#!/bin/sh -e header() { echo -en 'Content-type: text/html Strict-Transport-Security: max-age=86400000\n\n' } header_redir_display() { header echo "" } ## enforce SSL #if [ $SERVER_PORT -ne 443 ]; then # header_redir_display # exit #fi # extract parameters # tr -dc removes all characters, this prevents things like xss getp() { echo "$REQUEST_URI" | sed 's/.*?//' | sed 's/%20/ /g' | tr "?&" "\n" | tr -dc "0-9a-z_= \n" | egrep "^$1=" | sed "s/^$1=//" } secret=$(getp secret) hashed_secret=$(echo "$secret" | md5sum | cut -f1 -d\ ) cmd=$(getp cmd) #echo "secret $secret" >/var/www/cgi-bin/2 #echo "hashed_secret $hashed_secret" >>/var/www/cgi-bin/2 #echo "cmd $cmd" >>/var/www/cgi-bin/2 # check secret # the secrets file has to contain the hashes on a single line, comments are allowed on seperate lines # secrets can only contain the characters that are allowed in getp() with tr -dc if [ -z "$secret" ] || ! grep -q "^$hashed_secret$" /etc/door-token-hashs; then header [ -z "$secret" ] || echo "

Ich bin mir nicht sicher. Mir scheint du bist doch ein Kohlkopf oder Anderes!

" cat /var/www/tpl/secret.html exit fi # control relais card if [ -n "$cmd" ]; then case "$cmd" in indoor_lock) pin=17; delay1=0; delay2=1;; indoor_unlock) pin=4; delay1=0; delay2=1;; indoor_open) pin=27; delay1=0; delay2=1;; outdoor_buzz) pin=22; delay1=15; delay2=5;; *) header; echo 'Do not hack the hackerspace!'"$cmd"; exit;; esac # execute long-running ppio job in background shell ( sleep $delay1 /usr/local/bin/gpio -g write $pin on sleep $delay2 /usr/local/bin/gpio -g write $pin off ) /dev/null 2>/dev/null & header sed 's/XTIMEOUTX/'"$(($delay1 + $delay2))"'/' /var/www/tpl/wait.html | sed 's/XSECRETX/'"$secret"/ exit fi # show feature page header sed 's/XSECRET_HEREX/'"$secret"'/' /var/www/tpl/features.html exit