[vhffs-dev] [499] Confirmation doesn't use cookie anymore

[ Thread Index | Date Index | More vhffs.org/vhffs-dev Archives ]

To: vhffs-dev@xxxxxxxxx
Subject: [vhffs-dev] [499] Confirmation doesn't use cookie anymore
From: subversion@xxxxxxxxx
Date: Wed, 28 Feb 2007 17:41:05 +0100

Revision: 499
Author:   gradator
Date:     2007-02-28 16:41:02 +0000 (Wed, 28 Feb 2007)

Log Message:
-----------
Confirmation doesn't use cookie anymore

Modified Paths:
--------------
    branches/vhffs_4.1/vhffs-api/src/Vhffs/Conf.pm
    branches/vhffs_4.1/vhffs-api/src/Vhffs/Panel/Confirmation.pm
    branches/vhffs_4.1/vhffs-backend/conf/vhffs.conf
    branches/vhffs_4.1/vhffs-panel/show_code.pl
    branches/vhffs_4.1/vhffs-panel/subscribe.pl
    branches/vhffs_4.1/vhffs-panel/templates/user/create.tmpl

Modified: branches/vhffs_4.1/vhffs-api/src/Vhffs/Conf.pm
===================================================================
--- branches/vhffs_4.1/vhffs-api/src/Vhffs/Conf.pm	2007-02-28 12:46:44 UTC (rev 498)
+++ branches/vhffs_4.1/vhffs-api/src/Vhffs/Conf.pm	2007-02-28 16:41:02 UTC (rev 499)
@@ -533,6 +533,13 @@
 	return 0;
 }
 
+sub get_panel_subscribe_code_encrypt_key
+{
+	my $key = $Config{"global"}{"panel"}{"subscribe_code_encrypt_key"};
+	return "" unless( $key =~ /\w{8}/ );
+	return $key;
+}
+
 sub get_panel_avatar
 {
 	if( $Config{"global"}{"panel"}{"use_avatar"} )

Modified: branches/vhffs_4.1/vhffs-api/src/Vhffs/Panel/Confirmation.pm
===================================================================
--- branches/vhffs_4.1/vhffs-api/src/Vhffs/Panel/Confirmation.pm	2007-02-28 12:46:44 UTC (rev 498)
+++ branches/vhffs_4.1/vhffs-api/src/Vhffs/Panel/Confirmation.pm	2007-02-28 16:41:02 UTC (rev 499)
@@ -40,7 +40,8 @@
 use strict;
 use diagnostics;
 
-use Digest::MD5;
+use Vhffs::Main;
+#use Digest::MD5;
 
 package Vhffs::Panel::Confirmation;
 
@@ -49,20 +50,38 @@
 # Returns the clear text confirmation code used for display
 # and an hash used to verify correctness of the user's 
 # provided code with check_code
-sub generate_code() {
-    my $ret = {};
+sub generate_code($) {
+	my $vhffs = shift;
+	my $ret = {};
     
 	my $code = '';
 	for (0 .. 7) { $code .= ('a'..'z', 'A'..'Z', '0'..'9')[int rand 62] ; }	
-    $ret->{clear} = $code;
-    $ret->{hash} = Digest::MD5::md5_hex($code);
-    return $ret;
+	$ret->{clear} = $code;
+#	$ret->{hash} = Digest::MD5::md5_hex($code);
+
+	my $key = $vhffs->get_config->get_panel_subscribe_code_encrypt_key;
+	$ret->{key} = $key;
+
+	my $crypted = $code ^ $key;
+	$ret->{crypted} = $crypted;
+	$ret->{cryptedhexa} = unpack("H*", $crypted);
+
+	return $ret;
 }
 
-sub check_code($$) {
-    my ($code, $hash) = @_;
-    return (Digest::MD5::md5_hex($code) eq $hash);
+sub decrypt_code($$)  {
+	my $vhffs = shift;
+	my $code = shift;
+
+	$code = pack("H*", $code);
+	$code = $code ^ $vhffs->get_config->get_panel_subscribe_code_encrypt_key;
+	return $code;
 }
 
+sub check_code($$$) {
+	my ( $vhffs, $clear1, $crypt) = @_;
+	my $clear2 = decrypt_code( $vhffs, $crypt );
+	return ( $clear1 eq $clear2 );
+}
+
 1;
-

Modified: branches/vhffs_4.1/vhffs-backend/conf/vhffs.conf
===================================================================
--- branches/vhffs_4.1/vhffs-backend/conf/vhffs.conf	2007-02-28 12:46:44 UTC (rev 498)
+++ branches/vhffs_4.1/vhffs-backend/conf/vhffs.conf	2007-02-28 16:41:02 UTC (rev 499)
@@ -79,6 +79,9 @@
 		#Is the panel open or not ?
 		open			= yes
 
+		#Key to crypt the confirmation code, it must be 8 characters long
+		subscribe_code_encrypt_key	=	AbCdEfGh
+
 		#Use the public section of VHFFS
 		use_public		=	yes
 

