Browse Source

made everything safer AND... more complicated

master
Makefile_dot_in 1 year ago
parent
commit
4abda912c8
  1. 45
      src/register.php

45
src/register.php

@ -20,22 +20,53 @@ @@ -20,22 +20,53 @@
{
include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
$securimage = new Securimage();
$success = false;
if ($securimage->check($_POST['captcha_code']) == false)
{
$error = "Wrong captcha.";
} else
$message = "Wrong captcha.";
}
else if (preg_match("/^[a-z0-9_]{2,16}$/", trim($_POST["username"])) == 0)
{
$message = "Invalid username.";
}
else if (preg_match('/^\S{1,}@\S{2,}\.\S{2,}$/', trim($_POST["email"])) == 0)
{
$message = "Invalid e-mail address.";
}
else
{
// $error = "This service is not available for registration at the moment. Please come back later.";
$args = array_map('escapeshellarg', array($_POST["username"], $_POST["email"], $_POST["pubkey"], $_POST["description"]));
// $message = "This service is not available for registration at the moment. Please come back later.";
/* $args = array_map('escapeshellarg', array($_POST["username"],
$_POST["email"], $_POST["pubkey"], $_POST["description"]));
$args_str = implode(" ", $args);
$error = `/srv/php-private/process_application.py $args_str 2>&1`;
$cmdline = "/srv/php-private/process_application.py $args_str 2>>/srv/php-private/script_log";
$retval = null;
$message_lines = null;
exec($cmdline, $message_lines, $retval);
*/
$sep = "\x1E";
$in_fifo = "/srv/php-private/fifo_in";
$out_fifo = "/srv/php-private/fifo_out";
}
$args = array($_POST["username"], $_POST["email"], $_POST["pubkey"], $_POST["description"]);
// Sanitize the input
$safe_args = str_replace($sep, "", $args);
// join the results together into the final file
$final_data = implode($sep, $args);
file_put_contents($in_fifo, $final_data);
// read 50 characters from $out_file and trim the padding
$message = trim(`cat $out_fifo`);
if ($message === "Registration successfully sent!")
{
$success = true;
}
}
}
?>
<p style="color: red"><?php echo $error; ?></p>
<p style="color: <?php echo $success ? "green" : "red"; ?>"><?php echo $message; ?></p>
<form method="post" action="#form" id="form">
<label>Username</label><br />

Loading…
Cancel
Save