SREFILTER ERROR

/* */ usercfg: CHECKIT=0 /* Change this to 0 if you want to enable REMOTE configuration by SUPERUSERS */ USECOLOR='2dd52f' /* ---------------- DO NOT MODIFY BELOW THIS LINE ------------------ */ parse arg ddir,tempfile,sel,list,verb,uri,user,basedir,workdir,privset,enmadd,transaction,verbose if verb="" then do say " This SRE-Filter add-on is NOT meant to be run from the command line." say " It can be invoked by using CONFIGUR.HTM " exit end /* Do */ list=translate(list, ' ', '+'||'090a0d'x) /* Whitespace, etc. */ who2=extract('CLIENTADDR') saddr2=extract('SERVERADDR') select when checkit=1 then do /* only if user = serveraddress !!! */ if who2<>saddr2 then do call lineout tempfile, '' call lineout tempfile, "SREFILTER ERROR " call lineout tempfile, ' ' call lineout tempfile,' Action not allowed remotely.
'
        call lineout tempfile,'   '
        call lineout tempfile
        'FILE ERASE TYPE text/html NAME' tempfile
        return 'USERCFG: action not allowed remotely. '
     end
   end
   otherwise do
      if wordpos('SUPERUSER',privset)=0 then do
       'RESPONSE HTTP/1.0 401 Unauthorized '     /* Set HTTP response line */
       'header add WWW-Authenticate: Basic Realm='  /* challenge */
        call lineout tempfile, ''
        call lineout tempfile, "Not authorized "
        call lineout tempfile, ' '

        call lineout tempfile,'  You do not have configuration rights. '
        if who2=saddr2 then 
                call lineout tempfile,'
  You may want to edit USERCFG.CMD  '
        call lineout tempfile,'   '
        call lineout tempfile
         iia=dosdir(tempfile,'s')
        'FILE ERASE TYPE text/html NAME' tempfile
        return '401 'iia' USERCFG: not permitted to configure. '
      end
   end
end



list=strip(list)
select 
   when upper(list)='TODO=SHOW' | upper(list)='TODO=SHOW_HEADER' then
        signal doshow
   when upper(list)='TODO=SET' then
        signal doset
   otherwise
        signal dochange
end  /* select */

/* jump here to show values */
doshow:
userfile=value(enmadd||'USER_FILE',,'os2environment')
aa=fileread(userfile,'lins',,'E')


   call lineout tempfile, ''
   call lineout tempfile, "SRE-Filter: view users "
    call lineout tempfile, ' '
   


call lineout tempfile, " SRE-Filter: view users        
 "
call lineout tempfile, "
 List of "header" comments 
  "

/* show "header comments" */
iat=0
do until iat >= lins.0
   iat=iat+1
   if  abbrev(strip(lins.iat),';')  then do
        foo=strip(lins.iat) ;foo=strip(foo,'l',';')
         call lineout tempfile, foo 
   end  /* Do */
   else do
        leave
   end
end /* do -- iat is the first non header comment line  */
call lineout tempfile, ' '

/* view descriptive header only? */
if upper(list)='TODO=SHOW_HEADER' then do
   call lineout tempfile,'  '
   call lineout tempfile
   'file erase  type text/html name  ' tempfile
   return ' done '
end  /* Do */



/* read in usernames, etc */
nusers=0
call lineout tempfile, ' 
  List of users   '

call lineout tempfile,'Notes:   Usernames/passwords are stored in: 'userfile
call lineout tempfile,' 
 Comments are in italics  '
call lineout tempfile,' 
  A *  in the username or password signifies that any entry is a match '
call lineout tempfile, ' 
 Entries with no host nickname apply to all requests
 
'

call lineout tempfile,' '
call lineout tempfile,' '
call lineout tempfile,'  '
call lineout tempfile,'  '

do mm=iat to lins.0
  if lins.mm=' ' then iterate
  if  abbrev(strip(lins.mm),';') | lins.mm=' ' then do  
       call lineout tempfile,' '
 
  end
  else do
      if pos('//',lins.mm)>0 then
           parse var lins.mm hostname '//' username password privs
      else do
           hostname=' .. '
           parse var lins.mm username password privs
      end  /* Do */
      privs=strip(privs)
      call lineout tempfile,''
      call lineout tempfile,''
      call lineout tempfile,''
      call lineout tempfile,''
  end /* do */

end
call lineout tempfile,'   Host Nickname  Username   Password  Privileges list  
        ' strip(strip(lins.mm),'l',';') '  
  'hostname '   'username '   ' password '   ' privs  '  
'




call lineout tempfile,'  Thanks for checking '
call lineout tempfile

foo=sref_expire_response(0.05,dosdir(tempfile))

