use new keyhash format file

2017-09-08 16:03:08 +02:00 · 2017-09-08 16:03:08 +02:00 · 74d6cefadd
parent fbec34f6fa
commit 74d6cefadd
1 changed files with 3 additions and 15 deletions
--- a/cgi-bin/kraut.space
+++ b/cgi-bin/kraut.space
@ -4,18 +4,6 @@ header() {
    echo -e 'Content-type: text/html\nStrict-Transport-Security: max-age=86400000\n'
 }

-# let nginx do it!
-#header_redir_display() {
-#    header
-#    echo "<head><meta http-equiv=\"Refresh\" content=\"0; $SCRIPT_NAME?secret=$secret\"></head>"
-#}
-
-## enforce SSL
-#if [ $SERVER_PORT -ne 443 ]; then
-#    header_redir_display
-#    exit
-#fi
-
 # extract parameters
 # tr -dc removes all characters, this prevents things like xss
 getp() {
@ -23,15 +11,15 @@ getp() {
    | tr "?&" "\n"  | tr --complement --delete "0-9a-z_= \n" | egrep "^$1=" | sed "s/^$1=//"
 }
 secret=$(getp secret)
-hashed_secret=$(echo "$secret" | md5sum | cut -f1 -d\ )
+hashed_secret=$(echo "$secret" | sha512sum | cut -f1 -d\ )
 cmd=$(getp cmd)

 # check secret
 # the secrets file has to contain the hashes on a single line, comments are allowed on seperate lines
 # secrets can only contain the characters that are allowed in getp() with tr -dc
-if [ -z "$secret" ] || ! grep -q "^$hashed_secret$" /etc/door-token-hashs; then
+if [ -z "$secret" ] || ! grep -q ";$hashed_secret$" /etc/tuer3.0/door_access_list; then
    header
-    [ -z "$secret" ] || echo "<html><p>Ich bin mir nicht sicher. Mir scheint, du bist doch ein Kohlkopf oder Anderes!</p>"
+    [ -z "$secret" ] || echo "<html><p>Ich bin mir nicht sicher. Mir scheint, du bist doch ein Kohlkopf oder Anderes!</p> $hashed_secret"
    cat /var/www/tpl/secret.html
    exit
 fi