* Forgotten signature
[ikiwiki.git] / IkiWiki / CGI.pm
1 #!/usr/bin/perl
2
3 package IkiWiki;
4
5 use warnings;
6 use strict;
7 use IkiWiki;
8 use IkiWiki::UserInfo;
9 use open qw{:utf8 :std};
10 use Encode;
11
12 sub printheader ($) { #{{{
13         my $session=shift;
14         
15         if ($config{sslcookie}) {
16                 print $session->header(-charset => 'utf-8',
17                         -cookie => $session->cookie(-httponly => 1, -secure => 1));
18         } else {
19                 print $session->header(-charset => 'utf-8',
20                         -cookie => $session->cookie(-httponly => 1));
21         }
22 } #}}}
23
24 sub showform ($$$$;@) { #{{{
25         my $form=shift;
26         my $buttons=shift;
27         my $session=shift;
28         my $cgi=shift;
29
30         if (exists $hooks{formbuilder}) {
31                 run_hooks(formbuilder => sub {
32                         shift->(form => $form, cgi => $cgi, session => $session,
33                                 buttons => $buttons);
34                 });
35         }
36
37         printheader($session);
38         print misctemplate($form->title, $form->render(submit => $buttons), @_);
39 }
40
41 sub redirect ($$) { #{{{
42         my $q=shift;
43         my $url=shift;
44         if (! $config{w3mmode}) {
45                 print $q->redirect($url);
46         }
47         else {
48                 print "Content-type: text/plain\n";
49                 print "W3m-control: GOTO $url\n\n";
50         }
51 } #}}}
52
53 sub check_canedit ($$$;$) { #{{{
54         my $page=shift;
55         my $q=shift;
56         my $session=shift;
57         my $nonfatal=shift;
58         
59         my $canedit;
60         run_hooks(canedit => sub {
61                 return if defined $canedit;
62                 my $ret=shift->($page, $q, $session);
63                 if (defined $ret) {
64                         if ($ret eq "") {
65                                 $canedit=1;
66                         }
67                         elsif (ref $ret eq 'CODE') {
68                                 $ret->() unless $nonfatal;
69                                 $canedit=0;
70                         }
71                         elsif (defined $ret) {
72                                 error($ret) unless $nonfatal;
73                                 $canedit=0;
74                         }
75                 }
76         });
77         return $canedit;
78 } #}}}
79
80 sub decode_cgi_utf8 ($) { #{{{
81         # decode_form_utf8 method is needed for 5.10
82         if ($] < 5.01) {
83                 my $cgi = shift;
84                 foreach my $f ($cgi->param) {
85                         $cgi->param($f, map { decode_utf8 $_ } $cgi->param($f));
86                 }
87         }
88 } #}}}
89
90 sub decode_form_utf8 ($) { #{{{
91         if ($] >= 5.01) {
92                 my $form = shift;
93                 foreach my $f ($form->field) {
94                         $form->field(name  => $f,
95                                      value => decode_utf8($form->field($f)),
96                                      force => 1,
97                         );
98                 }
99         }
100 } #}}}
101
102 # Check if the user is signed in. If not, redirect to the signin form and
103 # save their place to return to later.
104 sub needsignin ($$) { #{{{
105         my $q=shift;
106         my $session=shift;
107
108         if (! defined $session->param("name") ||
109             ! userinfo_get($session->param("name"), "regdate")) {
110                 $session->param(postsignin => $ENV{QUERY_STRING});
111                 cgi_signin($q, $session);
112                 cgi_savesession($session);
113                 exit;
114         }
115 } #}}}  
116
117 sub cgi_signin ($$) { #{{{
118         my $q=shift;
119         my $session=shift;
120
121         decode_cgi_utf8($q);
122         eval q{use CGI::FormBuilder};
123         error($@) if $@;
124         my $form = CGI::FormBuilder->new(
125                 title => "signin",
126                 name => "signin",
127                 charset => "utf-8",
128                 method => 'POST',
129                 required => 'NONE',
130                 javascript => 0,
131                 params => $q,
132                 action => $config{cgiurl},
133                 header => 0,
134                 template => {type => 'div'},
135                 stylesheet => baseurl()."style.css",
136         );
137         my $buttons=["Login"];
138         
139         if ($q->param("do") ne "signin" && !$form->submitted) {
140                 $form->text(gettext("You need to log in first."));
141         }
142         $form->field(name => "do", type => "hidden", value => "signin",
143                 force => 1);
144         
145         decode_form_utf8($form);
146         run_hooks(formbuilder_setup => sub {
147                 shift->(form => $form, cgi => $q, session => $session,
148                         buttons => $buttons);
149         });
150         decode_form_utf8($form);
151
152         if ($form->submitted) {
153                 $form->validate;
154         }
155
156         showform($form, $buttons, $session, $q);
157 } #}}}
158
159 sub cgi_postsignin ($$) { #{{{
160         my $q=shift;
161         my $session=shift;
162         
163         # Continue with whatever was being done before the signin process.
