diff --git a/cgi-bin/kraut.space b/cgi-bin/kraut.space
index 4391c02..102c554 100755
--- a/cgi-bin/kraut.space
+++ b/cgi-bin/kraut.space
@@ -4,18 +4,6 @@ header() {
echo -e 'Content-type: text/html\nStrict-Transport-Security: max-age=86400000\n'
}
-# let nginx do it!
-#header_redir_display() {
-# header
-# echo ""
-#}
-
-## enforce SSL
-#if [ $SERVER_PORT -ne 443 ]; then
-# header_redir_display
-# exit
-#fi
-
# extract parameters
# tr -dc removes all characters, this prevents things like xss
getp() {
@@ -23,15 +11,15 @@ getp() {
| tr "?&" "\n" | tr --complement --delete "0-9a-z_= \n" | egrep "^$1=" | sed "s/^$1=//"
}
secret=$(getp secret)
-hashed_secret=$(echo "$secret" | md5sum | cut -f1 -d\ )
+hashed_secret=$(echo "$secret" | sha512sum | cut -f1 -d\ )
cmd=$(getp cmd)
# check secret
# the secrets file has to contain the hashes on a single line, comments are allowed on seperate lines
# secrets can only contain the characters that are allowed in getp() with tr -dc
-if [ -z "$secret" ] || ! grep -q "^$hashed_secret$" /etc/door-token-hashs; then
+if [ -z "$secret" ] || ! grep -q ";$hashed_secret$" /etc/tuer3.0/door_access_list; then
header
- [ -z "$secret" ] || echo "Ich bin mir nicht sicher. Mir scheint, du bist doch ein Kohlkopf oder Anderes!
"
+ [ -z "$secret" ] || echo "Ich bin mir nicht sicher. Mir scheint, du bist doch ein Kohlkopf oder Anderes!
$hashed_secret"
cat /var/www/tpl/secret.html
exit
fi