made everything safer AND... more complicated

1 year ago · 4abda912c8
1 changed files with 38 additions and 7 deletions
--- a/src/register.php
+++ b/src/register.php
@ -20,22 +20,53 @@
				@@ -20,22 +20,53 @@
    {
        include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
        $securimage = new Securimage();
+        $success = false;
+

        if ($securimage->check($_POST['captcha_code']) == false)
        {
-            $error = "Wrong captcha.";
-        } else
+            $message = "Wrong captcha.";
+        }
+        else if (preg_match("/^[a-z0-9_]{2,16}$/", trim($_POST["username"])) == 0)
+        {
+            $message = "Invalid username.";
+        }
+        else if (preg_match('/^\S{1,}@\S{2,}\.\S{2,}$/', trim($_POST["email"])) == 0)
+        {
+            $message = "Invalid e-mail address.";
+        }
+        else
        {
-            // $error = "This service is not available for registration at the moment. Please come back later.";
-            $args = array_map('escapeshellarg', array($_POST["username"], $_POST["email"], $_POST["pubkey"], $_POST["description"]));
+            // $message = "This service is not available for registration at the moment. Please come back later.";
+            /* $args = array_map('escapeshellarg', array($_POST["username"],
+                $_POST["email"], $_POST["pubkey"], $_POST["description"]));
            $args_str = implode(" ", $args);
-	    $error = `/srv/php-private/process_application.py  $args_str 2>&1`;
+            $cmdline = "/srv/php-private/process_application.py  $args_str 2>>/srv/php-private/script_log";
+            $retval = null;
+            $message_lines = null;
+	    exec($cmdline, $message_lines, $retval);
+	     */
+            $sep = "\x1E";
+            $in_fifo = "/srv/php-private/fifo_in";
+	    $out_fifo = "/srv/php-private/fifo_out";

-	}
+	    $args = array($_POST["username"], $_POST["email"], $_POST["pubkey"], $_POST["description"]);
+	    // Sanitize the input
+	    $safe_args = str_replace($sep, "", $args);
+	    // join the results together into the final file
+	    $final_data = implode($sep, $args);
+	    file_put_contents($in_fifo, $final_data);
+	    // read 50 characters from $out_file and trim the padding
+	    $message = trim(`cat $out_fifo`);
+            if ($message === "Registration successfully sent!")
+            {
+                    $success = true;
+            }
+        }
    }
 ?>

-<p style="color: red"><?php echo $error; ?></p>
+<p style="color: <?php echo $success ? "green" : "red"; ?>"><?php echo $message; ?></p>

 <form method="post" action="#form" id="form">
    <label>Username</label><br />