diff options
author | jrayhawk+piny.be@omgwallhack.org <jrayhawk+piny.be@omgwallhack.org> | 2011-04-27 19:54:55 -0700 |
---|---|---|
committer | jrayhawk+piny.be@omgwallhack.org <jrayhawk+piny.be@omgwallhack.org> | 2011-04-27 19:54:55 -0700 |
commit | 9e14ca59336cd54ad816df36de3cb92b8d5114e9 (patch) | |
tree | c60dc7e6887aab5bd972a8b746ef54dbcb1b5c9c /pinyweb/cgi-bin/newuser.cgi | |
parent | 33315ba67aaa322178936870feb3db3789a281bf (diff) | |
parent | 8618586c6eb3c02b71883fbe2010d2ac28484bf6 (diff) | |
download | piny-code-9e14ca59336cd54ad816df36de3cb92b8d5114e9.tar.gz piny-code-9e14ca59336cd54ad816df36de3cb92b8d5114e9.zip |
Merge branch 'master' of piny.be:/srv/git/piny-code
Diffstat (limited to 'pinyweb/cgi-bin/newuser.cgi')
-rwxr-xr-x | pinyweb/cgi-bin/newuser.cgi | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/pinyweb/cgi-bin/newuser.cgi b/pinyweb/cgi-bin/newuser.cgi index 4f1263b..0fad219 100755 --- a/pinyweb/cgi-bin/newuser.cgi +++ b/pinyweb/cgi-bin/newuser.cgi @@ -7,19 +7,32 @@ use warnings; use CGI; +use Crypt::CBC; use IPC::Open2; +use MIME::Base32 qw( RFC ); use Piny::Auth; +my $auth = Piny::Auth->new( ); + +my $cipher = Crypt::CBC->new( "-key" => $auth->key, "-cipher" => "Blowfish" ); + $q = CGI->new; print( "Content-type: text/plain\n\n" ); if( $q->param("n") && $q->param("a") && $q->param("p") ) { - my $auth = Piny::Auth->new( ); + my $pass = $q->param("p"); + my $code; - my $code = $auth->hash( { "n" => $q->param( "n" ), "a" => $q->param( "a" ), "p" => $q->param( "p" ) } ); + if ( $q->param("h") ) { + $pass = $cipher->decrypt( decode_base32( $pass ) ); + $code = $auth->hash( { "n" => $q->param( "n" ), "a" => $q->param( "a" ), "p" => $pass } ); + } else { + $code = $auth->hash( { "n" => $q->param( "n" ), "a" => $q->param( "a" ), "p" => $pass } ); + $pass = encode_base32( $cipher->encrypt( $pass ) ); + }; if ( $q->param("h") && $q->param("h") eq $code ) { unless( open2( OUT, IN, "/usr/bin/sudo", "/usr/sbin/newuser", "--batch", $q->param("a"), $q->param("n") ) ) { @@ -29,7 +42,7 @@ if( $q->param("n") && $q->param("a") && $q->param("p") ) { # make things flushier select((select(IN), $| = 1)[0]); select((select(OUT), $| = 1)[0]); - print( IN $q->param("p") . "\n" ); + print( IN $pass . "\n" ); close( IN ); while( <OUT> ) { print; @@ -51,7 +64,7 @@ if( $q->param("n") && $q->param("a") && $q->param("p") ) { print( MAIL "h=" . $code ); print( MAIL "&n=" . $q->param("n") ); print( MAIL "&a=" . $q->param("a") ); - print( MAIL "&p=" . $q->param("p") ); + print( MAIL "&p=" . $pass ); print( MAIL "\n"); close( MAIL ); print( "Done!" ); |