From: Jeremy Tan Date: Sun, 13 Oct 2013 15:29:21 +0000 (+0800) Subject: Fix id bounds check for actuator + update graph code X-Git-Url: https://git.ucc.asn.au/?a=commitdiff_plain;h=6f3aae14ebd9074c87fea90bddb8fb423108683b;p=matches%2FMCTX3420.git Fix id bounds check for actuator + update graph code I dunno, graph code seems to work... too tired to continue. --- diff --git a/server/actuator.c b/server/actuator.c index 3e26e37..ab48d19 100644 --- a/server/actuator.c +++ b/server/actuator.c @@ -336,7 +336,7 @@ void Actuator_Handler(FCGIContext * context, char * params) FCGI_RejectJSON(context, "No id or name supplied"); return; } - else if (id < 0 || id >= ACTUATORS_MAX) + else if (id < 0 || id >= g_num_actuators) { FCGI_RejectJSON(context, "Invalid Actuator id"); return; @@ -364,7 +364,7 @@ void Actuator_Handler(FCGIContext * context, char * params) // If the user doesn't provide all 4 values, the Actuator will get set *once* using the first of the provided values // (see Actuator_Loop) // Not really a problem if n = 1, but maybe generate a warning for 2 <= n < 4 ? - Log(LOGDEBUG, "Only provided %d values (expect %d) for Actuator setting", n); + Log(LOGDEBUG, "Only provided %d values (expect %d) for Actuator setting", n, 4); } // SANITY CHECKS if (c.stepwait < 0 || c.steps < 0 || (a->sanity != NULL && !a->sanity(a->user_id, c.start))) @@ -373,7 +373,6 @@ void Actuator_Handler(FCGIContext * context, char * params) return; } Actuator_SetControl(a, &c); - } // Begin response diff --git a/server/control.c b/server/control.c index 0242a3b..d9a7dc6 100644 --- a/server/control.c +++ b/server/control.c @@ -38,18 +38,17 @@ void Control_Handler(FCGIContext *context, char *params) { ControlModes desired_mode; - // Login/auth now handled entirely in fastcgi.c and login.c //TODO: Need to not have the ability for any user to stop someone else' experiment... // (achieve by storing the username of the person running the current experiment, even when they log out?) // (Our program should only realisitically support a single experiment at a time, so that should be sufficient) - FCGIValue values[4] = { + FCGIValue values[3] = { {"action", &action, FCGI_REQUIRED(FCGI_STRING_T)}, {"force", &force, FCGI_BOOL_T}, {"name", &name, FCGI_STRING_T} }; - if (!FCGI_ParseRequest(context, params, values, 4)) + if (!FCGI_ParseRequest(context, params, values, 3)) return; if (!strcmp(action, "emergency")) { diff --git a/server/fastcgi.c b/server/fastcgi.c index fe461b8..cdaef79 100644 --- a/server/fastcgi.c +++ b/server/fastcgi.c @@ -510,15 +510,9 @@ void * FCGI_RequestLoop (void *data) //if (module_handler != Login_Handler && module_handler != IdentifyHandler) if (false) // Testing { - if (cookie[0] == '\0') - { - FCGI_RejectJSONEx(&context, STATUS_UNAUTHORIZED, "Please login."); - continue; - } - if (!FCGI_HasControl(&context, cookie)) { - FCGI_RejectJSON(&context, "Invalid control key."); + FCGI_RejectJSON(&context, "Please login. Invalid control key."); continue; } @@ -533,9 +527,6 @@ void * FCGI_RequestLoop (void *data) { FCGI_RejectJSON(&context, "Unhandled module"); } - - - } Log(LOGDEBUG, "Thread exiting."); diff --git a/server/fastcgi.h b/server/fastcgi.h index 269bb94..dd89594 100644 --- a/server/fastcgi.h +++ b/server/fastcgi.h @@ -46,6 +46,8 @@ typedef struct time_t control_timestamp; /**A SHA-1 hash that is the control key, determining who is logged in**/ char control_key[41]; + /**Determines if the user is an admin or not**/ + bool is_admin; /**The IPv4 address of the logged-in user**/ char control_ip[16]; /**A friendly name for the logged-in user. Max length 30**/ diff --git a/testing/MCTXWeb/public_html/control.html b/testing/MCTXWeb/public_html/control.html index d31801d..f762019 100644 --- a/testing/MCTXWeb/public_html/control.html +++ b/testing/MCTXWeb/public_html/control.html @@ -86,6 +86,7 @@