164         if (defined $session->param("postsignin")) {
165                 my $postsignin=CGI->new($session->param("postsignin"));
166                 $session->clear("postsignin");
167                 cgi($postsignin, $session);
168                 cgi_savesession($session);
169                 exit;
170         }
171         else {
172                 error(gettext("login failed, perhaps you need to turn on cookies?"));
173         }
174 } #}}}
175
176 sub cgi_prefs ($$) { #{{{
177         my $q=shift;
178         my $session=shift;
179
180         needsignin($q, $session);
181         decode_cgi_utf8($q);
182         
183         # The session id is stored on the form and checked to
184         # guard against CSRF.
185         my $sid=$q->param('sid');
186         if (! defined $sid) {
187                 $q->delete_all;
188         }
189         elsif ($sid ne $session->id) {
190                 error(gettext("Your login session has expired."));
191         }
192
193         eval q{use CGI::FormBuilder};
194         error($@) if $@;
195         my $form = CGI::FormBuilder->new(
196                 title => "preferences",
197                 name => "preferences",
198                 header => 0,
199                 charset => "utf-8",
200                 method => 'POST',
201                 validate => {
202                         email => 'EMAIL',
203                 },
204                 required => 'NONE',
205                 javascript => 0,
206                 params => $q,
207                 action => $config{cgiurl},
208                 template => {type => 'div'},
209                 stylesheet => baseurl()."style.css",
210                 fieldsets => [
211                         [login => gettext("Login")],
212                         [preferences => gettext("Preferences")],
213                         [admin => gettext("Admin")]
214                 ],
215         );
216         my $buttons=["Save Preferences", "Logout", "Cancel"];
217         
218         decode_form_utf8($form);
219         run_hooks(formbuilder_setup => sub {
220                 shift->(form => $form, cgi => $q, session => $session,
221                         buttons => $buttons);
222         });
223         decode_form_utf8($form);
224         
225         $form->field(name => "do", type => "hidden", value => "prefs",
226                 force => 1);
227         $form->field(name => "sid", type => "hidden", value => $session->id,
228                 force => 1);
229         $form->field(name => "email", size => 50, fieldset => "preferences");
230         
231         my $user_name=$session->param("name");
232
233         # XXX deprecated, should be removed eventually
234         $form->field(name => "banned_users", size => 50, fieldset => "admin");
235         if (! is_admin($user_name)) {
236                 $form->field(name => "banned_users", type => "hidden");
237         }
238         if (! $form->submitted) {
239                 $form->field(name => "email", force => 1,
240                         value => userinfo_get($user_name, "email"));
241                 if (is_admin($user_name)) {
242                         my $value=join(" ", get_banned_users());
243                         if (length $value) {
244                                 $form->field(name => "banned_users", force => 1,
245                                         value => join(" ", get_banned_users()),
246                                         comment => "deprecated; please move to banned_users in setup file");
247                         }
248                         else {
249                                 $form->field(name => "banned_users", type => "hidden");
250                         }
251                 }
252         }
253         
254         if ($form->submitted eq 'Logout') {
255                 $session->delete();
256                 redirect($q, $config{url});
257                 return;
258         }
259         elsif ($form->submitted eq 'Cancel') {
260                 redirect($q, $config{url});
261                 return;
262         }
263         elsif ($form->submitted eq 'Save Preferences' && $form->validate) {
264                 if (defined $form->field('email')) {
265                         userinfo_set($user_name, 'email', $form->field('email')) ||
266                                 error("failed to set email");
267                 }
268
269                 # XXX deprecated, should be removed eventually
270                 if (is_admin($user_name)) {
271                         set_banned_users(grep { ! is_admin($_) }
272                                         split(' ',
273                                                 $form->field("banned_users"))) ||
274                                 error("failed saving changes");
275                         if (! length $form->field("banned_users")) {
276                                 $form->field(name => "banned_users", type => "hidden");
277                         }
278                 }
279
280                 $form->text(gettext("Preferences saved."));
281         }
282         
283         showform($form, $buttons, $session, $q);
284 } #}}}
285
286 sub cgi_editpage ($$) { #{{{
287         my $q=shift;
288         my $session=shift;
289         
290         decode_cgi_utf8($q);
291
292         my @fields=qw(do rcsinfo subpage from page type editcontent comments);
293         my @buttons=("Save Page", "Preview", "Cancel");
294         eval q{use CGI::FormBuilder};
295         error($@) if $@;
296         my $form = CGI::FormBuilder->new(
297                 fields => \@fields,
298                 charset => "utf-8",
299                 method => 'POST',
300                 required => [qw{editcontent}],
301                 javascript => 0,
302                 params => $q,
303                 action => $config{cgiurl},
304                 header => 0,
305                 table => 0,
306                 template => scalar template_params("editpage.tmpl"),
307                 wikiname => $config{wikiname},
308         );
309         
310         decode_form_utf8($form);
311         run_hooks(formbuilder_setup => sub {
312                 shift->(form => $form, cgi => $q, session => $session,
313                         buttons => \@buttons);
314         });
315         decode_form_utf8($form);
316         
317         # This untaint is safe because we check file_pruned.
