Permalink
Browse files

Synchronization between js and php on login password checking with ti…

…ghter control
  • Loading branch information...
ketetefid committed Apr 2, 2018
1 parent 3315674 commit 0637ec88ca623b754907d73c325f58b917c5ed6b
Showing with 4 additions and 5 deletions.
  1. +3 −4 ActionPage.php
  2. +1 −1 index.html
@@ -1,13 +1,12 @@
<?php
session_start();
if (isset($_POST['uname']) and isset($_POST['psw'])) {
if( strpos($_POST['uname'],'/') === false && strpos($_POST['uname'],';') === false &&
strpos($_POST['psw'],'/') === false && strpos($_POST['psw'],';') === false ) {
$user=$_POST['uname'];
$pass=$_POST['psw'];
if (preg_match('/^[a-z0-9]*$/',$user) && preg_match('/^[a-zA-Z0-9*!@#^_]*$/',$pass)) {

This comment has been minimized.

@duraki

duraki Jun 11, 2018

This can be bypassed again. See $IFS$9, x20 etc.

// Check if the post request comes from the login page
if (isset($_POST['auth2']) and hash_equals($_POST['auth2'],hash_hmac('sha256', '/ActionPage.php', $_SESSION['auth_token']))) {
$siausr = trim(shell_exec('source /boot/parameters.txt; echo $SIAUSR'));
$user=$_POST['uname'];
$pass=$_POST['psw'];
exec("sudo bin/checker $user $pass", $output, $exitcode);
if ( $exitcode === 0 and strcmp($siausr,$user) === 0 ) {
session_regenerate_id(true);
@@ -161,7 +161,7 @@ <h1>Welcome to SiaBerryOS</h1>
function formChecker() {
var usr = document.forms["mainForm"]["uname"].value;
var pss = document.forms["mainForm"]["psw"].value;
if ( !/^[a-z0-9]*$/.test(usr) || !/^[a-zA-Z0-9*!@#$%]*$/.test(pss)) {
if ( !/^[a-z0-9]*$/.test(usr) || !/^[a-zA-Z0-9*!@#^_]*$/.test(pss)) {

This comment has been minimized.

@duraki

duraki Jun 11, 2018

Seriously, a front-end validation?

document.getElementById('auth2').value = 'failed';
}
}

0 comments on commit 0637ec8

Please sign in to comment.