X-Git-Url: https://git.plutz.net/?p=cgilite;a=blobdiff_plain;f=users.sh;h=1959e9de4b757084fad3d850b1b7b771517cb3c3;hp=0af232090d7f8fbf9ba9726f628e9ea18ebc1e2c;hb=6bfa64b084ea028f9078f679a4a77ffc57e02361;hpb=142f5b0b60216dddb94ef30684c300b633f269ed diff --git a/users.sh b/users.sh index 0af2320..1959e9d 100755 --- a/users.sh +++ b/users.sh @@ -25,7 +25,8 @@ user_init(){ && read -r UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE <<-EOF $(grep "^${user_id} " "$user_db") EOF - if [ "$STATUS" = active -a "$EXPIRE" -gt "$_DATE" ]; then + [ "$STATUS" -a "$EXPIRE" ] \ + && if [ "$STATUS" = active -a "$EXPIRE" -gt "$_DATE" ]; then USER_ID="$UID" USER_NAME="$(UNSTRING "$UNAME")" USER_EMAIL="$(UNSTRING "$EMAIL")" @@ -33,7 +34,7 @@ user_init(){ } user_checkname(){ - { [ $# -gt 0 ] && printf %s "$*" || cat } \ + { [ $# -gt 0 ] && printf %s "$*" || cat; } \ | sed -nE ' :X; $!{N;bX;} s;[ \t\r\n]+; ;g; @@ -45,7 +46,7 @@ user_checkname(){ } user_checkemail(){ - { [ $# -gt 0 ] && printf %s "$*" || cat } \ + { [ $# -gt 0 ] && printf %s "$*" || cat; } \ | sed -nE ' # W3C recommended email regex # https://html.spec.whatwg.org/multipage/input.html#email-state-(type=email) @@ -56,7 +57,8 @@ user_checkemail(){ user_nameexist(){ local uname="$(STRING "$1")" local UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE - while read -r UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE; do + [ -f "$user_db" -a -r "$user_db" ] \ + && while read -r UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE; do [ "$EXPIRE" -gt "$_DATE" -a "$UNAME" = "$uname" ] && return 0 done <"$user_db" return 1 @@ -65,7 +67,8 @@ user_nameexist(){ user_emailexist(){ local email="$(STRING "$1")" local UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE - while read -r UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE; do + [ -f "$user_db" -a -r "$user_db" ] \ + && while read -r UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE; do [ "$EXPIRE" -gt "$_DATE" -a "$EMAIL" = "$email" ] && return 0 done <"$user_db" return 1 @@ -74,7 +77,7 @@ user_emailexist(){ user_pwhash(){ local salt="$1" secret="$2" hash hash="$(printf '%s\n%s\n' "$secret" "$salt" |sha256sum)" - printf '%s\n' "${hash% *}" + printf '%s\n' "${hash%% *}" } user_register(){ @@ -102,14 +105,14 @@ user_register(){ RELEASE "$user_db" sendmail -t -f "$MAILFROM" <<-EOF From: ${MAILFROM} - To: "${email}" + To: ${email} Subject: Your account registration at ${HTTP_HOST%:*} Someone tried to sign up for a user account using this email address. You can activate your account using this link: - https://${HTTP_HOST%:*}/${_BASE}/?user_confirm=${uid}+$(session_mac "$uid") + https://${HTTP_HOST%:*}/${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid") This registration link will expire after 24 hours. @@ -126,7 +129,7 @@ user_register(){ REDIRECT "${_BASE}${PATH_INFO}#ERROR_USER_NOLOCK" fi - elif [ "$USER_REQUIREEMAIL" != true ] then + elif [ "$USER_REQUIREEMAIL" != true ]; then if [ ! "$uname" ]; then REDIRECT "${_BASE}${PATH_INFO}#ERROR_UNAME_INVALID" elif user_nameexist "$uname"; then @@ -206,7 +209,8 @@ user_login(){ local UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE local uname="$(POST uname |STRING)" pw="$(POST pw)" - while read -r UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE; do + [ -f "$user_db" -a -r "$user_db" ] \ + && while read -r UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE; do if [ "$UNAME" = "$uname" -o "$EMAIL" = "$uname" ]; then if [ "$STATUS" = active -a "$EXPIRE" -gt "$_DATE" -a "$PWHASH" = "$(user_pwhash "$PWSALT" "$pw")" ]; then SESSION_COOKIE new @@ -229,11 +233,14 @@ user_logout(){ user_update(){ # passphrase, email + : } user_recover(){ # send recover link + : } user_disable(){ + : } user_init @@ -252,7 +259,9 @@ user_init esac w_user_register(){ - if [ "$USER_REGISTRATION" != true ]; then + if [ "$(GET user_confirm)" ]; then + w_user_confirm + elif [ "$USER_REGISTRATION" != true ]; then cat <<-EOF [div #user_register .disabled User Registration is disabled. @@ -272,8 +281,8 @@ w_user_register(){ cat <<-EOF [form #user_register .registername method=POST [input name=uname placeholder="Choose Username" tooltip="Your username may contain any character but the @ sign. It must be at least 3 characters long, and it must start with a letter." pattern="^\[a-zA-Z\]\[a-zA-Z0-9 -~\]{2,127}$" autocomplete=off] - [input type=pw placeholder="Choose Passphrase" pattern=".{4,}"] - [input type=pwconfirm placeholder="Confirm Passphrase" pattern=".{4,}"] + [input type=password name=pw placeholder="Choose Passphrase" pattern=".{6,}"] + [input type=password name=pwconfirm placeholder="Confirm Passphrase" pattern=".{6,}"] [submit "action" "user_register" Sign Up] ] EOF @@ -296,8 +305,8 @@ w_user_confirm(){ [input type=hidden name=signature value="${signature}"] [input disabled=disabled value="$(HTML "$EMAIL")"] [input name=uname placeholder="Choose Username" tooltip="Your username may contain any character but the @ sign. It must be at least 3 characters long, and it must start with a letter." pattern="^\[a-zA-Z\]\[a-zA-Z0-9 -~\]{2,127}$" autocomplete=off] - [input type=pw placeholder="Choose Passphrase" pattern=".{4,}"] - [input type=pwconfirm placeholder="Confirm Passphrase" pattern=".{4,}"] + [input type=password name=pw placeholder="Choose Passphrase" pattern=".{6,}"] + [input type=password name=pwconfirm placeholder="Confirm Passphrase" pattern=".{6,}"] [submit "action" "user_confirm" Finish Registration] ] EOF