318         my $page=$form->field('page');
319         $page=possibly_foolish_untaint($page);
320         my $absolute=($page =~ s#^/+##);
321         if (! defined $page || ! length $page ||
322             file_pruned($page, $config{srcdir})) {
323                 error("bad page name");
324         }
325
326         my $baseurl=$config{url}."/".htmlpage($page);
327         
328         my $from;
329         if (defined $form->field('from')) {
330                 ($from)=$form->field('from')=~/$config{wiki_file_regexp}/;
331         }
332         
333         my $file;
334         my $type;
335         if (exists $pagesources{$page} && $form->field("do") ne "create") {
336                 $file=$pagesources{$page};
337                 $type=pagetype($file);
338                 if (! defined $type || $type=~/^_/) {
339                         error(sprintf(gettext("%s is not an editable page"), $page));
340                 }
341                 if (! $form->submitted) {
342                         $form->field(name => "rcsinfo",
343                                 value => rcs_prepedit($file), force => 1);
344                 }
345                 $form->field(name => "editcontent", validate => '/.*/');
346         }
347         else {
348                 $type=$form->param('type');
349                 if (defined $type && length $type && $hooks{htmlize}{$type}) {
350                         $type=possibly_foolish_untaint($type);
351                 }
352                 elsif (defined $from && exists $pagesources{$from}) {
353                         # favor the type of linking page
354                         $type=pagetype($pagesources{$from});
355                 }
356                 $type=$config{default_pageext} unless defined $type;
357                 $file=$page.".".$type;
358                 if (! $form->submitted) {
359                         $form->field(name => "rcsinfo", value => "", force => 1);
360                 }
361                 $form->field(name => "editcontent", validate => '/.+/');
362         }
363
364         $form->field(name => "do", type => 'hidden');
365         $form->field(name => "sid", type => "hidden", value => $session->id,
366                 force => 1);
367         $form->field(name => "from", type => 'hidden');
368         $form->field(name => "rcsinfo", type => 'hidden');
369         $form->field(name => "subpage", type => 'hidden');
370         $form->field(name => "page", value => $page, force => 1);
371         $form->field(name => "type", value => $type, force => 1);
372         $form->field(name => "comments", type => "text", size => 80);
373         $form->field(name => "editcontent", type => "textarea", rows => 20,
374                 cols => 80);
375         $form->tmpl_param("can_commit", $config{rcs});
376         $form->tmpl_param("indexlink", indexlink());
377         $form->tmpl_param("helponformattinglink",
378                 htmllink($page, $page, "ikiwiki/formatting",
379                         noimageinline => 1,
380                         linktext => "FormattingHelp"));
381         
382         if ($form->submitted eq "Cancel") {
383                 if ($form->field("do") eq "create" && defined $from) {
384                         redirect($q, "$config{url}/".htmlpage($from));
385                 }
386                 elsif ($form->field("do") eq "create") {
387                         redirect($q, $config{url});
388                 }
389                 else {
390                         redirect($q, "$config{url}/".htmlpage($page));
391                 }
392                 return;
393         }
394         elsif ($form->submitted eq "Preview") {
395                 my $new=not exists $pagesources{$page};
396                 if ($new) {
397                         # temporarily record its type
398                         $pagesources{$page}=$page.".".$type;
399                 }
400
401                 my $content=$form->field('editcontent');
402
403                 run_hooks(editcontent => sub {
404                         $content=shift->(
405                                 content => $content,
406                                 page => $page,
407                                 cgi => $q,
408                                 session => $session,
409                         );
410                 });
411                 my $preview=htmlize($page, $page, $type,
412                         linkify($page, $page,
413                         preprocess($page, $page,
414                         filter($page, $page, $content), 0, 1)));
415                 run_hooks(format => sub {
416                         $preview=shift->(
417                                 page => $page,
418                                 content => $preview,
419                         );
420                 });
421                 $form->tmpl_param("page_preview", $preview);
422         
423                 if ($new) {
424                         delete $pagesources{$page};
425                 }
426                 # previewing may have created files on disk
427                 saveindex();
428         }
429         elsif ($form->submitted eq "Save Page") {
430                 $form->tmpl_param("page_preview", "");
431         }
432         
433         if ($form->submitted ne "Save Page" || ! $form->validate) {
434                 if ($form->field("do") eq "create") {
435                         my @page_locs;
436                         my $best_loc;
