin user is configured")] acswitchbutton = "" acswitchbutton += "" else acstatus = ["green", _("activated")] acswitchbutton = "
" + _("You have to remove all users before you can deactivate the access control settings.") + "
" end admincreatenotice = usercreatenotice || _("You will be asked for the password you have entered here after you press save!") user = ["admin", _("The user ‘admin’ has access to both the vote and the configuration interface.")] createform = createform(user,admincreatenotice,acusers) if acusers.include?("admin") participantcreatenotice = usercreatenotice || "" user = ["participant", _("The user ‘participant’ only has access to the vote interface.")] createform += createform(user,participantcreatenotice,acusers) end end acstr = _("Access control:") $d.html << <
#{acstr} #{acstatus[1]}
#{acswitchbutton}
#{createform} AC end $d.out end