psyc-mirrors/psyced
1
0
Fork 0
mirror of git://git.psyced.org/git/psyced synced 2024-08-15 03:25:10 +00:00
Code Issues 2 Releases Wiki Activity

htchallenge: md5 can handle any regmatch

Browse source
This commit is contained in:
psyc://loupsycedyglgamf.onion/~lynX 2017-07-12 20:15:30 +02:00
parent 79d7ed3549
commit 9e02ba080c
2 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
world/net/include/place.gen
View file

@ -613,21 +613,24 @@ htget(prot, query, headers, qs) {
#ifdef CHALLENGE_MATCH
#include <sys/regexp.h>
// maybe this all belongs into archetype.gen.. chesmo!
htget(prot, query, headers, qs, data, noprocess) {
// could use a hash of the password instead
if (stringp(headers["cookie"]) && regmatch(headers["cookie"],
"challenge=complete&answer=" CHALLENGE_MATCH))
"challenge=complete&answer="+ md5(CHALLENGE_MATCH)))
# ifdef HTGET
return HTGET;
# else
return ::htget(prot, query, headers, qs, data, noprocess);
# endif
string item = headers[item] || "/@"+ MYNICK;
if (stringp(query["answer"]) &&
if (stringp(query["answer"]) && headers["cookie"] &&
regmatch(headers["cookie"], "challenge=given") &&
regmatch(lower_case(query["answer"]), CHALLENGE_MATCH,
RE_MATCH_SUBS)) {
regmatch(lower_case(query["answer"]), CHALLENGE_MATCH)) {
// lazy me could have used referer here ;)
string nu = stringp(query["parameters"]) &&
strlen(query["parameters"]) ?
item +"?"+ query["parameters"] : item;
htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer=" CHALLENGE_MATCH "\"; path="+ item +";\n");
htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer="+ md5(CHALLENGE_MATCH) +"\"; path="+ item +";\n");
return 1;
}
sTextPath(query["layout"], query["lang"], "html");
@ -641,7 +644,7 @@ htget(prot, query, headers, qs, data, noprocess) {
// we maintain the original qs for next attempt:
"_parameters" : query["parameters"] || qs,
"_nick_place" : MYNICK ]) );
printf("%O (%O) in %O\n", query, qs, headers);
// printf("%O vs %O\n", query, headers);
return 1;
}
#endif

1
world/net/place/archetype.gen
View file

@ -670,6 +670,7 @@ htget(prot, query, headers, qs, data, noprocess) {
write("\n\nYou are looking at the "+MYNICK+" default page.\n");
# endif
# endif
//printf("%O: %O (%O) in %O\n", this_interactive(), query, qs, headers);
return 1;
}
#endif