upgraded to fit new shcgi revision, slightly better input validation, switched to...

[busy] / actions / login.sh

diff --git a/actions/login.sh b/actions/login.sh
index 8cd9e74af2153cf6f5cf1b41d8a3e503892a2a63..62f96b62aabacdcc58c41f9e8e7d70a4a0f5e594 100755 (executable)
--- a/actions/login.sh
+++ b/actions/login.sh
@@ -17,22 +17,22 @@
 
 cgi_post
 
-user="$(echo -E "$_POST[\"user\"]" |sed -rn '1{/^[a-zA-Z0-9_+@.-]+$/p}')"
-pass="$_POST[\"pass\"]"
-userfile="$_DATA/auth/user$(echo -E "$user" |sha1sum |cut -c1-40)"
+user="$(printf %s\\n "${_POST[user]}" |sed -rn '1{/^[a-zA-Z0-9_+@.-]+$/p}')"
+pass="${_POST[pass]}"
+userfile="$_DATA/auth/user$(printf %s\\n "$user" |sha1sum |cut -c1-40)"
 
 if [ -r "$userfile" ]; then
   salt=$(sed -nr 's:^salt=(.+)$:\1:p' "$userfile")
   ssum=$(sed -nr 's:^auth=(.+)$:\1:p' "$userfile")
-  rsum=$(echo -E "$salt$pass" |sha1sum |cut -c1-40)
+  rsum=$(printf %s\\n "$salt$pass" |sha1sum |cut -c1-40)
 fi
 if [ -n "$ssum" -a  "$ssum" = "$rsum" ]; then
   sid="$(apg -n1 -a1 -m32 -x32 -M CLN)"
   sessionfile="$_DATA/auth/session$sid"
-  echo -E "$user $(($(date +%s) + 1800))" >"$sessionfile" 
-  echo -E "Location: $HTTP_REFERER"
-  echo -E "Set-Cookie: session=$sid; HttpOnly"
+  printf %s\\n "$user $(($(date +%s) + 1800))" >"$sessionfile" 
+  printf %s\\n "Location: $HTTP_REFERER"
+  printf %s\\n "Set-Cookie: session=$sid; HttpOnly"
 else
-  echo -E "Location: $HTTP_REFERER"
+  printf %s\\n "Location: $HTTP_REFERER"
 fi
 echo ''