#!/bin/sh -e header() { echo -e 'Content-type: text/html\nStrict-Transport-Security: max-age=86400000\n' } # extract parameters # tr -dc removes all characters, this prevents things like xss getp() { echo "$REQUEST_URI" | sed 's/.*?//' | sed 's/%20/ /g' \ | tr "?&" "\n" | tr --complement --delete "0-9a-z_= \n" | egrep "^$1=" | sed "s/^$1=//" } #header #echo "anz $# " #echo "alle $@" #printenv #exit secret=$(getp secret) secret_length=`echo $secret | wc --chars` hashed_secret=$(echo "$secret" | sha512sum | cut -f1 -d\ ) cmd=$(getp cmd) # check secret # the secrets file has to contain the hashes on a single line, comments are allowed on seperate lines # secrets can only contain the characters that are allowed in getp() with tr -dc if [ -z "$secret" ] || [ $secret_length -lt 30 ] || ! grep -q ";$hashed_secret$" /etc/tuer3.0/door_access_list; then header [ -z "$secret" ] || echo "

Ich bin mir nicht sicher. Mir scheint, du bist doch ein Kohlkopf oder Anderes!

" # $hashed_secret" cat /var/www/tpl/secret.html exit fi # control relais card if [ -n "$cmd" ]; then case "$cmd" in # indoor_unlock) pin=17; delay1=0; delay2=1;; unused pin indoor_lock) pin=4; delay1=0; delay2=1;; indoor_open) pin=27; delay1=0; delay2=1;; outdoor_buzz) pin=22; delay1=15; delay2=5;; *) header; echo 'Do not hack the hackerspace!'"$cmd"; exit;; esac # execute long-running ppio job in background shell ( sleep $delay1 /usr/local/bin/gpio -g write $pin on sleep $delay2 /usr/local/bin/gpio -g write $pin off ) /dev/null 2>/dev/null & header sed 's/XTIMEOUTX/'"$(($delay1 + $delay2))"'/' /var/www/tpl/wait.html | sed 's/XSECRETX/'"$secret"/ exit fi # show feature page header sed 's/XSECRET_HEREX/'"$secret"'/' /var/www/tpl/features.html exit