oops, add unlock _before_ svn commit

[ikiwiki.git] / ikiwiki
diff --git a/ikiwiki b/ikiwiki

index cfc963c120df53c0ec680bbe0fe51dfb0531eb5e..c2310cb37ed0f0e4290d52fd1284b0f84eb3a4f1 100755 (executable)
--- a/ikiwiki
+++ b/ikiwiki
@@ -1,50 +1,87 @@
  #!/usr/bin/perl -T
+$ENV{PATH}="/usr/local/bin:/usr/bin:/bin";
  
  use warnings;
  use strict;
-use File::Find;
  use Memoize;
  use File::Spec;
  use HTML::Template;
-
-BEGIN {
-       $blosxom::version="is a proper perl module too much to ask?";
-       do "/usr/bin/markdown";
+use Getopt::Long;
+
+my (%links, %oldlinks, %oldpagemtime, %renderedfiles, %pagesources);
+
+# Holds global config settings, also used by some modules.
+our %config=( #{{{
+       wiki_file_prune_regexp => qr{((^|/).svn/|\.\.|^\.|\/\.|\.html?$)},
+       wiki_link_regexp => qr/\[\[([^\s]+)\]\]/,
+       wiki_file_regexp => qr/(^[-A-Za-z0-9_.:\/+]+$)/,
+       verbose => 0,
+       wikiname => "wiki",
+       default_pageext => ".mdwn",
+       cgi => 0,
+       svn => 1,
+       url => '',
+       cgiurl => '',
+       historyurl => '',
+       anonok => 0,
+       rebuild => 0,
+       wrapper => undef,
+       wrappermode => undef,
+       srcdir => undef,
+       destdir => undef,
+       templatedir => undef,
+       setup => undef,
+); #}}}
+
+GetOptions( #{{{
+       "setup=s" => \$config{setup},
+       "wikiname=s" => \$config{wikiname},
+       "verbose|v!" => \$config{verbose},
+       "rebuild!" => \$config{rebuild},
+       "wrapper=s" => sub { $config{wrapper}=$_[1] ? $_[1] : "ikiwiki-wrap" },
+       "wrappermode=i" => \$config{wrappermode},
+       "svn!" => \$config{svn},
+       "anonok!" => \$config{anonok},
+       "cgi!" => \$config{cgi},
+       "url=s" => \$config{url},
+       "cgiurl=s" => \$config{cgiurl},
+       "historyurl=s" => \$config{historyurl},
+       "exclude=s@" => sub {
+               $config{wiki_file_prune_regexp}=qr/$config{wiki_file_prune_regexp}|$_[1]/;
+       },
+) || usage();
+
+if (! $config{setup}) {
+       usage() unless @ARGV == 3;
+       $config{srcdir} = possibly_foolish_untaint(shift);
+       $config{templatedir} = possibly_foolish_untaint(shift);
+       $config{destdir} = possibly_foolish_untaint(shift);
+       if ($config{cgi} && ! length $config{url}) {
+               error("Must specify url to wiki with --url when using --cgi");
+       }
  }
-
-$ENV{PATH}="/usr/local/bin:/usr/bin:/bin";
-my ($srcdir, $templatedir, $destdir, %links, %oldlinks, %oldpagemtime,
-    %renderedfiles, %pagesources);
-my $wiki_link_regexp=qr/\[\[([^\s]+)\]\]/;
-my $wiki_file_regexp=qr/(^[-A-Za-z0-9_.:\/+]+$)/;
-my $wiki_file_prune_regexp=qr!((^|/).svn/|\.\.|^\.|\/\.|\.html?$)!;
-my $verbose=0;
-my $wikiname="wiki";
-my $default_pagetype=".mdwn";
-my $cgi=0;
-my $url="";
-my $cgiurl="";
-my $historyurl="";
-my $svn=1;
-my $anonok=0;
+#}}}
  
  sub usage { #{{{
         die "usage: ikiwiki [options] source templates dest\n";
  } #}}}
  
-sub error ($) { #{{{
-       if ($cgi) {
+sub error { #{{{
+       if ($config{cgi}) {
                 print "Content-type: text/html\n\n";
-               print "Error: @_\n";
-               exit 1;
-       }
-       else {
-               die @_;
+               print misctemplate("Error", "<p>Error: @_</p>");
         }
+       die @_;
  } #}}}
  
  sub debug ($) { #{{{
-       print "@_\n" if $verbose;
+       return unless $config{verbose};
+       if (! $config{cgi}) {
+               print "@_\n";
+       }
+       else {
+               print STDERR "@_\n";
+       }
  } #}}}
  
  sub mtime ($) { #{{{
@@ -53,7 +90,7 @@ sub mtime ($) { #{{{
         return (stat($page))[9];
  } #}}}
  
-sub possibly_foolish_untaint ($) { #{{{
+sub possibly_foolish_untaint { #{{{
         my $tainted=shift;
         my ($untainted)=$tainted=~/(.*)/;
         return $untainted;
@@ -129,21 +166,25 @@ sub writefile ($$) { #{{{
         close OUT;
  } #}}}
  
-sub findlinks ($) { #{{{
+sub findlinks ($$) { #{{{
         my $content=shift;
+       my $page=shift;
  
         my @links;
-       while ($content =~ /$wiki_link_regexp/g) {
+       while ($content =~ /(?<!\\)$config{wiki_link_regexp}/g) {
                 push @links, lc($1);
         }
-       return @links;
+       # Discussion links are a special case since they're not in the text
+       # of the page, but on its template.
+       return @links, "$page/discussion";
  } #}}}
  
