summaryrefslogtreecommitdiff
path: root/pinyweb
diff options
context:
space:
mode:
authorJulian Blake Kongslie <jblake@omgwallhack.org>2011-04-20 22:59:08 -0700
committerJulian Blake Kongslie <jblake@omgwallhack.org>2011-04-20 22:59:08 -0700
commit5693d353d000673f49b83e77b29eb1321a300441 (patch)
tree1f595e9f7ee82c28c30296b6bd38f971bb8ad0a0 /pinyweb
parent8efa5148fad4266d573ab4d488801abc7c83cd6f (diff)
downloadpiny-code-5693d353d000673f49b83e77b29eb1321a300441.tar.gz
piny-code-5693d353d000673f49b83e77b29eb1321a300441.zip
introduce some semblance of security for the newuser cgi.
Diffstat (limited to 'pinyweb')
-rwxr-xr-xpinyweb/cgi-bin/newuser.cgi11
1 files changed, 9 insertions, 2 deletions
diff --git a/pinyweb/cgi-bin/newuser.cgi b/pinyweb/cgi-bin/newuser.cgi
index 7763f67..4f1263b 100755
--- a/pinyweb/cgi-bin/newuser.cgi
+++ b/pinyweb/cgi-bin/newuser.cgi
@@ -9,12 +9,19 @@ use CGI;
use IPC::Open2;
+use Piny::Auth;
+
$q = CGI->new;
print( "Content-type: text/plain\n\n" );
if( $q->param("n") && $q->param("a") && $q->param("p") ) {
- if ( $q->param("h") && $q->param("h") eq "REPLACE_THIS_WITH_REFERENCE_TO_HASH" ) {
+
+ my $auth = Piny::Auth->new( );
+
+ my $code = $auth->hash( { "n" => $q->param( "n" ), "a" => $q->param( "a" ), "p" => $q->param( "p" ) } );
+
+ if ( $q->param("h") && $q->param("h") eq $code ) {
unless( open2( OUT, IN, "/usr/bin/sudo", "/usr/sbin/newuser", "--batch", $q->param("a"), $q->param("n") ) ) {
print "could not execute newrepo";
die;
@@ -41,7 +48,7 @@ if( $q->param("n") && $q->param("a") && $q->param("p") ) {
print( MAIL "s" );
};
print( MAIL "://" . $ENV{"SERVER_NAME"} . $ENV{"SCRIPT_NAME"} . "?" );
- print( MAIL "h=" . "REPLACE_THIS_WITH_REFERENCE_TO_HASH" );
+ print( MAIL "h=" . $code );
print( MAIL "&n=" . $q->param("n") );
print( MAIL "&a=" . $q->param("a") );
print( MAIL "&p=" . $q->param("p") );