slitaz-dev-tools rev 114
tazwikss: add password plugin
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Sat Jun 11 11:12:29 2011 +0200 (2011-06-11) |
parents | 8f1f1d4e50ad |
children | d0799b0951c5 |
files | tazwikiss/rootfs/var/www/wiki/plugins/wkp_Password.sh |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/tazwikiss/rootfs/var/www/wiki/plugins/wkp_Password.sh Sat Jun 11 11:12:29 2011 +0200 1.3 @@ -0,0 +1,64 @@ 1.4 +# WARNING: not secure! You can add &action=edit to the URI and remove HASHPASSWORD... 1.5 +plugin="Password" 1.6 +description_fr="Ajoute un mot de passe à une page avec {PASSWORD=code}" 1.7 +description="Add a password to a page with {PASSWORD=something}" 1.8 + 1.9 +pagepass_hash() 1.10 +{ 1.11 + echo $1 | md5sum | cut -c1-8 1.12 +} 1.13 + 1.14 +action() 1.15 +{ 1.16 + [ "$1" == "pagepass" ] || return 1 1.17 + uri="$SCRIPT_NAME?page=$(POST page)&auth=$(POST auth)" 1.18 + if [ "$(pagepass_hash $(POST pass))" == "$(POST hash)" ]; then 1.19 + header "HTTP/1.0 302 Found" \ 1.20 + "location: $uri" \ 1.21 + "Set-Cookie: $(POST cookie)=$(POST hash)" 1.22 +## "Set-Cookie: $(POST cookie)=$(POST hash); Max-Age=3600; Path=$(dirname $SCRIPT_NAME); HttpOnly" 1.23 + else 1.24 + header "HTTP/1.0 302 Found" \ 1.25 + "location: $uri&error=1" 1.26 + fi 1.27 + exit 0 1.28 +} 1.29 + 1.30 +formatBegin() 1.31 +{ 1.32 + hash="$(sed '/{HASHPASSWORD=.*}/!d;s/.*{HASHPASSWORD=\([^}]*\)}.*/\1/;q' <<EOT 1.33 +$CONTENT 1.34 +EOT 1.35 +)" 1.36 + cookie="pagepass$(pagepass_hash $PWD$PAGE_txt)" 1.37 + if [ "$(COOKIE $cookie)" != "$hash" ]; then 1.38 + editable=false 1.39 + CONTENT="<form method=\"post\" action=\"?action=pagepass\"> 1.40 +<input type=\"hidden\" name=\"page\" value=\"$(GET page)\" /> \ 1.41 +<input type=\"hidden\" name=\"auth\" value=\"$(GET auth)\" /> \ 1.42 +<input type=\"hidden\" name=\"hash\" value=\"$hash\" /> \ 1.43 +<input type=\"hidden\" name=\"cookie\" value=\"$cookie\" /> \ 1.44 +$MDP <input type=\"text\" name=\"pass\" /> \ 1.45 +<input type=\"submit\" value=\"$DONE_BUTTON\" /> 1.46 +</form>" 1.47 + else 1.48 + CONTENT="$(sed 's/{HASHPASSWORD=[^}]*}//' <<EOT 1.49 +$CONTENT 1.50 +EOT 1.51 +)" 1.52 + fi 1.53 +} 1.54 + 1.55 +pagepass_sedexpr() 1.56 +{ 1.57 + sed '/{PASSWORD=.*}/!d;s/.*{PASSWORD=\([^}]*\)}.*/\1/' $1 | \ 1.58 + while read pass; do 1.59 + echo -n "-e 's|{PASSWORD=$pass|{HASHPASSWORD=$(pagepass_hash $pass)|' " 1.60 + done 1.61 + echo -n "-e 's|{PASSWORD=}||' " 1.62 +} 1.63 + 1.64 +writedPage() 1.65 +{ 1.66 + eval sed -i $(pagepass_sedexpr $1) $1 $BACKUP_DIR$PAGE_TITLE/*.bak 1.67 +}