diff options
author | Julian Blake Kongslie <jblake@omgwallhack.org> | 2011-04-27 19:53:48 -0700 |
---|---|---|
committer | Julian Blake Kongslie <jblake@omgwallhack.org> | 2011-04-27 19:53:48 -0700 |
commit | 09d1019b00a93db543d604802878a03dc8155f76 (patch) | |
tree | 4ea391e9b3ac0bf3ad09958ca58088c142be26d6 /pinyweb/cgi-bin/newuser.cgi | |
parent | 127b307d286fd851bebf2b067bc8645a6e22f04a (diff) | |
download | piny-code-09d1019b00a93db543d604802878a03dc8155f76.tar.gz piny-code-09d1019b00a93db543d604802878a03dc8155f76.zip |
joe is a whiny baby who doesn't want password sent in cleartext
Diffstat (limited to 'pinyweb/cgi-bin/newuser.cgi')
-rwxr-xr-x | pinyweb/cgi-bin/newuser.cgi | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/pinyweb/cgi-bin/newuser.cgi b/pinyweb/cgi-bin/newuser.cgi index 4f1263b..0fad219 100755 --- a/pinyweb/cgi-bin/newuser.cgi +++ b/pinyweb/cgi-bin/newuser.cgi @@ -7,19 +7,32 @@ use warnings; use CGI; +use Crypt::CBC; use IPC::Open2; +use MIME::Base32 qw( RFC ); use Piny::Auth; +my $auth = Piny::Auth->new( ); + +my $cipher = Crypt::CBC->new( "-key" => $auth->key, "-cipher" => "Blowfish" ); + $q = CGI->new; print( "Content-type: text/plain\n\n" ); if( $q->param("n") && $q->param("a") && $q->param("p") ) { - my $auth = Piny::Auth->new( ); + my $pass = $q->param("p"); + my $code; - my $code = $auth->hash( { "n" => $q->param( "n" ), "a" => $q->param( "a" ), "p" => $q->param( "p" ) } ); + if ( $q->param("h") ) { + $pass = $cipher->decrypt( decode_base32( $pass ) ); + $code = $auth->hash( { "n" => $q->param( "n" ), "a" => $q->param( "a" ), "p" => $pass } ); + } else { + $code = $auth->hash( { "n" => $q->param( "n" ), "a" => $q->param( "a" ), "p" => $pass } ); + $pass = encode_base32( $cipher->encrypt( $pass ) ); + }; if ( $q->param("h") && $q->param("h") eq $code ) { unless( open2( OUT, IN, "/usr/bin/sudo", "/usr/sbin/newuser", "--batch", $q->param("a"), $q->param("n") ) ) { @@ -29,7 +42,7 @@ if( $q->param("n") && $q->param("a") && $q->param("p") ) { # make things flushier select((select(IN), $| = 1)[0]); select((select(OUT), $| = 1)[0]); - print( IN $q->param("p") . "\n" ); + print( IN $pass . "\n" ); close( IN ); while( <OUT> ) { print; @@ -51,7 +64,7 @@ if( $q->param("n") && $q->param("a") && $q->param("p") ) { print( MAIL "h=" . $code ); print( MAIL "&n=" . $q->param("n") ); print( MAIL "&a=" . $q->param("a") ); - print( MAIL "&p=" . $q->param("p") ); + print( MAIL "&p=" . $pass ); print( MAIL "\n"); close( MAIL ); print( "Done!" ); |