-# Given a page and the text of a link on the page, determine which existing
-# page that link best points to. Prefers pages under a subdirectory with
-# the same name as the source page, failing that goes down the directory tree
-# to the base looking for matching pages.
  sub bestlink ($$) { #{{{
+       # Given a page and the text of a link on the page, determine which
+       # existing page that link best points to. Prefers pages under a
+       # subdirectory with the same name as the source page, failing that
+       # goes down the directory tree to the base looking for matching
+       # pages.
         my $page=shift;
         my $link=lc(shift);
         
@@ -172,11 +213,18 @@ sub isinlinableimage ($) { #{{{
  sub htmllink { #{{{
         my $page=shift;
         my $link=shift;
-       my $noimagelink=shift;
+       my $noimageinline=shift; # don't turn links into inline html images
+       my $forcesubpage=shift; # force a link to a subpage
  
-       my $bestlink=bestlink($page, $link);
+       my $bestlink;
+       if (! $forcesubpage) {
+               $bestlink=bestlink($page, $link);
+       }
+       else {
+               $bestlink="$page/".lc($link);
+       }
  
-       return $link if $page eq $bestlink;
+       return $link if length $bestlink && $page eq $bestlink;
         
         # TODO BUG: %renderedfiles may not have it, if the linked to page
         # was also added and isn't yet rendered! Note that this bug is
@@ -186,12 +234,12 @@ sub htmllink { #{{{
                 $bestlink=htmlpage($bestlink);
         }
         if (! grep { $_ eq $bestlink } values %renderedfiles) {
-               return "<a href=\"$cgiurl?do=create&page=$link&from=$page\">?</a>$link"
+               return "<a href=\"$config{cgiurl}?do=create&page=$link&from=$page\">?</a>$link"
         }
         
         $bestlink=File::Spec->abs2rel($bestlink, dirname($page));
         
-       if (! $noimagelink && isinlinableimage($bestlink)) {
+       if (! $noimageinline && isinlinableimage($bestlink)) {
                 return "<img src=\"$bestlink\">";
         }
         return "<a href=\"$bestlink\">$link</a>";
@@ -199,9 +247,11 @@ sub htmllink { #{{{
  
  sub linkify ($$) { #{{{
         my $content=shift;
-       my $file=shift;
+       my $page=shift;
  
-       $content =~ s/$wiki_link_regexp/htmllink(pagename($file), $1)/eg;
+       $content =~ s{(\\?)$config{wiki_link_regexp}}{
+               $1 ? "[[$2]]" : htmllink($page, $2)
+       }eg;
         
         return $content;
  } #}}}
@@ -210,6 +260,13 @@ sub htmlize ($$) { #{{{
         my $type=shift;
         my $content=shift;
         
+       if (! $INC{"/usr/bin/markdown"}) {
+               no warnings 'once';
+               $blosxom::version="is a proper perl module too much to ask?";
+               use warnings 'all';
+               do "/usr/bin/markdown";
+       }
+       
         if ($type eq '.mdwn') {
                 return Markdown::Markdown($content);
         }
@@ -240,7 +297,7 @@ sub backlinks ($) { #{{{
                 }
         }
  
-       return @links;
+       return sort { $a->{page} cmp $b->{page} } @links;
  } #}}}
         
  sub parentlinks ($) { #{{{
@@ -252,20 +309,21 @@ sub parentlinks ($) { #{{{
         my $skip=1;
         foreach my $dir (reverse split("/", $page)) {
                 if (! $skip) {
+                       $path.="../";
                         unshift @ret, { url => "$path$dir.html", page => $dir };
                 }
                 else {
                         $skip=0;
                 }
-               $path.="../";
         }
+       unshift @ret, { url => length $path ? $path : ".", page => $config{wikiname} };
         return @ret;
  } #}}}
  
  sub indexlink () { #{{{
-       return "<a href=\"$url\">$wikiname</a>/ ";
+       return "<a href=\"$config{url}\">$config{wikiname}</a>";
  } #}}}
-       
+
  sub finalize ($$) { #{{{
         my $content=shift;
         my $page=shift;
@@ -274,59 +332,100 @@ sub finalize ($$) { #{{{
         $title=~s/_/ /g;
         
         my $template=HTML::Template->new(blind_cache => 1,
-               filename => "$templatedir/page.tmpl");
+               filename => "$config{templatedir}/page.tmpl");
         
-       if (length $cgiurl) {
-               $template->param(editurl => "$cgiurl?do=edit&page=$page");
-               $template->param(recentchangesurl => "$cgiurl?do=recentchanges");
+       if (length $config{cgiurl}) {
+               $template->param(editurl => "$config{cgiurl}?do=edit&page=$page");
+               if ($config{svn}) {
+                       $template->param(recentchangesurl => "$config{cgiurl}?do=recentchanges");
+               }
         }
  
-       if (length $historyurl) {
-               my $u=$historyurl;
+       if (length $config{historyurl}) {
+               my $u=$config{historyurl};
                 $u=~s/\[\[\]\]/$pagesources{$page}/g;
                 $template->param(historyurl => $u);
         }
         
         $template->param(
                 title => $title,
-               indexlink => $url,
-               wikiname => $wikiname,
+               wikiname => $config{wikiname},
                 parentlinks => [parentlinks($page)],
                 content => $content,
                 backlinks => [backlinks($page)],
+               discussionlink => htmllink($page, "Discussion", 1, 1),
         );
         
         return $template->output;
  } #}}}
  
+sub check_overwrite ($$) { #{{{
+       # Important security check. Make sure to call this before saving
+       # any files to the source directory.
+       my $dest=shift;
+       my $src=shift;
+       
+       if (! exists $renderedfiles{$src} && -e $dest && ! $config{rebuild}) {
+               error("$dest already exists and was rendered from ".
+                       join(" ",(grep { $renderedfiles{$_} eq $dest } keys
+                               %renderedfiles)).
+                       ", before, so not rendering from $src");
+       }
+} #}}}
+
  sub render ($) { #{{{
         my $file=shift;
         
         my $type=pagetype($file);
-       my $content=readfile("$srcdir/$file");
+       my $content=readfile("$config{srcdir}/$file");
         if ($type ne 'unknown') {
                 my $page=pagename($file);
                 