Modified: branches/vhffs_4.1/vhffs-panel/show_code.pl
===================================================================
--- branches/vhffs_4.1/vhffs-panel/show_code.pl	2007-02-28 12:46:44 UTC (rev 498)
+++ branches/vhffs_4.1/vhffs-panel/show_code.pl	2007-02-28 16:41:02 UTC (rev 499)
@@ -51,7 +51,8 @@
 $cgi 		= new CGI;
 $vhffs		= init Vhffs::Main;	
 
-$code		= Vhffs::Panel::Confirmation::generate_code( );
+$code = $cgi->param("code");
+exit 0 unless ( defined $code && $code =~ /[0-9a-fA-F]{16}/ );
 
 #if(( ! ( defined $code )  ) || ( ! ( defined $cid ) ) )
 #{
@@ -72,7 +73,8 @@
     width       => 70,
     line_space  => 0,
     color       => $black, 
-    text        => $code->{clear},
+#    text        => $code->{clear},
+    text        => Vhffs::Panel::Confirmation::decrypt_code( $vhffs , $code ),
 );
 $wp->set_font(gdLargeFont, 14);
 $wp->set(align => 'center');
@@ -80,10 +82,12 @@
 $wp->set(para_space => 10, preserve_nl => 0);
 # Assume the user has set FONT_PATH or TTF_FONT_PATH
 #$wp->font_path('/usr/share/fonts/ttfonts');
-my $cookie =  CGI->cookie( CODE_HASH => $code->{hash} );
-print CGI->header( -type=>"image/png", -cookie => $cookie );
 
-binmode STDOUT ;
+#my $cookie =  CGI->cookie( CODE_HASH => $code->{hash} );
+#print CGI->header( -type=>"image/png", -cookie => $cookie );
+print CGI->header( -type=>"image/png" );
+
+binmode STDOUT;
 print STDOUT $gd->png();
-
+fflush STDOUT;
 close STDOUT;

Modified: branches/vhffs_4.1/vhffs-panel/subscribe.pl
===================================================================
--- branches/vhffs_4.1/vhffs-panel/subscribe.pl	2007-02-28 12:46:44 UTC (rev 498)
+++ branches/vhffs_4.1/vhffs-panel/subscribe.pl	2007-02-28 16:41:02 UTC (rev 499)
@@ -68,8 +68,8 @@
 my $country 	= $cgi->param("COUNTRY");
 my $address 	= $cgi->param("ADDRESS");
 my $code 		= $cgi->param("CONFIRMATION");
+my $cryptcode 	= $cgi->param("CRYPTED_CODE");
 my @errors = ();
-my $code_hash = CGI->cookie('CODE_HASH');
 my $template;
 my $message;
 
@@ -80,7 +80,7 @@
         $template->param( MESSAGE => gettext("You cannot subscribe to VHFFS") );
 } elsif( defined $submitted ) {
 # don't check if form hasn't been submitted
-	if( ( ! defined $code ) || ( ! Vhffs::Panel::Confirmation::check_code($code, $code_hash ) ) )
+	if( ( ! defined $code ) || ( ! Vhffs::Panel::Confirmation::check_code( $vhffs, $code, $cryptcode ) ) )
 	{
 		push(@errors, {error => gettext("Codes do not match")});
 	}
@@ -205,6 +205,10 @@
     $template->param( ADDRESS_TEXT          => gettext("Address") );
     $template->param( SEND                  => gettext("Subscribe") );
     $template->param( BACK                  => gettext("Back to Login") );
+
+    my $code = Vhffs::Panel::Confirmation::generate_code( $vhffs );
+    $template->param( CRYPTED_CODE   => $code->{'cryptedhexa'} );
+
     $template->param( CONFIRMATION_TEXT     => gettext("Code confirmation") );
     $template->param( REPEAT_CONFIRMATION_TEXT      => gettext("Recopy the code") );
 }

Modified: branches/vhffs_4.1/vhffs-panel/templates/user/create.tmpl
===================================================================
--- branches/vhffs_4.1/vhffs-panel/templates/user/create.tmpl	2007-02-28 12:46:44 UTC (rev 498)
+++ branches/vhffs_4.1/vhffs-panel/templates/user/create.tmpl	2007-02-28 16:41:02 UTC (rev 499)
@@ -76,7 +76,7 @@
 					<label for="CONFIRMATION">
 						<TMPL_VAR NAME="CONFIRMATION_TEXT">
 					</label>
-						<img src="show_code.pl"/>
+						<img src="show_code.pl?code=<TMPL_VAR NAME="CRYPTED_CODE">"/>
 				</p>
 				<p>
 					<label for="CONFIRMATION">
@@ -84,6 +84,7 @@
 					</label>
 					<input type="text" name="CONFIRMATION"  id="CONFIRMATION" maxlength="16"/>
 				</p>
+					<input type="hidden" name="CRYPTED_CODE" id="CRYPTED_CODE" value="<TMPL_VAR NAME="CRYPTED_CODE">"/>
 				<p class="button">
 					<input type="submit" value="<TMPL_VAR NAME="SEND">" name="CREATE_SUBMIT"/>
 				</p>

Messages sorted by: [ date | thread ]
Prev by Date: [vhffs-dev] [498] Oops ;)
Next by Date: [vhffs-dev] [500] Don't load vhffs API anymore ;)
Previous by thread: [vhffs-dev] [498] Oops ;)
Next by thread: [vhffs-dev] [500] Don't load vhffs API anymore ;)

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/