X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Ffastcgi.c;h=fe461b8a7d3b5dba3c24f1c0256f0039d623f716;hb=83a3a266ff3cfecea7a6275924f3bdd15dfe6436;hp=57c5b1b4cf65865842d7fd985f5bda85bf0b7c78;hpb=6a5de8e3b2870ca950f2116aeb9561ad7d707427;p=matches%2FMCTX3420.git

diff --git a/server/fastcgi.c b/server/fastcgi.c
index 57c5b1b..fe461b8 100644
--- a/server/fastcgi.c
+++ b/server/fastcgi.c
@@ -33,7 +33,7 @@
  */ 
 static void IdentifyHandler(FCGIContext *context, char *params) {
 	bool ident_sensors = false, ident_actuators = false;
-
+	bool has_control = FCGI_HasControl(context, getenv("COOKIE_STRING"));
 	int i;
 
 	FCGIValue values[2] = {{"sensors", &ident_sensors, FCGI_BOOL_T},
@@ -45,29 +45,29 @@ static void IdentifyHandler(FCGIContext *context, char *params) {
 	FCGI_JSONPair("description", "MCTX3420 Server API (2013)");
 	FCGI_JSONPair("build_date", __DATE__ " " __TIME__);
 	FCGI_JSONLong("api_version", API_VERSION);
-	FCGI_JSONBool("logged_in", FCGI_HasControl(context, getenv("COOKIE_STRING")));
-	FCGI_JSONPair("friendly_name", "");
+	FCGI_JSONBool("logged_in", has_control);
+	FCGI_JSONPair("friendly_name", has_control ? context->friendly_name : "");
 
 	//Sensor and actuator information
 	if (ident_sensors) {
 		FCGI_JSONKey("sensors");
 		FCGI_JSONValue("{\n\t\t");
-		for (i = 0; i < NUMSENSORS; i++) {
+		for (i = 0; i < g_num_sensors; i++) {
 			if (i > 0) {
 				FCGI_JSONValue(",\n\t\t");
 			}
-			FCGI_JSONValue("\"%d\" : \"%s\"", i, g_sensor_names[i]); 
+			FCGI_JSONValue("\"%d\" : \"%s\"", i, Sensor_GetName(i)); 
 		}
 		FCGI_JSONValue("\n\t}");
 	}
 	if (ident_actuators) {
 		FCGI_JSONKey("actuators");
 		FCGI_JSONValue("{\n\t\t");
-		for (i = 0; i < NUMACTUATORS; i++) {
+		for (i = 0; i < g_num_actuators; i++) {
 			if (i > 0) {
 				FCGI_JSONValue(",\n\t\t");
 			}
-			FCGI_JSONValue("\"%d\" : \"%s\"", i, g_actuator_names[i]); 
+			FCGI_JSONValue("\"%d\" : \"%s\"", i, Actuator_GetName(i)); 
 		}
 		FCGI_JSONValue("\n\t}");
 	}
@@ -384,7 +384,7 @@ void FCGI_RejectJSONEx(FCGIContext *context, StatusCodes status, const char *des
 	FCGI_BeginJSON(context, status);
 	FCGI_JSONPair("description", description);
 	FCGI_JSONLong("responsenumber", context->response_number);
-	//FCGI_JSONPair("params", getenv("QUERY_STRING"));
+	//FCGI_JSONPair("params", getenv("QUERY_STRING")); //A bad idea if contains password but also if contains unescaped stuff
 	FCGI_JSONPair("host", getenv("SERVER_HOSTNAME"));
 	FCGI_JSONPair("user", getenv("REMOTE_USER"));
 	FCGI_JSONPair("ip", getenv("REMOTE_ADDR"));
@@ -480,9 +480,6 @@ void * FCGI_RequestLoop (void *data)
 		if (lastchar > 0 && module[lastchar] == '/')
 			module[lastchar] = 0;
 
-		//Escape all special characters
-		FCGI_EscapeText(params);
-
 		//Default to the 'identify' module if none specified
 		if (!*module) 
 			strcpy(module, "identify");
@@ -510,18 +507,24 @@ void * FCGI_RequestLoop (void *data)
 		
 		if (module_handler) 
 		{
-			if (module_handler != Login_Handler && module_handler != IdentifyHandler)
+			//if (module_handler != Login_Handler && module_handler != IdentifyHandler)
+			if (false) // Testing
 			{
 				if (cookie[0] == '\0')
 				{
-					FCGI_RejectJSON(&context, "Please login.");
+					FCGI_RejectJSONEx(&context, STATUS_UNAUTHORIZED, "Please login.");
 					continue;
 				}
+
 				if (!FCGI_HasControl(&context, cookie))
 				{
 					FCGI_RejectJSON(&context, "Invalid control key.");
 					continue;	
 				}
+
+				//Escape all special characters.
+				//Don't escape for login (password may have special chars?)
+				FCGI_EscapeText(params);
 			}
 
 			module_handler(&context, params);