1 files changed, 17 insertions, 4 deletions

diff --git a/pinyweb/cgi-bin/newuser.cgi b/pinyweb/cgi-bin/newuser.cgi
index 4f1263b..0fad219 100755
--- a/pinyweb/cgi-bin/newuser.cgi
+++ b/pinyweb/cgi-bin/newuser.cgi
@@ -7,19 +7,32 @@ use warnings;
 
 use CGI;
 
+use Crypt::CBC;
 use IPC::Open2;
+use MIME::Base32 qw( RFC );
 
 use Piny::Auth;
 
+my $auth = Piny::Auth->new( );
+
+my $cipher = Crypt::CBC->new( "-key" => $auth->key, "-cipher" => "Blowfish" );
+
 $q = CGI->new;
 
 print( "Content-type: text/plain\n\n" );
 
 if( $q->param("n") && $q->param("a") && $q->param("p") ) {
 
-  my $auth = Piny::Auth->new( );
+  my $pass = $q->param("p");
+  my $code;
 
-  my $code = $auth->hash( { "n" => $q->param( "n" ), "a" => $q->param( "a" ), "p" => $q->param( "p" ) } );
+  if ( $q->param("h") ) {
+    $pass = $cipher->decrypt( decode_base32( $pass ) );
+    $code = $auth->hash( { "n" => $q->param( "n" ), "a" => $q->param( "a" ), "p" => $pass } );
+  } else {
+    $code = $auth->hash( { "n" => $q->param( "n" ), "a" => $q->param( "a" ), "p" => $pass } );
+    $pass = encode_base32( $cipher->encrypt( $pass ) );
+  };
 
   if ( $q->param("h") && $q->param("h") eq $code ) {
     unless( open2( OUT, IN, "/usr/bin/sudo", "/usr/sbin/newuser", "--batch", $q->param("a"), $q->param("n") ) ) {
@@ -29,7 +42,7 @@ if( $q->param("n") && $q->param("a") && $q->param("p") ) {
     # make things flushier
     select((select(IN), $| = 1)[0]);
     select((select(OUT), $| = 1)[0]);
-    print( IN $q->param("p") . "\n" );
+    print( IN $pass . "\n" );
     close( IN );
     while( <OUT> ) {
       print;
@@ -51,7 +64,7 @@ if( $q->param("n") && $q->param("a") && $q->param("p") ) {
     print( MAIL "h=" . $code );
     print( MAIL "&n=" . $q->param("n") );
     print( MAIL "&a=" . $q->param("a") );
-    print( MAIL "&p=" . $q->param("p") );
+    print( MAIL "&p=" . $pass );
     print( MAIL "\n");
     close( MAIL ); 
     print( "Done!" );