-               $links{$page}=[findlinks($content)];
+               $links{$page}=[findlinks($content, $page)];
                 
-               $content=linkify($content, $file);
+               $content=linkify($content, $page);
                 $content=htmlize($type, $content);
                 $content=finalize($content, $page);
                 
-               writefile("$destdir/".htmlpage($page), $content);
+               check_overwrite("$config{destdir}/".htmlpage($page), $page);
+               writefile("$config{destdir}/".htmlpage($page), $content);
                 $oldpagemtime{$page}=time;
                 $renderedfiles{$page}=htmlpage($page);
         }
         else {
                 $links{$file}=[];
-               writefile("$destdir/$file", $content);
+               check_overwrite("$config{destdir}/$file", $file);
+               writefile("$config{destdir}/$file", $content);
                 $oldpagemtime{$file}=time;
                 $renderedfiles{$file}=$file;
         }
  } #}}}
  
+sub lockwiki () { #{{{
+       # Take an exclusive lock on the wiki to prevent multiple concurrent
+       # run issues. The lock will be dropped on program exit.
+       if (! -d "$config{srcdir}/.ikiwiki") {
+               mkdir("$config{srcdir}/.ikiwiki");
+       }
+       open(WIKILOCK, ">$config{srcdir}/.ikiwiki/lockfile") || error ("cannot write to lockfile: $!");
+       if (! flock(WIKILOCK, 2 | 4)) {
+               debug("wiki seems to be locked, waiting for lock");
+               my $wait=600; # arbitrary, but don't hang forever to 
+                             # prevent process pileup
+               for (1..600) {
+                       return if flock(WIKILOCK, 2 | 4);
+                       sleep 1;
+               }
+               error("wiki is locked; waited $wait seconds without lock being freed (possible stuck process or stale lock?)");
+       }
+} #}}}
+
+sub unlockwiki () { #{{{
+       close WIKILOCK;
+} #}}}
+
  sub loadindex () { #{{{
-       open (IN, "$srcdir/.ikiwiki/index") || return;
+       open (IN, "$config{srcdir}/.ikiwiki/index") || return;
         while (<IN>) {
                 $_=possibly_foolish_untaint($_);
                 chomp;
@@ -342,10 +441,10 @@ sub loadindex () { #{{{
  } #}}}
  
  sub saveindex () { #{{{
-       if (! -d "$srcdir/.ikiwiki") {
-               mkdir("$srcdir/.ikiwiki");
+       if (! -d "$config{srcdir}/.ikiwiki") {
+               mkdir("$config{srcdir}/.ikiwiki");
         }
-       open (OUT, ">$srcdir/.ikiwiki/index") || error("cannot write to index: $!");
+       open (OUT, ">$config{srcdir}/.ikiwiki/index") || error("cannot write to index: $!");
         foreach my $page (keys %oldpagemtime) {
                 print OUT "$oldpagemtime{$page} $pagesources{$page} $renderedfiles{$page} ".
                         join(" ", @{$links{$page}})."\n"
@@ -355,8 +454,8 @@ sub saveindex () { #{{{
  } #}}}
  
  sub rcs_update () { #{{{
-       if (-d "$srcdir/.svn") {
-               if (system("svn", "update", "--quiet", $srcdir) != 0) {
+       if (-d "$config{srcdir}/.svn") {
+               if (system("svn", "update", "--quiet", $config{srcdir}) != 0) {
                         warn("svn update failed\n");
                 }
         }
@@ -365,9 +464,10 @@ sub rcs_update () { #{{{
  sub rcs_commit ($) { #{{{
         my $message=shift;
  
-       if (-d "$srcdir/.svn") {
+       if (-d "$config{srcdir}/.svn") {
                 if (system("svn", "commit", "--quiet", "-m",
-                          possibly_foolish_untaint($message), $srcdir) != 0) {
+                          possibly_foolish_untaint($message),
+                          $config{srcdir}) != 0) {
                         warn("svn commit failed\n");
                 }
         }
@@ -376,14 +476,14 @@ sub rcs_commit ($) { #{{{
  sub rcs_add ($) { #{{{
         my $file=shift;
  
-       if (-d "$srcdir/.svn") {
+       if (-d "$config{srcdir}/.svn") {
                 my $parent=dirname($file);
-               while (! -d "$srcdir/$parent/.svn") {
+               while (! -d "$config{srcdir}/$parent/.svn") {
                         $file=$parent;
                         $parent=dirname($file);
                 }
                 
-               if (system("svn", "add", "--quiet", "$srcdir/$file") != 0) {
+               if (system("svn", "add", "--quiet", "$config{srcdir}/$file") != 0) {
                         warn("svn add failed\n");
                 }
         }
@@ -393,11 +493,12 @@ sub rcs_recentchanges ($) { #{{{
         my $num=shift;
         my @ret;
         
+       eval q{use CGI 'escapeHTML'};
         eval q{use Date::Parse};
         eval q{use Time::Duration};
         
-       if (-d "$srcdir/.svn") {
-               my $info=`LANG=C svn info $srcdir`;
+       if (-d "$config{srcdir}/.svn") {
+               my $info=`LANG=C svn info $config{srcdir}`;
                 my ($svn_url)=$info=~/^URL: (.*)$/m;
  