'file erase  type text/html name  ' tempfile
return ' done '

/* jump here if "set values" chosen */
doset:
userfile=value(enmadd||'USER_FILE',,'os2environment')
aa=fileread(userfile,'lins',,'E')

call lineout tempfile, ''
call lineout tempfile, "SRE-Filter: modify  users list "
call lineout tempfile, ' '

/* ignore header stuff */
iat=0
do until iat >= lins.0
   iat=iat+1
   if  abbrev(strip(lins.iat),';') | lins.iat=' ' then iterate
   leave
end /* do -- iat is the first non header comment line  */
call lineout tempfile, " SRE-Filter: modify users list  
 "
call lineout tempfile,' 
 You can modify, remove, or add usernames, passwords, and privileges.'
call lineout tempfile,' 
 Questions? The notes might help.   '
call lineout tempfile,'  Modify or remove current users '
call lineout tempfile,''
call lineout tempfile,' '
call lineout tempfile,' '
call lineout tempfile,'  '
call lineout tempfile,'  '
call lineout tempfile,'  '

nhidden=0 ; mm=0
do mm0=iat to lins.0
    alin=translate(lins.mm0,' ','1a000d0a'x)
    mm=mm+1
    if  abbrev(strip(alin),';')=1 | alin=' ' then do
        nhidden=nhidden+1
        hiddens.nhidden=''
        iterate
    end

/* non comment */
    if pos('// ',alin)>0 then
             parse var alin hostname '//' username password privs
        else do
             hostname='  '
             parse var alin username password privs
     end  /* Do */
     call lineout tempfile,' '
     call lineout tempfile,' '
     call lineout tempfile,' '

     privs=strip(privs)
     joe=wordpos('SUPERUSER',upper(privs))
     issuper=0
     if joe>0 then   do
            issuper=1 ;   privs=delword(privs,joe,1)
     end
     inhouse=0
     joe=wordpos('INHOUSE',upper(privs))
     if joe>0 then  do
            inhouse=1 ;   privs=delword(privs,joe,1)
     end
     call lineout tempfile,'    '
     end
     else
         call lineout tempfile,' >  INHOUSE? '
 
     if privs='' then privs=' '
     call lineout tempfile,'  '
     if mm0' ; call lineout tempfile,' '
     end
end
call lineout tempfilem,' '

/* --- allow user to enter a few new names */
call lineout tempfile,'   Host Nickname 
 (see below  for a 
listing of current hosts)  Username  
 (set to blank to  
 delete the entry)  Password  Superuser and 
  INHOUSE privileges  Space delimited list  of 
 other privileges  
 Host nickname: 
   Username: 
   Password: 
    SUPERUSER? 
 '
     end
     else
         call lineout tempfile,' >  SUPERUSER? 
 '
     call lineout tempfile,'  INHOUSE ?  Other privileges: 
  
   
 Add new users  '
mm0=mm
do mm=mm0+1 to mm0+3
     call lineout tempfile,' '
     call lineout tempfile,' '
     call lineout tempfile,' '
     call lineout tempfile,'   '
     call lineout tempfile,''
     if mm '
end

call lineout tempfile,' Host nickname: 
   Username: 
   Password: 
    SUPERUSER? 
 '
     call lineout tempfile,'        INHOUSE?  Other privileges: 
  
 '


/* ----- add comments information */

do jj=1 to nhidden
   call lineout tempfile,hiddens.jj
end /* do */
call lineout tempfile,' '
call lineout tempfile,'    '


call lineout tempfile,' 
  Notes 
   Usernames/passwords are stored in: 'userfile
call lineout tempfile,' 
 To add more then 3 new names, just rerun this several times 
 or edit ' userfile 
call lineout tempfile,' 
 Do you want to view a  more complete description of '
call lineout tempfile,'  User information?'
call lineout tempfile,' 
 Comments are NOT displayed   
 Case is ignored '
call lineout tempfile,' 
 Use a *  in the username or password to signify that any entry is a match '
call lineout tempfile, ' 
 Entries with no host nickname will apply to all requests
 
