psyc-mirrors
/
psyced
mirror of git://git.psyced.org/git/psyced
1
0
Fork 0
Code Issues 2 Releases Wiki Activity

challenge: expire the cookie diligently

This commit is contained in:
psyc://loupsycedyglgamf.onion/~lynX 2018-08-01 21:35:05 +02:00
parent fbc563a94e
commit 5c859e6fef
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
world/net/include/place.gen
View File

@ -619,13 +619,14 @@ htget(prot, query, headers, qs) {
// maybe this all belongs into archetype.gen.. chesmo!
htget(prot, query, headers, qs, data, noprocess) {
string item = headers[item] || "/@"+ MYNICK;
if (stringp(headers["cookie"]) && regmatch(headers["cookie"],
"challenge=complete&answer="+ md5(CHALLENGE_MATCH))) {
CHALOG("completes");
htnotify(query, headers, "_accomplished_web",
"Challenge accomplished in [_nick_place] by [_web_on] coming from [_web_from].");
# ifdef CHALLENGE_REDIRECT
return htredirect(prot, CHALLENGE_REDIRECT);
return htredirect(prot, CHALLENGE_REDIRECT, "There you go", 0, "Set-Cookie: psycplace=\"challenge=done\"; Path="+ item +"; Secure; Max-Age=9\n");
# else
# ifdef HTGET
// you may want to output a player iframe instead of a redirect...
@ -635,7 +636,6 @@ htget(prot, query, headers, qs, data, noprocess) {
# endif
# endif
}
string item = headers[item] || "/@"+ MYNICK;
if (stringp(query["answer"]) && headers["cookie"] &&
regmatch(headers["cookie"], "challenge=given") &&
regmatch(lower_case(query["answer"]), CHALLENGE_MATCH)) {
@ -644,14 +644,14 @@ htget(prot, query, headers, qs, data, noprocess) {
strlen(query["parameters"]) ?
item +"?"+ query["parameters"] : item;
CHALOG("reloads");
htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer="+ md5(CHALLENGE_MATCH) +"\"; path="+ item +";\n");
htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer="+ md5(CHALLENGE_MATCH) +"\"; Path="+ item +"; Secure; Max-Age=99\n");
return 1;
}
sTextPath(query["layout"], query["lang"], "html");
// using a non-psyced cookie here so that you can't construct a
// url that allows other people to bypass the challenge.
// could add a timeout here...
htok3(prot, 0, "Set-Cookie: psycplace=\"challenge=given\"; path="+ item +";\n");
htok3(prot, 0, "Set-Cookie: psycplace=\"challenge=given\"; Path="+ item +"; Secure; Max-Age=999\n");
CHALOG("challenges");
w("_PAGES_group_challenge", 0,
([ "_challenge" : htquote(CHALLENGE_QUESTION),