[vhffs-dev] [499] Confirmation doesn't use cookie anymore |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 499
Author: gradator
Date: 2007-02-28 16:41:02 +0000 (Wed, 28 Feb 2007)
Log Message:
-----------
Confirmation doesn't use cookie anymore
Modified Paths:
--------------
branches/vhffs_4.1/vhffs-api/src/Vhffs/Conf.pm
branches/vhffs_4.1/vhffs-api/src/Vhffs/Panel/Confirmation.pm
branches/vhffs_4.1/vhffs-backend/conf/vhffs.conf
branches/vhffs_4.1/vhffs-panel/show_code.pl
branches/vhffs_4.1/vhffs-panel/subscribe.pl
branches/vhffs_4.1/vhffs-panel/templates/user/create.tmpl
Modified: branches/vhffs_4.1/vhffs-api/src/Vhffs/Conf.pm
===================================================================
--- branches/vhffs_4.1/vhffs-api/src/Vhffs/Conf.pm 2007-02-28 12:46:44 UTC (rev 498)
+++ branches/vhffs_4.1/vhffs-api/src/Vhffs/Conf.pm 2007-02-28 16:41:02 UTC (rev 499)
@@ -533,6 +533,13 @@
return 0;
}
+sub get_panel_subscribe_code_encrypt_key
+{
+ my $key = $Config{"global"}{"panel"}{"subscribe_code_encrypt_key"};
+ return "" unless( $key =~ /\w{8}/ );
+ return $key;
+}
+
sub get_panel_avatar
{
if( $Config{"global"}{"panel"}{"use_avatar"} )
Modified: branches/vhffs_4.1/vhffs-api/src/Vhffs/Panel/Confirmation.pm
===================================================================
--- branches/vhffs_4.1/vhffs-api/src/Vhffs/Panel/Confirmation.pm 2007-02-28 12:46:44 UTC (rev 498)
+++ branches/vhffs_4.1/vhffs-api/src/Vhffs/Panel/Confirmation.pm 2007-02-28 16:41:02 UTC (rev 499)
@@ -40,7 +40,8 @@
use strict;
use diagnostics;
-use Digest::MD5;
+use Vhffs::Main;
+#use Digest::MD5;
package Vhffs::Panel::Confirmation;
@@ -49,20 +50,38 @@
# Returns the clear text confirmation code used for display
# and an hash used to verify correctness of the user's
# provided code with check_code
-sub generate_code() {
- my $ret = {};
+sub generate_code($) {
+ my $vhffs = shift;
+ my $ret = {};
my $code = '';
for (0 .. 7) { $code .= ('a'..'z', 'A'..'Z', '0'..'9')[int rand 62] ; }
- $ret->{clear} = $code;
- $ret->{hash} = Digest::MD5::md5_hex($code);
- return $ret;
+ $ret->{clear} = $code;
+# $ret->{hash} = Digest::MD5::md5_hex($code);
+
+ my $key = $vhffs->get_config->get_panel_subscribe_code_encrypt_key;
+ $ret->{key} = $key;
+
+ my $crypted = $code ^ $key;
+ $ret->{crypted} = $crypted;
+ $ret->{cryptedhexa} = unpack("H*", $crypted);
+
+ return $ret;
}
-sub check_code($$) {
- my ($code, $hash) = @_;
- return (Digest::MD5::md5_hex($code) eq $hash);
+sub decrypt_code($$) {
+ my $vhffs = shift;
+ my $code = shift;
+
+ $code = pack("H*", $code);
+ $code = $code ^ $vhffs->get_config->get_panel_subscribe_code_encrypt_key;
+ return $code;
}
+sub check_code($$$) {
+ my ( $vhffs, $clear1, $crypt) = @_;
+ my $clear2 = decrypt_code( $vhffs, $crypt );
+ return ( $clear1 eq $clear2 );
+}
+
1;
-
Modified: branches/vhffs_4.1/vhffs-backend/conf/vhffs.conf
===================================================================
--- branches/vhffs_4.1/vhffs-backend/conf/vhffs.conf 2007-02-28 12:46:44 UTC (rev 498)
+++ branches/vhffs_4.1/vhffs-backend/conf/vhffs.conf 2007-02-28 16:41:02 UTC (rev 499)
@@ -79,6 +79,9 @@
#Is the panel open or not ?