437                         if (! defined $from || ! length $from ||
438                             $from ne $form->field('from') ||
439                             file_pruned($from, $config{srcdir}) ||
440                             $from=~/^\// || 
441                             $absolute ||
442                             $form->submitted eq "Preview") {
443                                 @page_locs=$best_loc=$page;
444                         }
445                         else {
446                                 my $dir=$from."/";
447                                 $dir=~s![^/]+/+$!!;
448                                 
449                                 if ((defined $form->field('subpage') && length $form->field('subpage')) ||
450                                     $page eq gettext('discussion')) {
451                                         $best_loc="$from/$page";
452                                 }
453                                 else {
454                                         $best_loc=$dir.$page;
455                                 }
456                                 
457                                 push @page_locs, $dir.$page;
458                                 push @page_locs, "$from/$page";
459                                 while (length $dir) {
460                                         $dir=~s![^/]+/+$!!;
461                                         push @page_locs, $dir.$page;
462                                 }
463                         
464                                 push @page_locs, "$config{userdir}/$page"
465                                         if length $config{userdir};
466                         }
467
468                         @page_locs = grep {
469                                 ! exists $pagecase{lc $_}
470                         } @page_locs;
471                         if (! @page_locs) {
472                                 # hmm, someone else made the page in the
473                                 # meantime?
474                                 if ($form->submitted eq "Preview") {
475                                         # let them go ahead with the edit
476                                         # and resolve the conflict at save
477                                         # time
478                                         @page_locs=$page;
479                                 }
480                                 else {
481                                         redirect($q, "$config{url}/".htmlpage($page));
482                                         return;
483                                 }
484                         }
485
486                         my @editable_locs = grep {
487                                 check_canedit($_, $q, $session, 1)
488                         } @page_locs;
489                         if (! @editable_locs) {
490                                 # let it throw an error this time
491                                 map { check_canedit($_, $q, $session) } @page_locs;
492                         }
493                         
494                         my @page_types;
495                         if (exists $hooks{htmlize}) {
496                                 @page_types=grep { !/^_/ }
497                                         keys %{$hooks{htmlize}};
498                         }
499                         
500                         $form->tmpl_param("page_select", 1);
501                         $form->field(name => "page", type => 'select',
502                                 options => [ map { [ $_, pagetitle($_, 1) ] } @editable_locs ],
503                                 value => $best_loc);
504                         $form->field(name => "type", type => 'select',
505                                 options => \@page_types);
506                         $form->title(sprintf(gettext("creating %s"), pagetitle($page)));
507                         
508                 }
509                 elsif ($form->field("do") eq "edit") {
510                         check_canedit($page, $q, $session);
511                         if (! defined $form->field('editcontent') || 
512                             ! length $form->field('editcontent')) {
513                                 my $content="";
514                                 if (exists $pagesources{$page}) {
515                                         $content=readfile(srcfile($pagesources{$page}));
516                                         $content=~s/\n/\r\n/g;
517                                 }
518                                 $form->field(name => "editcontent", value => $content,
519                                         force => 1);
520                         }
521                         $form->tmpl_param("page_select", 0);
522                         $form->field(name => "page", type => 'hidden');
523                         $form->field(name => "type", type => 'hidden');
524                         $form->title(sprintf(gettext("editing %s"), pagetitle($page)));
525                 }
526                 
527                 showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
528         }
529         else {
530                 # save page
531                 check_canedit($page, $q, $session);
532         
533                 # The session id is stored on the form and checked to
534                 # guard against CSRF. But only if the user is logged in,
535                 # as anonok can allow anonymous edits.
