aboutsummaryrefslogtreecommitdiff
path: root/gpigeon-template.cgi
diff options
context:
space:
mode:
authorMiquel Lionel <lionel@les-miquelots.net>2021-07-17 22:01:05 +0100
committerMiquel Lionel <lionelmiquel@sfr.fr>2021-07-18 20:01:02 +0100
commit1208e3e3ffb1cc263d879f996b22e18c8b024d33 (patch)
treec168dcc3eff82020e767b1d22f71880118a92fef /gpigeon-template.cgi
parente6d90c87b655db6c33724e5fb3b4001963c63736 (diff)
downloadgpigeon-1208e3e3ffb1cc263d879f996b22e18c8b024d33.tar.gz
gpigeon-1208e3e3ffb1cc263d879f996b22e18c8b024d33.zip
fixes
- Makefile is better: the generated password via genpass.pl or genpass.pl with -i flag should now be a correct argon2id hash in both cases. - Added missing checks in the makefile - Fixed undeclared variables in gpigeon-template.cgi Running make should be better and require less manual fiddling now.
Diffstat (limited to 'gpigeon-template.cgi')
-rwxr-xr-xgpigeon-template.cgi116
1 files changed, 69 insertions, 47 deletions
diff --git a/gpigeon-template.cgi b/gpigeon-template.cgi
index 59c3a48..9eb82d5 100755
--- a/gpigeon-template.cgi
+++ b/gpigeon-template.cgi
@@ -26,19 +26,21 @@ use CGI qw(param);
use CGI::Cookie;
use CGI::Carp qw(fatalsToBrowser);
+delete @ENV{qw(IFS PATH CDPATH BASH_ENV)};
+$ENV{'PATH'} = q{bin_path_goes_here};
my $uagent = $ENV{HTTP_USER_AGENT};
my $rIP = $ENV{REMOTE_ADDR};
my $hostname = $ENV{'SERVER_NAME'};
sub ValidCookie {
my $client_login_cookie = shift;
+ if (not defined $client_login_cookie){
+ return;
+ }
my $dir = shift;
my $filename = $client_login_cookie->value;
my $login_cookiefile = "$dir/$filename.txt";
- if (not defined $client_login_cookie){
- return;
- }
if ($filename =~ /^([\w]+)$/){
$filename = $1;
}
@@ -48,9 +50,9 @@ sub ValidCookie {
if (-e $login_cookiefile){
open my $in, '<', $login_cookiefile or die "can't read file: $!";
- $rip_line = readline $in;
- $ua_line = readline $in;
- $cookie_line = readline $in;
+ my $rip_line = readline $in;
+ my $ua_line = readline $in;
+ my $cookie_line = readline $in;
close $in;
chomp ($rip_line, $ua_line);
if (not defined $cookie_line){
@@ -101,12 +103,6 @@ sub LoginCookieGen {
}
}
-sub EscapeArobase {
- my $escapedmailaddress = shift;
- $escapedmailaddress =~ s/@/\\@/;
- return $escapedmailaddress;
-}
-
sub UntaintCGIFilename {
my $filename = shift;
if ($filename =~ /^([-\@\w.\/]+)$/) {
@@ -119,24 +115,12 @@ sub UntaintCGIFilename {
return $filename;
}
-sub NotifIfDefined{
- my $notif = shift;
- if (defined $notif){
- return $notif;
- }
- else{
- return '<!--undef notif-->';
- }
-}
-
-my ($linkgen_notif, $link_asker, $mailisok_notif, $deletion_notif,
- $checkedornot, $hidden_pwfield, $id_cookie,
+my ( $link_asker, $checkedornot, $hidden_pwfield, $id_cookie,
$delete_id_cookie, $idval, $refresh_form) = undef;
+my $linkgen_notif = my $mailisok_notif = my $deletion_notif = my $login_notif = '<!-- undef notif -->';
my @created_links = ();
-delete @ENV{qw(IFS PATH CDPATH BASH_ENV)};
-$ENV{'PATH'} = '/usr/bin';
-my $argon2id_hash = q{argon2id_hash_goes_here};
+my $argon2id_hash = qq{argon2id_hash_goes_here};
my $cookies_dir = q{cookies_dir_goes_here};
my $link_template_path = q{link_template_path_goes_here};
@@ -148,24 +132,22 @@ my %text_strings = (
create_link_btn => 'Generate link',
delete_link_btn_text => 'Delete',
delete_links_btn_text => 'Delete all links',
- logout_btn_text => 'Logout',
here => 'here',
+ landingpage_title => 'GPIGEON - Login',
link_asker_field_label => q{Asker's mail :},
- link_web_title => 'One time GPG messaging form',
link_del_ok => 'Successful removal !',
- link_legend_textarea =>'Type your message below :',
- link_send_btn => 'Send',
link_ok_for => 'Generated a link for',
link_del_failed => 'Deletion failed and here is why : ',
+ loginbtn => 'Log in',
+ logout_btn_text => 'Logout',
mailto_body => 'Your link is ',
mailto_subject => 'Link to your one time GPG messaging form',
+ mainpage_title => 'GPIGEON - Main',