                 # FIXME: currently assumes that the wiki is somewhere
@@ -407,8 +508,8 @@ sub rcs_recentchanges ($) { #{{{
                 my $div=qr/^--------------------+$/;
                 my $infoline=qr/^r(\d+)\s+\|\s+([^\s]+)\s+\|\s+(\d+-\d+-\d+\s+\d+:\d+:\d+\s+[-+]?\d+).*/;
                 my $state='start';
-               my ($rev, $user, $when, @pages, $message);
-               foreach (`LANG=C svn log -v '$svn_url'`) {
+               my ($rev, $user, $when, @pages, @message);
+               foreach (`LANG=C svn log --limit $num -v '$svn_url'`) {
                         chomp;
                         if ($state eq 'start' && /$div/) {
                                 $state='header';
@@ -426,17 +527,29 @@ sub rcs_recentchanges ($) { #{{{
                                 $state='body';
                         }
                         elsif ($state eq 'body' && /$div/) {
-                               push @ret, { rev => $rev, user => $user,
-                                       when => $when, message => $message,
+                               my $committype="web";
+                               if (defined $message[0] &&
+                                   $message[0]->{line}=~/^web commit by (\w+):?(.*)/) {
+                                       $user="$1";
+                                       $message[0]->{line}=$2;
+                               }
+                               else {
+                                       $committype="svn";
+                               }
+                               
+                               push @ret, { rev => $rev,
+                                       user => htmllink("", $user, 1),
+                                       committype => $committype,
+                                       when => $when, message => [@message],
                                         pages => [@pages] } if @pages;
                                 return @ret if @ret >= $num;
                                 
                                 $state='header';
-                               $message=$rev=$user=$when=undef;
-                               @pages=();
+                               $rev=$user=$when=undef;
+                               @pages=@message=();
                         }
                         elsif ($state eq 'body') {
-                               $message.="$_<br>\n";
+                               push @message, {line => escapeHTML($_)},
                         }
                 }
         }
@@ -455,28 +568,31 @@ sub prune ($) { #{{{
  } #}}}
  
  sub refresh () { #{{{
-       # Find existing pages.
+       # find existing pages
         my %exists;
         my @files;
+       eval q{use File::Find};
         find({
                 no_chdir => 1,
                 wanted => sub {
-                       if (/$wiki_file_prune_regexp/) {
+                       if (/$config{wiki_file_prune_regexp}/) {
+                               no warnings 'once';
                                 $File::Find::prune=1;
+                               use warnings "all";
                         }
-                       elsif (! -d $_) {
-                               my ($f)=/$wiki_file_regexp/; # untaint
+                       elsif (! -d $_ && ! -l $_) {
+                               my ($f)=/$config{wiki_file_regexp}/; # untaint
                                 if (! defined $f) {
                                         warn("skipping bad filename $_\n");
                                 }
                                 else {
-                                       $f=~s/^\Q$srcdir\E\/?//;
+                                       $f=~s/^\Q$config{srcdir}\E\/?//;
                                         push @files, $f;
                                         $exists{pagename($f)}=1;
                                 }
                         }
                 },
-       }, $srcdir);
+       }, $config{srcdir});
  
         my %rendered;
  
@@ -495,8 +611,8 @@ sub refresh () { #{{{
         foreach my $page (keys %oldpagemtime) {
                 if (! $exists{$page}) {
                         debug("removing old page $page");
-                       push @del, $renderedfiles{$page};
-                       prune($destdir."/".$renderedfiles{$page});
+                       push @del, $pagesources{$page};
+                       prune($config{destdir}."/".$renderedfiles{$page});
                         delete $renderedfiles{$page};
                         $oldpagemtime{$page}=0;
                         delete $pagesources{$page};
@@ -508,7 +624,7 @@ sub refresh () { #{{{
                 my $page=pagename($file);
                 
                 if (! exists $oldpagemtime{$page} ||
-                   mtime("$srcdir/$file") > $oldpagemtime{$page}) {
+                   mtime("$config{srcdir}/$file") > $oldpagemtime{$page}) {
                         debug("rendering changed file $file");
                         render($file);
                         $rendered{$file}=1;
@@ -547,8 +663,7 @@ FILE:               foreach my $file (@files) {
                 foreach my $file (keys %rendered, @del) {
                         my $page=pagename($file);
                         if (exists $links{$page}) {
-                               foreach my $link (@{$links{$page}}) {
-                                       $link=bestlink($page, $link);
+                               foreach my $link (map { bestlink($page, $_) } @{$links{$page}}) {
                                         if (length $link &&
                                             ! exists $oldlinks{$page} ||
                                             ! grep { $_ eq $link } @{$oldlinks{$page}}) {
@@ -557,8 +672,7 @@ FILE:               foreach my $file (@files) {
                                 }
                         }
                         if (exists $oldlinks{$page}) {
-                               foreach my $link (@{$oldlinks{$page}}) {
-                                       $link=bestlink($page, $link);
+                               foreach my $link (map { bestlink($page, $_) } @{$oldlinks{$page}}) {
                                         if (length $link &&
                                             ! exists $links{$page} ||
                                             ! grep { $_ eq $link } @{$links{$page}}) {
@@ -577,28 +691,30 @@ FILE:             foreach my $file (@files) {
         }
  } #}}}
  
-# Generates a C wrapper program for running ikiwiki in a specific way.
-# The wrapper may be safely made suid.
-sub gen_wrapper ($$) { #{{{
-       my ($svn, $rebuild)=@_;
-
+sub gen_wrapper (@) { #{{{
+       my %config=(@_);
         eval q{use Cwd 'abs_path'};
-       $srcdir=abs_path($srcdir);
-       $destdir=abs_path($destdir);
+       $config{srcdir}=abs_path($config{srcdir});
+       $config{destdir}=abs_path($config{destdir});
         my $this=abs_path($0);
         if (! -x $this) {
                 error("$this doesn't seem to be executable");
         }
  