536                 if (defined $session->param("name")) {
537                         my $sid=$q->param('sid');
538                         if (! defined $sid || $sid ne $session->id) {
539                                 error(gettext("Your login session has expired."));
540                         }
541                 }
542
543                 my $exists=-e "$config{srcdir}/$file";
544
545                 if ($form->field("do") ne "create" && ! $exists &&
546                     ! defined srcfile($file, 1)) {
547                         $form->tmpl_param("message", template("editpagegone.tmpl")->output);
548                         $form->field(name => "do", value => "create", force => 1);
549                         $form->tmpl_param("page_select", 0);
550                         $form->field(name => "page", type => 'hidden');
551                         $form->field(name => "type", type => 'hidden');
552                         $form->title(sprintf(gettext("editing %s"), $page));
553                         showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
554                         return;
555                 }
556                 elsif ($form->field("do") eq "create" && $exists) {
557                         $form->tmpl_param("message", template("editcreationconflict.tmpl")->output);
558                         $form->field(name => "do", value => "edit", force => 1);
559                         $form->tmpl_param("page_select", 0);
560                         $form->field(name => "page", type => 'hidden');
561                         $form->field(name => "type", type => 'hidden');
562                         $form->title(sprintf(gettext("editing %s"), $page));
563                         $form->field("editcontent", 
564                                 value => readfile("$config{srcdir}/$file").
565                                          "\n\n\n".$form->field("editcontent"),
566                                 force => 1);
567                         showform($form, \@buttons, $session, $q, forcebaseurl => $baseurl);
568                         return;
569                 }
570                 
571                 my $content=$form->field('editcontent');
572                 run_hooks(editcontent => sub {
573                         $content=shift->(
574                                 content => $content,
575                                 page => $page,
576                                 cgi => $q,
577                                 session => $session,
578                         );
579                 });
580                 $content=~s/\r\n/\n/g;
581                 $content=~s/\r/\n/g;
582                 $content.="\n" if $content !~ /\n$/;
583
584                 $config{cgi}=0; # avoid cgi error message
585                 eval { writefile($file, $config{srcdir}, $content) };
586                 $config{cgi}=1;
587                 if ($@) {
588                         $form->field(name => "rcsinfo", value => rcs_prepedit($file),
589                                 force => 1);
590                         my $mtemplate=template("editfailedsave.tmpl");
591                         $mtemplate->param(error_message => $@);
592                         $form->tmpl_param("message", $mtemplate->output);
593                         $form->field("editcontent", value => $content, force => 1);
594                         $form->tmpl_param("page_select", 0);
595                         $form->field(name => "page", type => 'hidden');
596                         $form->field(name => "type", type => 'hidden');
597                         $form->title(sprintf(gettext("editing %s"), $page));
598                         showform($form, \@buttons, $session, $q,
599                                 forcebaseurl => $baseurl);
600                         return;
601                 }
602                 
603                 my $conflict;
604                 if ($config{rcs}) {
605                         my $message="";
606                         if (defined $form->field('comments') &&
607                             length $form->field('comments')) {
608                                 $message=$form->field('comments');
609                         }
610                         
611                         if (! $exists) {
612                                 rcs_add($file);
613                         }
614
615                         # Prevent deadlock with post-commit hook by
616                         # signaling to it that it should not try to
617                         # do anything.
618                         disable_commit_hook();
619                         $conflict=rcs_commit($file, $message,
620                                 $form->field("rcsinfo"),
621                                 $session->param("name"), $ENV{REMOTE_ADDR});
622                         enable_commit_hook();
623                         rcs_update();
624                 }
625                 
626                 # Refresh even if there was a conflict, since other changes
627                 # may have been committed while the post-commit hook was
628                 # disabled.
629                 require IkiWiki::Render;
630                 refresh();
631                 saveindex();
632
633                 if (defined $conflict) {
634                         $form->field(name => "rcsinfo", value => rcs_prepedit($file),
635                                 force => 1);
636                         $form->tmpl_param("message", template("editconflict.tmpl")->output);
637                         $form->field("editcontent", value => $conflict, force => 1);
638                         $form->field("do", "edit", force => 1);
639                         $form->tmpl_param("page_select", 0);
640                         $form->field(name => "page", type => 'hidden');
641                         $form->field(name => "type", type => 'hidden');
642                         $form->title(sprintf(gettext("editing %s"), $page));
643                         showform($form, \@buttons, $session, $q,
644                                 forcebaseurl => $baseurl);
645                         return;
646                 }
647                 else {
648                         # The trailing question mark tries to avoid broken
649                         # caches and get the most recent version of the page.