'

call lineout tempfile,'  A list of the current hosts 
   '

ii=value(enmadd||'HOSTS.0',,'os2environment')
if ii>0 then do
call lineout tempfile,'  '
do ll=1 to ii
   wow=value(enmadd||'HOSTS.'||ll,,'os2environment')
   parse var wow ip ',' hn ',' hdir
   call lineout tempfile,'  '
end /* do */
call lineout tempfile,'   IP address   Host Nickname   Data Directory  
 ' ip  '   ' hn '   ' hdir '  
  '
end
else do
  call lineout tempfile,' No HOSTS have been defined   '
end

call lineout tempfile,'  Return to the top of this form.'

call lineout tempfile,''
call lineout tempfile

foo=sref_expire_response(0.05,dosdir(tempfile))

'file erase  type text/html name  ' tempfile
return ' done '


/* ********************** jump here to recrod changes */
dochange:

parse upper var list foo 'ENTRIES=' nentries '&' .
do ii1=1 to nentries
   fillme.ii1.0=0
end /* do */

do until list=""
   parse var list aa '&' list
   parse upper var aa avar '.' aind '=' aval
   aval=packur(aval)
   if abbrev(avar,'ENTRIES=')=1 then iterate
   wow=fillme.aind.0+1
   fillme.aind.0=wow
   fillme.aind.wow.var=avar ; fillme.aind.wow.val=aval
   select
      when avar="COMMENT" then do
          fillme.aind.type='COMMENT'
          parse  var aa foo '=' aval
          fillme.aind.wow.val=packur(aval)
      end
      when avar="USERNAME" then fillme.aind.type='USERNAME'
      otherwise nop
   end
end /* do */

userfile=value(enmadd||'USER_FILE',,'os2environment')
aa=fileread(userfile,'lins',,'E')

/* pull "header comments" */
iat=0
do until iat >= lins.0
   iat=iat+1
   if  abbrev(strip(lins.iat),';')  then do
       newlines.iat=lins.iat
   end  /* Do */
   else do
        leave
   end
end /* do -- iat is the first non header comment line  */
iat=iat-1

do uu=1 to nentries
   select
      when fillme.uu.type='COMMENT' then do
          iat=iat+1
          newlines.iat=fillme.uu.1.val
      end
      when fillme.uu.type='USERNAME' then do
          username=' ' ; password='*' ; hostname=' ' ; privs=' '
          inhouse=' ' ; superuser=' '
          do uu2=1 to fillme.uu.0
             chk1=fillme.uu.uu2.var
             vvv=fillme.uu.uu2.val
             select
                when chk1='USERNAME' then USERNAME=vvv
                when chk1='PASSWORD' then password=vvv
                when chk1='PRIVS' then privs=vvv
                when chk1='HOSTNAME' then hostname=vvv
                when chk1='SUPERUSER' then superuser='SUPERUSER'
                when chk1='INHOUSE' then inhouse='INHOUSE'
                otherwise nop
             end
          end
          if username<>' ' then do
              iat=iat+1
              newlines.iat=''
              if hostname<>' ' then
                  newlines.iat=hostname||'// '
              newlines.iat=newlines.iat||username' ' password '  ' superuser ' ' inhouse ' ' privs
          end
      end
      otherwise do
            nop
      end  /* Do */

  end                   /* select over type */
end                     /* do over entries */

/* save to userfile.. but rename access_file first */
foo=lastpos('.',userfile)
if foo=0 then
   acf1=userfile||'.'
else
   acf1=left(userfile,foo)
do hi=1 to 999
   try1=acf1||hi
   if stream(acf1||hi,'c','query exists')='' then leave
end /* do */
foo=dosrename(userfile,try1)
newlines.0=iat
foo=filewrite(userfile,newlines,'R')


call lineout tempfile, ''
call lineout tempfile, " SRE-Filter: Changed list of Users"
call lineout tempfile, ' '

call lineout tempfile,' 
 The list of Users has  been changed '
call lineout tempfile,' The list of Users has been saved to: ' userfile
call lineout tempfile,'  The old version of 'userfile' has been moved to ' try1
call lineout tempfile,'   '
call lineout tempfile

foo=value('SREF_REDO',1,'os2environment')
'FILE ERASE TYPE text/html NAME' tempfile
return 'done change '




return 'done change '
Host Nickname	Username	Password	Privileges list
' strip(strip(lins.mm),'l',';') '
'hostname '	'username '	' password '	' privs '