-       my @params=($srcdir, $templatedir, $destdir, "--wikiname=$wikiname");
-       push @params, "--verbose" if $verbose;
-       push @params, "--rebuild" if $rebuild;
-       push @params, "--nosvn" if !$svn;
-       push @params, "--cgi" if $cgi;
-       push @params, "--url=$url" if $url;
-       push @params, "--cgiurl=$cgiurl" if $cgiurl;
-       push @params, "--historyurl=$historyurl" if $historyurl;
-       push @params, "--anonok" if $anonok;
+       if ($config{setup}) {
+               error("cannot create a wrapper that uses a setup file");
+       }
+       
+       my @params=($config{srcdir}, $config{templatedir}, $config{destdir},
+               "--wikiname=$config{wikiname}");
+       push @params, "--verbose" if $config{verbose};
+       push @params, "--rebuild" if $config{rebuild};
+       push @params, "--nosvn" if !$config{svn};
+       push @params, "--cgi" if $config{cgi};
+       push @params, "--url=$config{url}" if length $config{url};
+       push @params, "--cgiurl=$config{cgiurl}" if length $config{cgiurl};
+       push @params, "--historyurl=$config{historyurl}" if length $config{historyurl};
+       push @params, "--anonok" if $config{anonok};
         my $params=join(" ", @params);
         my $call='';
         foreach my $p ($this, $this, @params) {
@@ -609,7 +725,7 @@ sub gen_wrapper ($$) { #{{{
         my @envsave;
         push @envsave, qw{REMOTE_ADDR QUERY_STRING REQUEST_METHOD REQUEST_URI
                        CONTENT_TYPE CONTENT_LENGTH GATEWAY_INTERFACE
-                      HTTP_COOKIE} if $cgi;
+                      HTTP_COOKIE} if $config{cgi};
         my $envsave="";
         foreach my $var (@envsave) {
                 $envsave.=<<"EOF"
@@ -650,26 +766,75 @@ $envsave
  }
  EOF
         close OUT;
-       if (system("gcc", "ikiwiki-wrap.c", "-o", "ikiwiki-wrap") != 0) {
+       if (system("gcc", "ikiwiki-wrap.c", "-o", possibly_foolish_untaint($config{wrapper})) != 0) {
                 error("failed to compile ikiwiki-wrap.c");
         }
         unlink("ikiwiki-wrap.c");
-       print "successfully generated ikiwiki-wrap\n";
-       exit 0;
+       if (defined $config{wrappermode} &&
+           ! chmod(oct($config{wrappermode}), possibly_foolish_untaint($config{wrapper}))) {
+               error("chmod $config{wrapper}: $!");
+       }
+       print "successfully generated $config{wrapper}\n";
  } #}}}
+               
+sub misctemplate ($$) { #{{{
+       my $title=shift;
+       my $pagebody=shift;
+       
+       my $template=HTML::Template->new(
+               filename => "$config{templatedir}/misc.tmpl"
+       );
+       $template->param(
+               title => $title,
+               indexlink => indexlink(),
+               wikiname => $config{wikiname},
+               pagebody => $pagebody,
+       );
+       return $template->output;
+}#}}}
  
-sub cgi_recentchanges () { #{{{
+sub cgi_recentchanges ($) { #{{{
         my $q=shift;
         
         my $template=HTML::Template->new(
-               filename => "$templatedir/recentchanges.tmpl");
+               filename => "$config{templatedir}/recentchanges.tmpl"
+       );
         $template->param(
                 title => "RecentChanges",
-               indexlink => $url,
-               wikiname => $wikiname,
+               indexlink => indexlink(),
+               wikiname => $config{wikiname},
                 changelog => [rcs_recentchanges(100)],
         );
-       return $template->output;
+       print $q->header, $template->output;
+} #}}}
+
+sub userinfo_get ($$) { #{{{
+       my $user=shift;
+       my $field=shift;
+
+       eval q{use Storable};
+       my $userdata=eval{ Storable::lock_retrieve("$config{srcdir}/.ikiwiki/userdb") };
+       if (! defined $userdata || ! ref $userdata || 
+           ! exists $userdata->{$user} || ! ref $userdata->{$user}) {
+               return "";
+       }
+       return $userdata->{$user}->{$field};
+} #}}}
+
+sub userinfo_set ($$) { #{{{
+       my $user=shift;
+       my $info=shift;
+       
+       eval q{use Storable};
+       my $userdata=eval{ Storable::lock_retrieve("$config{srcdir}/.ikiwiki/userdb") };
+       if (! defined $userdata || ! ref $userdata) {
+               $userdata={};
+       }
+       $userdata->{$user}=$info;
+       my $oldmask=umask(077);
+       my $ret=Storable::lock_store($userdata, "$config{srcdir}/.ikiwiki/userdb");
+       umask($oldmask);
+       return $ret;
  } #}}}
  
  sub cgi_signin ($$) { #{{{
@@ -678,12 +843,11 @@ sub cgi_signin ($$) { #{{{
  
         eval q{use CGI::FormBuilder};
         my $form = CGI::FormBuilder->new(
-               title => "$wikiname signin",
-               fields => [qw(do page name password confirm_password email)],
+               title => "$config{wikiname} signin",
+               fields => [qw(do page from name password confirm_password email)],
                 header => 1,
                 method => 'POST',
                 validate => {
-                       name => '/^\w+$/',
                         confirm_password => {
                                 perl => q{eq $form->field("password")},
                         },
@@ -693,18 +857,18 @@ sub cgi_signin ($$) { #{{{
                 javascript => 0,
                 params => $q,
                 action => $q->request_uri,
+               header => 0,
+               template => (-e "$config{templatedir}/signin.tmpl" ?
+                             "$config{templatedir}/signin.tmpl" : "")
         );
         