650                         redirect($q, "$config{url}/".htmlpage($page)."?updated");
651                 }
652         }
653 } #}}}
654         
655 sub check_banned ($$) { #{{{
656         my $q=shift;
657         my $session=shift;
658
659         my $name=$session->param("name");
660         if (defined $name) {
661                 # XXX banned in userinfo is deprecated, should be removed
662                 # eventually, and only banned_users be checked.
663                 if (userinfo_get($session->param("name"), "banned") ||
664                     grep { $name eq $_ } @{$config{banned_users}}) {
665                         print $q->header(-status => "403 Forbidden");
666                         $session->delete();
667                         print gettext("You are banned.");
668                         cgi_savesession($session);
669                         exit;
670                 }
671         }
672 }
673
674 sub cgi_getsession ($) { #{{{
675         my $q=shift;
676
677         eval q{use CGI::Session};
678         error($@) if $@;
679         CGI::Session->name("ikiwiki_session_".encode_utf8($config{wikiname}));
680         
681         my $oldmask=umask(077);
682         my $session = eval {
683                 CGI::Session->new("driver:DB_File", $q,
684                         { FileName => "$config{wikistatedir}/sessions.db" })
685         };
686         if (! $session || $@) {
687                 error($@." ".CGI::Session->errstr());
688         }
689         
690         umask($oldmask);
691
692         return $session;
693 } #}}}
694
695 sub cgi_savesession ($) { #{{{
696         my $session=shift;
697
698         # Force session flush with safe umask.
699         my $oldmask=umask(077);
700         $session->flush;
701         umask($oldmask);
702 } #}}}
703
704 sub cgi (;$$) { #{{{
705         my $q=shift;
706         my $session=shift;
707
708         eval q{use CGI};
709         error($@) if $@;
710         $CGI::DISABLE_UPLOADS=$config{cgi_disable_uploads};
711
712         if (! $q) {
713                 binmode(STDIN);
714                 $q=CGI->new;
715                 binmode(STDIN, ":utf8");
716         
717                 run_hooks(cgi => sub { shift->($q) });
718         }
719
720         my $do=$q->param('do');
721         if (! defined $do || ! length $do) {
722                 my $error = $q->cgi_error;
723                 if ($error) {
724                         error("Request not processed: $error");
725                 }
726                 else {
727                         error("\"do\" parameter missing");
728                 }
729         }
730         
731         # Need to lock the wiki before getting a session.
732         lockwiki();
733         loadindex();
734         
735         if (! $session) {
736                 $session=cgi_getsession($q);
737         }
738         
739         # Auth hooks can sign a user in.
740         if ($do ne 'signin' && ! defined $session->param("name")) {
741                 run_hooks(auth => sub {
742                         shift->($q, $session)
743                 });
744                 if (defined $session->param("name")) {
745                         # Make sure whatever user was authed is in the
746                         # userinfo db.
747                         if (! userinfo_get($session->param("name"), "regdate")) {
748                                 userinfo_setall($session->param("name"), {
749                                         email => "",
750                                         password => "",
751                                         regdate => time,
752                                 }) || error("failed adding user");
753                         }
754                 }
755         }
756         
757         check_banned($q, $session);
758         
759         run_hooks(sessioncgi => sub { shift->($q, $session) });
760
761         if ($do eq 'signin') {
762                 cgi_signin($q, $session);
763                 cgi_savesession($session);
764         }
765         elsif ($do eq 'prefs') {
766                 cgi_prefs($q, $session);
767         }
768         elsif ($do eq 'create' || $do eq 'edit') {
769                 cgi_editpage($q, $session);
770         }
771         elsif (defined $session->param("postsignin") || $do eq 'postsignin') {
772                 cgi_postsignin($q, $session);
773         }
774         else {
775                 error("unknown do parameter");
776         }
777 } #}}}
778
779 # Does not need to be called directly; all errors will go through here.
780 sub cgierror ($) { #{{{
781         my $message=shift;
782
783         print "Content-type: text/html\n\n";
784         print misctemplate(gettext("Error"),
785                 "<p class=\"error\">".gettext("Error").": $message</p>");
786         die $@;
787 } #}}}
788
789 1