From 31dfa8fc34bef9611757d0f0c99ea7fb9451d651 Mon Sep 17 00:00:00 2001 From: deepend Date: Tue, 23 Jan 2024 04:23:45 +0000 Subject: [PATCH] Update includes/signup.php --- includes/signup.php | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/includes/signup.php b/includes/signup.php index 768ccfd..338821f 100644 --- a/includes/signup.php +++ b/includes/signup.php @@ -15,7 +15,7 @@ $username = strtolower($username); // strip new line characters from the end $pubkey = trim($pubkey); -$from = 'From: www-data '; +$from = 'From: www-data '; $destination_addr = "newuser@thunix.net"; $subject = "New User Registration"; $mailbody = "A new user has tried to register. @@ -25,7 +25,7 @@ Email Address: $email Interest: $interest Pubkey: $pubkey"; -// In the future, here, we *should* be able to build a process that +// In the future, here, we *should* be able to build a process that // somehow auto-verifies the user, and instead of email, it'll kick off the new user process here $user_queue = '/dev/shm/userqueue'; @@ -36,27 +36,28 @@ if ( $tv == "tildeverse" ) { // Success! $success = 'success2'; - - // Check if username already taken - exec("id $username 2>&1", $null, $retval); - if($retval == 0) + +// Check if username already taken +if (posix_getpwnam($username)) { $success = 'success3'; +} - // Check SSH public key format: - exec("echo $pubkey | ssh-keygen -l -f - 2>&1", $null, $retval); - if($retval != 0) +// Simple SSH public key format check +$valid_key_starts = ['ssh-rsa', 'ssh-dss', 'ecdsa-sha2', 'ssh-ed25519']; +$key_parts = explode(' ', $pubkey, 3); +if (!in_array($key_parts[0], $valid_key_starts) || count($key_parts) < 2) { $success = 'success4'; +} - if ( $success == "success2" ) - { +if ($success == "success2") { mail($destination_addr, $subject, $mailbody, $from); $fp = fopen($user_queue, 'a'); fwrite($fp, "'$username','$email','$pubkey'\n"); fclose($fp); - } +} } header("Location: $site_root/?page=$success"); die(); -?> +?> \ No newline at end of file