open = yes
+ #Key to crypt the confirmation code, it must be 8 characters long
+ subscribe_code_encrypt_key = AbCdEfGh
+
#Use the public section of VHFFS
use_public = yes
Modified: branches/vhffs_4.1/vhffs-panel/show_code.pl
===================================================================
--- branches/vhffs_4.1/vhffs-panel/show_code.pl 2007-02-28 12:46:44 UTC (rev 498)
+++ branches/vhffs_4.1/vhffs-panel/show_code.pl 2007-02-28 16:41:02 UTC (rev 499)
@@ -51,7 +51,8 @@
$cgi = new CGI;
$vhffs = init Vhffs::Main;
-$code = Vhffs::Panel::Confirmation::generate_code( );
+$code = $cgi->param("code");
+exit 0 unless ( defined $code && $code =~ /[0-9a-fA-F]{16}/ );
#if(( ! ( defined $code ) ) || ( ! ( defined $cid ) ) )
#{
@@ -72,7 +73,8 @@
width => 70,
line_space => 0,
color => $black,
- text => $code->{clear},
+# text => $code->{clear},
+ text => Vhffs::Panel::Confirmation::decrypt_code( $vhffs , $code ),
);
$wp->set_font(gdLargeFont, 14);
$wp->set(align => 'center');
@@ -80,10 +82,12 @@
$wp->set(para_space => 10, preserve_nl => 0);
# Assume the user has set FONT_PATH or TTF_FONT_PATH
#$wp->font_path('/usr/share/fonts/ttfonts');
-my $cookie = CGI->cookie( CODE_HASH => $code->{hash} );
-print CGI->header( -type=>"image/png", -cookie => $cookie );
-binmode STDOUT ;
+#my $cookie = CGI->cookie( CODE_HASH => $code->{hash} );
+#print CGI->header( -type=>"image/png", -cookie => $cookie );
+print CGI->header( -type=>"image/png" );
+
+binmode STDOUT;
print STDOUT $gd->png();
-
+fflush STDOUT;
close STDOUT;
Modified: branches/vhffs_4.1/vhffs-panel/subscribe.pl
===================================================================
--- branches/vhffs_4.1/vhffs-panel/subscribe.pl 2007-02-28 12:46:44 UTC (rev 498)
+++ branches/vhffs_4.1/vhffs-panel/subscribe.pl 2007-02-28 16:41:02 UTC (rev 499)
@@ -68,8 +68,8 @@
my $country = $cgi->param("COUNTRY");
my $address = $cgi->param("ADDRESS");
my $code = $cgi->param("CONFIRMATION");
+my $cryptcode = $cgi->param("CRYPTED_CODE");
my @errors = ();
-my $code_hash = CGI->cookie('CODE_HASH');
my $template;
my $message;
@@ -80,7 +80,7 @@
$template->param( MESSAGE => gettext("You cannot subscribe to VHFFS") );
} elsif( defined $submitted ) {
# don't check if form hasn't been submitted
- if( ( ! defined $code ) || ( ! Vhffs::Panel::Confirmation::check_code($code, $code_hash ) ) )
+ if( ( ! defined $code ) || ( ! Vhffs::Panel::Confirmation::check_code( $vhffs, $code, $cryptcode ) ) )
{
push(@errors, {error => gettext("Codes do not match")});
}
@@ -205,6 +205,10 @@
$template->param( ADDRESS_TEXT => gettext("Address") );
$template->param( SEND => gettext("Subscribe") );
$template->param( BACK => gettext("Back to Login") );
+
+ my $code = Vhffs::Panel::Confirmation::generate_code( $vhffs );
+ $template->param( CRYPTED_CODE => $code->{'cryptedhexa'} );
+
$template->param( CONFIRMATION_TEXT => gettext("Code confirmation") );
$template->param( REPEAT_CONFIRMATION_TEXT => gettext("Recopy the code") );
}
Modified: branches/vhffs_4.1/vhffs-panel/templates/user/create.tmpl
===================================================================
--- branches/vhffs_4.1/vhffs-panel/templates/user/create.tmpl 2007-02-28 12:46:44 UTC (rev 498)
+++ branches/vhffs_4.1/vhffs-panel/templates/user/create.tmpl 2007-02-28 16:41:02 UTC (rev 499)
@@ -76,7 +76,7 @@
<label for="CONFIRMATION">
<TMPL_VAR NAME="CONFIRMATION_TEXT">
</label>
- <img src="show_code.pl"/>
+ <img src="show_code.pl?code=<TMPL_VAR NAME="CRYPTED_CODE">"/>
</p>
<p>
<label for="CONFIRMATION">
@@ -84,6 +84,7 @@
</label>
<input type="text" name="CONFIRMATION" id="CONFIRMATION" maxlength="16"/>
</p>
+ <input type="hidden" name="CRYPTED_CODE" id="CRYPTED_CODE" value="<TMPL_VAR NAME="CRYPTED_CODE">"/>
<p class="button">
<input type="submit" value="<TMPL_VAR NAME="SEND">" name="CREATE_SUBMIT"/>
</p>