-       $form->sessionid($session->id);
         $form->field(name => "name", required => 0);
         $form->field(name => "do", type => "hidden");
         $form->field(name => "page", type => "hidden");
+       $form->field(name => "from", type => "hidden");
         $form->field(name => "password", type => "password", required => 0);
         $form->field(name => "confirm_password", type => "password", required => 0);
         $form->field(name => "email", required => 0);
-       if ($session->param("name")) {
-               $form->field(name => "name", value => $session->param("name"));
-       }
         if ($q->param("do") ne "signin") {
                 $form->text("You need to log in before you can edit pages.");
         }
@@ -720,241 +884,345 @@ sub cgi_signin ($$) { #{{{
                         $form->field(name => $opt, required => 1);
                 }
         
-               # Validate password differently depending on how form was
-               # submitted.
+               # Validate password differently depending on how
+               # form was submitted.
                 if ($form->submitted eq 'Login') {
                         $form->field(
                                 name => "password",
                                 validate => sub {
-                                       # TODO get real user password
-                                       shift eq "foo";
+                                       length $form->field("name") &&
+                                       shift eq userinfo_get($form->field("name"), 'password');
                                 },
                         );
+                       $form->field(name => "name", validate => '/^\w+$/');
                 }
                 else {
                         $form->field(name => "password", validate => 'VALUE');
                 }
+               # And make sure the entered name exists when logging
+               # in or sending email, and does not when registering.
+               if ($form->submitted eq 'Register') {
+                       $form->field(
+                               name => "name",
+                               validate => sub {
+                                       my $name=shift;
+                                       length $name &&
+                                       ! userinfo_get($name, "regdate");
+                               },
+                       );
+               }
+               else {
+                       $form->field(
+                               name => "name",
+                               validate => sub {
+                                       my $name=shift;
+                                       length $name &&
+                                       userinfo_get($name, "regdate");
+                               },
+                       );
+               }
         }
         else {
-               # Comments only shown first time.
+               # First time settings.
                 $form->field(name => "name", comment => "use FirstnameLastName");
                 $form->field(name => "confirm_password", comment => "(only needed");
                 $form->field(name => "email",            comment => "for registration)");
+               if ($session->param("name")) {
+                       $form->field(name => "name", value => $session->param("name"));
+               }
         }
  
         if ($form->submitted && $form->validate) {
                 if ($form->submitted eq 'Login') {
                         $session->param("name", $form->field("name"));
-                       if (defined $form->field("do")) {
-                               $q->redirect(
-                                       "$cgiurl?do=".$form->field("do").
-                                       "&page=".$form->field("page"));
+                       if (defined $form->field("do") && 
+                           $form->field("do") ne 'signin') {
+                               print $q->redirect(
+                                       "$config{cgiurl}?do=".$form->field("do").
+                                       "&page=".$form->field("page").
+                                       "&from=".$form->field("from"));;
                         }
                         else {
-                               $q->redirect($url);
+                               print $q->redirect($config{url});
                         }
                 }
                 elsif ($form->submitted eq 'Register') {
-                       # TODO: save registration info
-                       $form->field(name => "confirm_password", type => "hidden");
-                       $form->field(name => "email", type => "hidden");
-                       $form->text("Registration successful. Now you can Login.");
-                       print $form->render(submit => ["Login"]);;
+                       my $user_name=$form->field('name');
+                       if (userinfo_set($user_name, {
+                                          'email' => $form->field('email'),
+                                          'password' => $form->field('password'),
+                                          'regdate' => time
+                                        })) {
+                               $form->field(name => "confirm_password", type => "hidden");
+                               $form->field(name => "email", type => "hidden");
+                               $form->text("Registration successful. Now you can Login.");
+                               print $session->header();
+                               print misctemplate($form->title, $form->render(submit => ["Login"]));
+                       }
+                       else {
+                               error("Error saving registration.");
+                       }
                 }
                 elsif ($form->submitted eq 'Mail Password') {
-                       # TODO mail password
+                       my $user_name=$form->field("name");
+                       my $template=HTML::Template->new(
+                               filename => "$config{templatedir}/passwordmail.tmpl"
+                       );
+                       $template->param(
+                               user_name => $user_name,
+                               user_password => userinfo_get($user_name, "password"),
+                               wikiurl => $config{url},
+                               wikiname => $config{wikiname},
+                               REMOTE_ADDR => $ENV{REMOTE_ADDR},
+                       );
+                       
+                       eval q{use Mail::Sendmail};
+                       my ($fromhost) = $config{cgiurl} =~ m!/([^/]+)!;
+                       sendmail(
+                               To => userinfo_get($user_name, "email"),
+                               From => "$config{wikiname} admin <".(getpwuid($>))[0]."@".$fromhost.">",
+                               Subject => "$config{wikiname} information",
+                               Message => $template->output,
+                       ) or error("Failed to send mail");
+                       
                         $form->text("Your password has been emailed to you.");
-                       print $form->render(submit => ["Login", "Register", "Mail Password"]);;
+                       $form->field(name => "name", required => 0);
+                       print $session->header();
+                       print misctemplate($form->title, $form->render(submit => ["Login", "Register", "Mail Password"]));
                 }
         }
         else {
-               print $form->render(submit => ["Login", "Register", "Mail Password"]);;
+               print $session->header();
+               print misctemplate($form->title, $form->render(submit => ["Login", "Register", "Mail Password"]));
         }
  } #}}}
  
-sub cgi () { #{{{
-       eval q{use CGI};
-       eval q{use CGI::Session};
-       
-       my $q=CGI->new;
-       # session id has to be _sessionid for CGI::FormBuilder to work.
-       # TODO: stop having the formbuilder emit cookies and change session
-       # id to something else.
-       CGI::Session->name("_sessionid");
-       my $session = CGI::Session->new(undef, $q,
-               { Directory=> "$srcdir/.ikiwiki/sessions" });
+sub cgi_editpage ($$) { #{{{
+       my $q=shift;
+       my $session=shift;
+
+       eval q{use CGI::FormBuilder};
+       my $form = CGI::FormBuilder->new(
+               fields => [qw(do from page content comments)],
+               header => 1,
+               method => 'POST',
+               validate => {
+                       content => '/.+/',
+               },
+               required => [qw{content}],
+               javascript => 0,
+               params => $q,
+               action => $q->request_uri,
+               table => 0,
+               template => "$config{templatedir}/editpage.tmpl"
+       );
         
