From d8d8f072b39e227d5da713d77e1eeeb14c0afda4 Mon Sep 17 00:00:00 2001
From: Stefan Ritt <stefan.ritt@psi.ch>
Date: Wed, 23 Jun 2004 07:34:04 +0000
Subject: [PATCH] Redirect login screen if URL does not match the one in the
 config file

SVN revision: 919
---
 src/elogd.c | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/src/elogd.c b/src/elogd.c
index 08139a8a..fdb95211 100755
--- a/src/elogd.c
+++ b/src/elogd.c
@@ -6,6 +6,9 @@
    Contents:     Web server program for Electronic Logbook ELOG
   
    $Log$
+   Revision 1.354  2004/06/23 07:34:04  midas
+   Redirect login screen if URL does not match the one in the config file
+
    Revision 1.353  2004/06/21 19:11:35  midas
    Implemented retrieve_elog_from
 
@@ -4664,6 +4667,23 @@ void extract_path(char *str)
 
 /*------------------------------------------------------------------*/
 
+void extract_host(char *str)
+{
+   char *p, str2[256];
+
+   if (strstr(str, "http://")) {
+      p = str + 7;
+      while (*p && *p != '/' && *p != ':')
+         p++;
+      *p = 0;
+
+      strcpy(str2, str+7);
+      strcpy(str, str2);
+   }
+}
+
+/*------------------------------------------------------------------*/
+
 void set_location(LOGBOOK * lbs, char *rel_path)
 {
    char str[NAME_LENGTH];
@@ -15756,7 +15776,8 @@ BOOL is_admin_user(char *logbook, char *user)
 
 BOOL check_user_password(LOGBOOK * lbs, char *user, char *password, char *redir)
 {
-   char status, str[1000], upwd[256], full_name[256], email[256];
+   char str[1000], str2[256], upwd[256], full_name[256], email[256];
+   int  status;
 
    if (lbs == NULL)
       status = get_user_line("global", user, upwd, full_name, email, NULL);
@@ -15818,6 +15839,20 @@ BOOL check_user_password(LOGBOOK * lbs, char *user, char *password, char *redir)
          return FALSE;
       }
 
+      /* if URL is specified in configuration file, check if login happens for
+         the specified host, in order to get cookies right... */
+
+      if (getcfg(lbs->name, "URL", str)) {
+         extract_host(str);
+         strcpy(str2, http_host);
+         if (strchr(str2, ':'))
+            *strchr(str2, ':') = 0;
+         if (!strieq(str, str2)) {
+            redirect(lbs, "");
+            return FALSE;
+         }
+      }
+
       /* show login password page */
       sprintf(str, "ELOG %s", loc("Login"));
       show_html_header(lbs, TRUE, str, TRUE);