@@ -1,5 +1,6 @@

 src/*.o

 src/kakumei

+src/kakumei-invite

 src/*~

 res/gen_res.c

 res/gen_res.h

@@ -2,7 +2,7 @@ WEBKERNEL=../../webkernel/src

 CC=gcc

 CFLAGS=-g -Wall -I$(WEBKERNEL) -I../res

 LDFLAGS=

-LDFLAGS_KAKUMEI=$(LDFLAGS) -lscrypt -lm

+LDFLAGS_KAKUMEI=$(LDFLAGS) -lscrypt -lm -lmhash

 all: kakumei kakumei-invite

@@ -89,8 +89,6 @@ kakumei_userexists(kakumei *ka, char *username)

         return(0);

 }

-

-

 wk_action

 callback_http(wk *web, int connid, wk_uri *uri, void *userptr)

 {

@@ -136,6 +134,8 @@ sigint(int signum)

         sigint_flag=1;

 }

+/* implement the "XmlHttpRequest"s (the reply is the new page to load) */

+

 wk_action

 http_login(wk *web, int connid, wk_uri *uri, void *userptr)

 {

@@ -21,6 +21,8 @@

 #define USERSDIR "data/users"

 #define POSTSDIR "data/posts"

 #define SESSIONSDIR "data/sessions"

+#define MAXUSERSIZE 32

+#define SESSIONSIZE 65

 typedef struct kakumei {

         sselect *ssel;

@@ -9,24 +9,128 @@

 #include <sys/stat.h>

 #include <sys/types.h>

+#include <sys/time.h>

+#include <fcntl.h>

+#include <time.h>

+#include <mhash.h>

 #include "kakumei.h"

 #include "kakumei_session.h"

 char *

 session_new(kakumei *ka, char *user, char *session, int sessionsize)

 {

+        static int init=0;

+        MHASH td;

+        struct timeval tv;

+        struct timezone tz;

+        int i;

+        long n;

+        char c;

+        char binhash[32];

+        char filename[1024];

+        int len;

+        int fd;

+        char oldsession[SESSIONSIZE];

+        if(ka==NULL || user==NULL || session==NULL || sessionsize<SESSIONSIZE || kakumei_uservalid(ka,user)!=0)

+                return(NULL);

+        if(init==0) {

+                gettimeofday(&tv,&tz);

+                srandom(tv.tv_sec+getpid()+tv.tv_usec);

+                init=1;

+        }

+        /* generate a not-entirely-trivial-to-guess hash */

+        if((td=mhash_init(MHASH_SHA256))==MHASH_FAILED)

+                return(NULL);

+        gettimeofday(&tv,&tz);

+        mhash(td,&tv,sizeof(tv));

+        mhash(td,user,strlen(user));

+        for(i=0;i<20;i++) {

+                n=random();

+                mhash(td,&n,sizeof(n));

+        }

+        mhash_deinit(td,&binhash);

+        for(i=0;i<sizeof(binhash);i++) {

+                c=(((unsigned char *)binhash)[i]>>4);

+                c=(c>=10)?(c-10+'a'):c;

+                session[i<<1]=c;

+                c=(((unsigned char *)binhash)[i]&0xf);

+                c=(c>=10)?(c-10+'a'):c;

+                session[(i<<1)+1]=c;

+        }

+        session[sizeof(binhash)]='\0';

+        /* save the hash */

         mkdir(DATADIR,0700);

         mkdir(SESSIONSDIR,0700);

-

+        snprintf(filename,sizeof(filename)-1,"%s/%s",SESSIONSDIR,session);

+        filename[sizeof(filename)-1]='\0';

+        if((fd=open(filename,O_WRONLY|O_TRUNC|O_CREAT,0600))==-1)

+                return(NULL);

+        len=strlen(user);

+        if(write(fd,user,len)!=len) {

+                close(fd),fd=-1;

+                return(NULL);

+        }

+        close(fd),fd=-1;

+        /* delete the previous session of the user */

+        snprintf(filename,sizeof(filename)-1,"%s/%s/session",USERSDIR,user);

+        filename[sizeof(filename)-1]='\0';

+        if((fd=open(filename,O_RDONLY))!=-1) {

+                memset(oldsession,0,sizeof(oldsession));

+                read(fd,oldsession,sizeof(oldsession)-1);

+                close(fd),fd=-1;

+                session_del(ka,oldsession);

+        }

+        /* write the current session */

+        if((fd=open(filename,O_WRONLY|O_TRUNC|O_CREAT,0600))!=-1) {

+                write(fd,session,strlen(session));

+                close(fd),fd=-1;

+        }

+        /* success */

+        return(session);

 }

-int

-session_check(kakumei *ka, char *session)

+char *

+session_check(kakumei *ka, char *session, char *user, int usersize)

 {

+        int i;

+        int fd;

+        char filename[1024];

+        if(ka==NULL || session==NULL || session[0]=='\0' || user==NULL || usersize<(MAXUSERSIZE+1))

+                return(NULL);

+        for(i=0;session[i]!='\0';i++) {

+                if(!(session[i]>='0' && session[i]<='0') &&

+                   !(session[i]>='a' && session[i]<='f')) {

+                        return(NULL);

+                }

+        }

+        snprintf(filename,sizeof(filename)-1,"%s/%s",SESSIONSDIR,session);

+        filename[sizeof(filename)-1]='\0';

+        if((fd=open(filename,O_RDONLY))==-1)

+                return(NULL);

+        memset(user,0,sizeof(usersize));

+        read(fd,user,usersize-1);

+        close(fd),fd=-1;

+        if(kakumei_uservalid(ka,user)!=0)

+                return(NULL);

+        return(user);

 }

 int

 session_del(kakumei *ka, char *session)

 {

+        int i;

+        char filename[1024];

+        if(ka==NULL || session==NULL || session[0]=='\0')

+                return(-1);

+        for(i=0;session[i]!='\0';i++) {

+                if(!(session[i]>='0' && session[i]<='0') &&

+                   !(session[i]>='a' && session[i]<='f')) {

+                        return(-1);

+                }

+        }

+        snprintf(filename,sizeof(filename)-1,"%s/%s",SESSIONSDIR,session);

+        filename[sizeof(filename)-1]='\0';

+        unlink(filename);

+        return(0);

 }

@@ -12,6 +12,6 @@

 #include "kakumei.h"

 char *session_new(kakumei *ka, char *user, char *session, int sessionsize);

-int session_check(kakumei *ka, char *session);

+char *session_check(kakumei *ka, char *session, char *user, int usersize);

 int session_del(kakumei *ka, char *session);