-       my $do=$q->param('do');
-       if (! defined $do || ! length $do) {
-               error("\"do\" parameter missing");
+       my ($page)=$form->param('page')=~/$config{wiki_file_regexp}/;
+       if (! defined $page || ! length $page || $page ne $q->param('page') ||
+           $page=~/$config{wiki_file_prune_regexp}/ || $page=~/^\//) {
+               error("bad page name");
         }
+       $page=lc($page);
+
+       $form->field(name => "do", type => 'hidden');
+       $form->field(name => "from", type => 'hidden');
+       $form->field(name => "page", value => "$page", force => 1);
+       $form->field(name => "comments", type => "text", size => 80);
+       $form->field(name => "content", type => "textarea", rows => 20,
+               cols => 80);
         
-       if ($do eq 'recentchanges') {
-               cgi_recentchanges();
+       if ($form->submitted eq "Cancel") {
+               print $q->redirect("$config{url}/".htmlpage($page));
                 return;
         }
-       
-       if ((! $anonok && ! defined $session->param("name")) || $do eq 'signin') {
-               cgi_signin($q, $session);
-               return;
+       elsif ($form->submitted eq "Preview") {
+               $form->tmpl_param("page_preview",
+                       htmlize($config{default_pageext},
+                               linkify($form->field('content'), $page)));
         }
-       
-       my ($page)=$q->param('page')=~/$wiki_file_regexp/;
-       if (! defined $page || ! length $page || $page ne $q->param('page') ||
-           $page=~/$wiki_file_prune_regexp/ || $page=~/^\//) {
-               error("bad page name");
+       else {
+               $form->tmpl_param("page_preview", "");
         }
-       $page=lc($page);
-       
-       my $action=$q->request_uri;
-       $action=~s/\?.*//;
         
-       if ($do eq 'create') {
-               if (exists $pagesources{lc($page)}) {
-                       # hmm, someone else made the page in the meantime?
-                       print $q->redirect("$url/".htmlpage($page));
-               }
-
-               my @page_locs;
-               my ($from)=$q->param('from')=~/$wiki_file_regexp/;
-               if (! defined $from || ! length $from ||
-                   $from ne $q->param('from') ||
-                   $from=~/$wiki_file_prune_regexp/ || $from=~/^\//) {
-                       @page_locs=$page;
-               }
-               else {
-                       my $dir=$from."/";
-                       $dir=~s![^/]+/$!!;
-                       push @page_locs, $dir.$page;
-                       push @page_locs, "$from/$page";
-                       while (length $dir) {
+       if (! $form->submitted || $form->submitted eq "Preview" || 
+           ! $form->validate) {
+               if ($form->field("do") eq "create") {
+                       if (exists $pagesources{lc($page)}) {
+                               # hmm, someone else made the page in the
+                               # meantime?
+                               print $q->redirect("$config{url}/".htmlpage($page));
+                               return;
+                       }
+                       
+                       my @page_locs;
+                       my $best_loc;
+                       my ($from)=$form->param('from')=~/$config{wiki_file_regexp}/;
+                       if (! defined $from || ! length $from ||
+                           $from ne $form->param('from') ||
+                           $from=~/$config{wiki_file_prune_regexp}/ || $from=~/^\//) {
+                               @page_locs=$best_loc=$page;
+                       }
+                       else {
+                               my $dir=$from."/";
                                 $dir=~s![^/]+/$!!;
                                 push @page_locs, $dir.$page;
+                               push @page_locs, "$from/$page";
+                               $best_loc="$from/$page";
+                               while (length $dir) {
+                                       $dir=~s![^/]+/$!!;
+                                       push @page_locs, $dir.$page;
+                               }
+
+                               @page_locs = grep { ! exists
+                                       $pagesources{lc($_)} } @page_locs;
                         }
+
+                       $form->tmpl_param("page_select", 1);
+                       $form->field(name => "page", type => 'select',
+                               options => \@page_locs, value => $best_loc);
+                       $form->title("creating $page");
+               }
+               elsif ($form->field("do") eq "edit") {
+                       if (! length $form->field('content')) {
+                               my $content="";
+                               if (exists $pagesources{lc($page)}) {
+                                               $content=readfile("$config{srcdir}/$pagesources{lc($page)}");
+                                       $content=~s/\n/\r\n/g;
+                               }
+                               $form->field(name => "content", value => $content,
+                                       force => 1);
+                       }
+                       $form->tmpl_param("page_select", 0);
+                       $form->field(name => "page", type => 'hidden');
+                       $form->title("editing $page");
                 }
                 
