X-Git-Url: https://git.treefish.org/fex.git/blobdiff_plain/e60096926213ce02293a261254ff065cae44c1c8..20160919:/cgi-bin/fuc diff --git a/cgi-bin/fuc b/cgi-bin/fuc index c18aa45..897fd69 100755 --- a/cgi-bin/fuc +++ b/cgi-bin/fuc @@ -1,6 +1,6 @@ #!/usr/bin/perl -wT -# FEX CGI for user control +# FEX CGI for user control # (subuser, groups, address book, one time upload key, auth-ID, etc) # # Author: Ulli Horlacher @@ -8,6 +8,7 @@ BEGIN { ($ENV{PERLINIT}||'') =~ /(.+)/s and eval $1 } +use utf8; use Fcntl qw(:flock); use Digest::MD5 qw(md5_hex); @@ -74,7 +75,7 @@ foreach my $v (keys %PARAM) { $v =~ /^group$/i ? $group = checkchars('group',$vv): $v =~ /^ab$/i ? $ab = $vv: $v =~ /^gm$/i ? $gm = $vv: - $v =~ /^show$/i ? $tools = checkchars('parameter',$vv): + $v =~ /^show$/i ? $show = checkchars('parameter',$vv): $ESAC; } @@ -87,15 +88,39 @@ $user .= '@'.$mdomain if $mdomain and $user !~ /@/; $nomail = $comment if $comment =~ /NOMAIL|!#!/; +if ($show and $show eq 'tools') { + nvt_print( + "HTTP/1.1 302 Found", + "Location: /tools.html", + 'Expires: 0', + 'Content-Length: 0', + '' + ); + &reexec; + + if (open $tools,"$docdir/tools.html") { + while (<$tools>) { + while (/\$([\w_]+)\$/) { + my $var = $1; + my $env = $ENV{$var} || ''; + s/\$$var\$/$env/g; + }; + print; + } + } + exit; +} + + if ($akey) { # sid is not set with web browser my $idf = "$akeydir/$akey/@"; - + if (open $akey,'<',$idf and $id = getline($akey)) { close $akey; $idf =~ /(.*)\/\@/; - $user = readlink $1 + $user = readlink $1 or http_die("internal server error: no $akey symlink $1"); $user =~ s:.*/::; $user = untaint($user); @@ -110,7 +135,7 @@ if ($akey) { if ($user and $akey and $qs and $qs =~ /info=(.+?)&skey=(.+)/) { $subuser = $1; $skey = $2; - notify_subuser($user,$subuser,"$fup?skey=$skey",$comment); + notify_subuser($user,$subuser,"$fup?skey=$skey#$user",$comment); http_header("200 OK"); print html_header($head); pq(qq( @@ -123,7 +148,7 @@ if ($user and $akey and $qs and $qs =~ /info=(.+?)&skey=(.+)/) { if ($user and $id) { - if (-e "$user/\@CAPTIVE") { html_error($error,"captive user") } + if (-e "$user/\@CAPTIVE") { html_error($error,"captive user") } unless (open $idf,'<',"$user/@") { faillog("user $from, id $id"); html_error($error,"wrong user or auth-ID"); @@ -153,9 +178,9 @@ if ($user and $id) { } # empty POST? ==> back to foc -if ($ENV{REQUEST_METHOD} eq 'POST' and not - ($subuser or $notify or $nid or $ssid or $group or $ab or $gm or $tools - or $disclaimer or $encryption or $pubkey)) +if ($ENV{REQUEST_METHOD} eq 'POST' and not + ($subuser or $notify or $nid or $ssid or $group or $ab or $gm + or $disclaimer or $encryption or $pubkey)) { nvt_print( "HTTP/1.1 302 Found", @@ -181,31 +206,6 @@ if ($gm and not $group) { exit; } -if ($tools) { - pq(qq( - 'To use one of the following F*EX clients you must configure them after' - 'download:' - '

' - '' - ' ' - ' ' - ' ' - ' ' - '
F*EX server:$ENV{PROTO}://$ENV{HTTP_HOST}
Proxy:(your web proxy address, may be empty)
User:$user
Auth-ID:$id
' - )); - if (open $tools,"$docdir/tools.html") { - while (<$tools>) { - while (/\$([\w_]+)\$/) { - my $var = $1; - my $env = $ENV{$var} || ''; - s/\$$var\$/$env/g; - }; - print; - } - } - exit; -} - if ($group) { &handle_group; } @@ -224,7 +224,7 @@ if ($subuser and $otuser) { my $okey = randstring(8); my $okeyd = "$user/\@OKEY"; mkdir $okeyd; - symlink $otuser,"$okeyd/$okey" + symlink $otuser,"$okeyd/$okey" or http_die("cannot create OKEY $okeyd/$okey : $!\n"); my $url = "$fup?to=$user&okey=$okey"; pq(qq( @@ -359,7 +359,7 @@ if ($user and $akey and defined $ab) { } else { $ab =~ s/[\r<>]//g; $ab =~ s/\s*$/\n/; - + foreach (split(/\n/,$ab)) { s/^\s+//; s/\s+$//; @@ -379,7 +379,7 @@ if ($user and $akey and defined $ab) { push @badalias,$_; } } - + if (@badalias) { print "

ERROR: bad aliases:

\n