notif_login_failure => 'Cannot login. Check if your username and password match.',
refresh_btn_text => 'Refresh',
- type_msg_below => 'Type your message below',
theader_link => 'Link',
theader_for => 'For',
theader_deletion => 'Deletion',
- web_title => 'GPIGEON.CGI: generate one time GPG messaging links !',
web_greet_msg => 'Hi and welcome.',
);
my $cgi_query_get = CGI->new;
@@ -238,7 +220,6 @@ if (ValidCookie($id_cookie, $cookies_dir) or argon2id_verify($argon2id_hash,$pw)
if ( Email::Valid->address($link_asker) ){
$mailisok_notif = qq{<span id="success">$text_strings{addr} $link_asker $text_strings{addr_ok}</span>};
- my $escaped_link_asker = EscapeArobase($link_asker);
my $str_rand_obj = String::Random->new;
my $generated_form_filename = $str_rand_obj->randregex('\w{64}') . '.cgi';
my $href = "https://$hostname/cgi-bin/l/$generated_form_filename";
@@ -248,9 +229,6 @@ if (ValidCookie($id_cookie, $cookies_dir) or argon2id_verify($argon2id_hash,$pw)
open my $out, '>', $link_path or die "Can't write to link file: $!";
while( <$in> ) {
s/{link_user}/{$link_asker}/g;
- s/{link_web_title}/$text_strings{link_web_title}/g;
- s/{link_send_btn}/$text_strings{link_send_btn}/g;
- s/{type_msg_below}/$text_strings{type_msg_below}/g;
print $out $_;
}
close $in or die;
@@ -306,9 +284,10 @@ if (ValidCookie($id_cookie, $cookies_dir) or argon2id_verify($argon2id_hash,$pw)
<link rel="stylesheet" type="text/css" href="/styles.css">
<meta http-equiv="content-type" content="text/html;charset=UTF-8">
<meta charset="UTF-8">
- <title>$text_strings{web_title}</title>
+ <title>$text_strings{mainpage_title}</title>
</head>
<body>
+ <h1>$text_strings{mainpage_title}</h1>
<p>$text_strings{web_greet_msg}</p>
<form method="GET">
<input type="hidden" name="logout" value="1">
@@ -322,18 +301,18 @@ if (ValidCookie($id_cookie, $cookies_dir) or argon2id_verify($argon2id_hash,$pw)
$text_strings{link_asker_field_label}<br>
<input id="mailfield" tabindex="1" type="text" name="mail">
<input id="genlinkbtn" tabindex="2" type="submit" value="$text_strings{create_link_btn}">
- </form>},
- NotifIfDefined($mailisok_notif),
- '<br>',
- NotifIfDefined($linkgen_notif),
- qq{<hr>
+ </form>
+ $mailisok_notif
+ <br>
+ $linkgen_notif
+ <hr>
<form method="POST">
$hidden_pwfield
<input type="hidden" name="supprtout">
<input id="deleteallbtn" type="submit" value="$text_strings{delete_links_btn_text}">
- </form>},
- NotifIfDefined($deletion_notif),
- qq{<table>
+ </form>
+ $deletion_notif
+ <table>
<tr>
<th>$text_strings{theader_link} &#128279;</th>
<th>$text_strings{theader_for} &#128231;</th>
@@ -345,5 +324,48 @@ if (ValidCookie($id_cookie, $cookies_dir) or argon2id_verify($argon2id_hash,$pw)
</html>};
}
else{
- print "Location: /\n\n";
+ if (not $logout and defined $id_cookie){
+ $login_notif = q{<span id="failure">You got a cookie problem.<br>
+ <b>Clean them and log again</b></span>};
+ }
+ if (length($pw) > 0){
+ $login_notif = q{<span id="failure">Your typed password seems<br>
+ to be incorrect.<br>Try again.</span>};
+ }
+
+ print "Content-type: text/html\n\n",
+qq{<!DOCTYPE html>
+<html lang="fr">
+<head>
+ <meta charset="utf-8">
+ <link rel="icon" type="image/x-icon" href="/favicon.ico">
+ <link rel="stylesheet" type="text/css" href="/styles.css">
+<title>$text_strings{landingpage_title}</title>
+</head>
+<body>
+ <h1>$text_strings{landingpage_title}</h1>
+<form action="/cgi-bin/gpigeon.cgi" method="POST">
+ <table id="loginbox">
+ <tbody>
+ <tr>
+ <td>Password :</td>
+ <td><input type="password" name="password"></td>
+ </tr>
+ <tr>
+ <td></td>
+ <td id="loginerr">$login_notif</td>
+ </tr>
+ <tr id="authbtn">
+ <td></td>
+ <td><input type="submit" value="$text_strings{loginbtn}"></td>
+ </tr>
+ </tbody>
+ </table>
+ </form>
+
+<p><a href="http://git.les-miquelots.net/gpigeon"
+ title="gpigeon download link">Source code here.</a> It is similar to <a href="https://hawkpost.co/">hawkpost.co</a>.</p>
+
+</body>
+</html>};
}