-               $q->param("do", "save");
-               print $q->header,
-                     $q->start_html("Creating $page"),
-                     $q->h1(indexlink()." Creating $page"),
-                     $q->start_form(-action => $action),
-                     $q->hidden('do'),
-                     "Select page location:",
-                     $q->popup_menu('page', \@page_locs),
-                     $q->textarea(-name => 'content',
-                              -default => "",
-                              -rows => 20,
-                              -columns => 80),
-                     $q->br,
-                     "Optional comment about this change:",
-                     $q->br,
-                     $q->textfield(-name => "comments", -size => 80),
-                     $q->br,
-                     $q->submit("Save Page"),
-                     $q->end_form,
-                     $q->end_html;
-       }
-       elsif ($do eq 'edit') {
-               my $content="";
-               if (exists $pagesources{lc($page)}) {
-                       $content=readfile("$srcdir/$pagesources{lc($page)}");
-                       $content=~s/\n/\r\n/g;
-               }
-               $q->param("do", "save");
-               print $q->header,
-                     $q->start_html("Editing $page"),
-                     $q->h1(indexlink()." Editing $page"),
-                     $q->start_form(-action => $action),
-                     $q->hidden('do'),
-                     $q->hidden('page'),
-                     $q->textarea(-name => 'content',
-                              -default => $content,
-                              -rows => 20,
-                              -columns => 80),
-                     $q->br,
-                     "Optional comment about this change:",
-                     $q->br,
-                     $q->textfield(-name => "comments", -size => 80),
-                     $q->br,
-                     $q->submit("Save Page"),
-                     $q->end_form,
-                     $q->end_html;
-       }
-       elsif ($do eq 'save') {
-               my $file=$page.$default_pagetype;
+               $form->tmpl_param("can_commit", $config{svn});
+               $form->tmpl_param("indexlink", indexlink());
+               print $form->render(submit => ["Save Page", "Preview", "Cancel"]);
+       }
+       else {
+               # save page
+               my $file=$page.$config{default_pageext};
                 my $newfile=1;
                 if (exists $pagesources{lc($page)}) {
                         $file=$pagesources{lc($page)};
                         $newfile=0;
                 }
                 
-               my $content=$q->param('content');
+               my $content=$form->field('content');
                 $content=~s/\r\n/\n/g;
                 $content=~s/\r/\n/g;
-               writefile("$srcdir/$file", $content);
+               writefile("$config{srcdir}/$file", $content);
                 
-               my $message="web commit from $ENV{REMOTE_ADDR}";
-               if (defined $q->param('comments')) {
-                       $message.=": ".$q->param('comments');
+               my $message="web commit ";
+               if ($session->param("name")) {
+                       $message.="by ".$session->param("name");
+               }
+               else {
+                       $message.="from $ENV{REMOTE_ADDR}";
+               }
+               if (defined $form->field('comments') &&
+                   length $form->field('comments')) {
+                       $message.=": ".$form->field('comments');
                 }
                 
-               if ($svn) {
+               if ($config{svn}) {
                         if ($newfile) {
                                 rcs_add($file);
                         }
+                       # prevent deadlock with post-commit hook
+                       unlockwiki();
                         # presumably the commit will trigger an update
                         # of the wiki
                         rcs_commit($message);
                 }
                 else {
+                       loadindex();
                         refresh();
+                       saveindex();
                 }
                 
-               print $q->redirect("$url/".htmlpage($page));
+               # The trailing question mark tries to avoid broken
+               # caches and get the most recent version of the page.
+               print $q->redirect("$config{url}/".htmlpage($page)."?updated");
+       }
+} #}}}
+
+sub cgi () { #{{{
+       eval q{use CGI};
+       eval q{use CGI::Session};
+       
+       my $q=CGI->new;
+       
+       my $do=$q->param('do');
+       if (! defined $do || ! length $do) {
+               error("\"do\" parameter missing");
+       }
+       
+       # This does not need a session.
+       if ($do eq 'recentchanges') {
+               cgi_recentchanges($q);
+               return;
+       }
+       
+       CGI::Session->name("ikiwiki_session");
+
+       my $oldmask=umask(077);
+       my $session = CGI::Session->new("driver:db_file", $q,
+               { FileName => "$config{srcdir}/.ikiwiki/sessions.db" });
+       umask($oldmask);
+       
+       # Everything below this point needs the user to be signed in.
+       if ((! $config{anonok} && ! defined $session->param("name") ||
+               ! userinfo_get($session->param("name"), "regdate")) || $do eq 'signin') {
+               cgi_signin($q, $session);
+       
+               # Force session flush with safe umask.
+               my $oldmask=umask(077);
+               $session->flush;
+               umask($oldmask);
+               
+               return;
+       }
+       
+       if ($do eq 'create' || $do eq 'edit') {
+               cgi_editpage($q, $session);
         }
         else {
                 error("unknown do parameter");
         }
  } #}}}
  
-# main {{{
-my $rebuild=0;
-my $wrapper=0;
-if (grep /^-/, @ARGV) {
-       eval {use Getopt::Long};
-       GetOptions(
-               "wikiname=s" => \$wikiname,
-               "verbose|v" => \$verbose,
-               "rebuild" => \$rebuild,
-               "wrapper" => \$wrapper,
-               "svn!" => \$svn,
-               "anonok!" => \$anonok,
-               "cgi" => \$cgi,
-               "url=s" => \$url,
-               "cgiurl=s" => \$cgiurl,
-               "historyurl=s" => \$historyurl,
-       ) || usage();
-}
-usage() unless @ARGV == 3;
-($srcdir) = possibly_foolish_untaint(shift);
-($templatedir) = possibly_foolish_untaint(shift);
-($destdir) = possibly_foolish_untaint(shift);
+sub setup () { # {{{
+       my $setup=possibly_foolish_untaint($config{setup});
+       delete $config{setup};
+       open (IN, $setup) || error("read $setup: $!\n");
+       local $/=undef;
+       my $code=<IN>;
+       ($code)=$code=~/(.*)/s;
+       close IN;
  
-print cgi_recentchanges();
+       eval $code;
+       error($@) if $@;
+       exit;
+} #}}}
  
-if ($cgi && ! length $url) {
-       error("Must specify url to wiki with --url when using --cgi");
+# main {{{
+lockwiki();
+setup() if $config{setup};
+if ($config{wrapper}) {
+       gen_wrapper(%config);
+       exit;
  }
-
-gen_wrapper($svn, $rebuild) if $wrapper;
  memoize('pagename');
  memoize('bestlink');
-loadindex() unless $rebuild;
-if ($cgi) {
+loadindex() unless $config{rebuild};
+if ($config{cgi}) {
         cgi();
  }
  else {
-       rcs_update() if $svn;
+       rcs_update() if $config{svn};
         refresh();
         saveindex();
  }