/
unlockPassword.cgi
83 lines (70 loc) · 1.99 KB
/
unlockPassword.cgi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/usr/bin/perl
# --------------------------------------------------------
# unlockPassword.cgi:
# cgi for unlocking public password
# (tested under perl 5.8.4)
#
# This file is part of PositLog.
# --------------------------------------------------------
use lib qw(./extlib);
use strict;
use CGI qw(-debug :standard);
use Storable qw(lock_retrieve lock_nstore); # is default library (upper perl 5.8)
use PositLogConfig;
use PositLogParam;
use PositLogAuth;
use JSON;
my $CGI = new CGI;
print $CGI->header(-charset => 'utf-8'); # HTTP header
my $pageid = $CGI->param("pageid");
my $id = $CGI->param("id");
my $public_password = $CGI->param("public_password");
my @ids = split( /;/ , $id );
# Read temporal cookie
my $loginid = $CGI->cookie("loginid") || "";
my $loginpass = $CGI->cookie("loginpass") || "";
my $authObj = new PositLogAuth($PositLogConfig::adminpath, $loginid, $loginpass);
my $spritesHash = eval{ Storable::lock_retrieve($PositLogConfig::datapath . $pageid . "/sprites.dat")} or {};
if($spritesHash eq ""){ print "Cannot read sprites.dat.\n"; exit(0); }
if($authObj->isPublicUser){
foreach my $sid (@ids){
if($spritesHash->{$sid}{author_id} eq "public"){
my $cryptpass = $spritesHash->{$sid}{public_password};
if($cryptpass eq ""){
print "Permission denied\n";
exit(0);
}
my $salt="zi";
my $cryptpass2 = crypt($public_password, $salt);
if($cryptpass ne $cryptpass2){
print "invalid_public_password\n";
exit(0);
}
}
else{
print "Permission denied\n";
exit(0);
}
}
}
elsif($authObj->isAdminUser){
# nop
}
elsif($authObj->isAuthor($pageid)){
# nop
}
elsif($authObj->isSubadmin){
# nop
}
else{
print "Permission denied\n";
exit(0);
}
foreach my $sid (@ids){
$spritesHash->{$sid}{public_password} = "";
}
if(!eval{Storable::lock_nstore $spritesHash, $PositLogConfig::datapath . $pageid . "/sprites.dat"}){
print "Cannot write sprites.dat.\n";
exit(0);
}
print "unlockpassword\n";