#!/usr/bin/perl
-use constant UNLOCK_PROXY_URL => '/proxy/unlock';
+use POSIX qw(strftime);
+
+use constant ACCESS_LOG => '/yplom/log/proxy/access.log';
+use constant DATA_PATH => '/yplom/data/proxy/';
+use constant PASS_PATH => '/yplom/data/proxy/pass/';
+use constant ACCESS_PATH => '/yplom/data/proxy/access/';
+use constant UNLOCK_PROXY_URL => 'https://yplom.bicyclesonthemoon.info/proxy/unlock';
use constant UNLOCK_PROXY_HOST => qr/^yplom\.bicyclesonthemoon\.info(:[0-9]*)?$/;
use constant UNLOCK_PROXY_PATH => qr/^\/proxy\/unlock\/?$/;
+$accesstime = time();
+
+delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
+$ENV{'PATH'}='/usr/local/bin:/usr/bin:/bin';
+
if (($ENV{'HTTP_HOST'} =~ UNLOCK_PROXY_HOST) and ($ENV{'PATH_INFO'} =~ UNLOCK_PROXY_PATH)){
-# if (($ENV{'HTTP_HOST'} =~ /^yplom\.bicyclesonthemoon\.info(:(590)?80)?$/) and ($ENV{'PATH_INFO'} =~ /^\/proxy\/unlock\/?$/)){
- unlockpage();
+ unlock();
}
else {
debag();
}
+sub unlock {
+ if ($ENV{'REMOTE_ADDR'} =~ /^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)$/) {
+ $IP=$1;
+ }
+
+ if ($ENV{'REQUEST_METHOD'} eq 'GET') {
+ %CGI=getcgi($ENV{'QUERY_STRING'});
+ }
+ elsif ($ENV{'REQUEST_METHOD'} eq 'POST'){
+ if ($ENV{'CONTENT_TYPE'} eq 'application/x-www-form-urlencoded'){
+ %CGI=getcgi( <STDIN> );
+ }
+ else{
+ return unlockpage("Unsupported Content-type: $ENV{'CONTENT_TYPE'}.","Status: 415 Unsupported Media Type\n");
+ }
+ }
+ else{
+ return unlockpage("Unsupported method: $ENV{'REQUEST_METHOD'}.","Status: 405 Method Not Allowed\nAllow: GET, POST\n");
+ }
+
+ if ($CGI{'ip'} =~ /^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)$/) {
+ $IP=$1;
+ }
+
+ if ($IP eq '') {
+ return unlockpage("$Invalid IP.","Status: 403 Forbidden\n");
+ }
+
+ if ($CGI{'username'} eq ''){
+ return unlockpage();
+ }
+
+ if ($CGI{'password'} eq ''){
+ return unlockpage('Password missing.',"Status: 403 Forbidden\n");
+ }
+
+ if ($CGI{'username'} !~ /^[A-Za-z0-9_]+$/){
+ return unlockpage('Wrong username or password.',"Status: 403 Forbidden\n");
+ }
+
+ $passpath = PASS_PATH.$CGI{'username'};
+
+ open($passfile, "<", $passpath) or return unlockpage('Wrong username or password.',"Status: 403 Forbidden\n");
+ $pass = <$passfile>;
+ close($passfile);
+ $pass =~ s/\n//g;
+ $pass = urldecode($pass);
+
+ if ($pass ne $CGI{'password'}){
+ return unlockpage('Wrong username or password.',"Status: 403 Forbidden\n");
+ }
+
+ open ($logfile, ">>", ACCESS_LOG) or return unlockpage("Couldn't log your action.","Status: 500 Internal Server Error\n");
+ print $logfile strftime("%d.%m.%Y %H:%M:%S", gmtime($accesstime))." $ENV{'REMOTE_ADDR'} $CGI{'username'}\n";
+ close($logfile);
+
+ $accesspath=ACCESS_PATH.$IP;
+ open ($accessfile,">",$accesspath) or return unlockpage("$accesspath","Status: 403 Forbidden\n");
+ print $accessfile "$accesstime\n$accesstime";
+ close ($accessfile);
+
+ return unlockedpage();
+
+}
+
+sub getcgi {
+ my $arg;
+ my $varl;
+ my %cgi;
+ my $i = $_[0];
+ $i =~ s/\n//g;
+ my @s = split('&',$i);
+ foreach my $l ( @s) {
+ ($arg,$val)=split('=',$l);
+ $cgi{$arg}=urldecode($val);
+ }
+ return %cgi;
+}
+
+sub urldecode {
+ my $t = $_[0];
+ $t =~ s/\+/ /g;
+ $t =~ s/%([a-fA-F0-9]{2})/chr(hex($1))/eg;
+ return $t;
+}
+
sub unlockpage {
+ (my $message, my $header)=@_;
+ if($header ne ''){
+ print $header;
+ }
print "Content-type: text/html\n\n";
print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "">';
print '<html lang="en"><head>';
print '<meta http-equiv="Content-type" content="text/html; charset=UTF-8">';
print '</head><body>';
print '<h1>Unlock the proxy</h1>';
- print '<form method="get" action="'.UNLOCK_PROXY_URL.'">';
+ if($message ne ''){
+ print $message;
+ }
+ print '<form method="post" action="'.UNLOCK_PROXY_URL.'">';
print '<b>Username: </b><input type="text" name="username"><br>';
print '<b>Password: </b><input type="password" name="password"><br>';
+ print '<b>IP: </b><input type="text" name="ip" value="'.$IP.'"><br>';
print '<input type="submit" value="unlock">';
- print '</form></body></html>';
- print "\n";
+ print '</form><br>';
+ print 'WARNING: The proxy will be unlocked for some time, for you and every ';
+ print 'computer in your local network which has the same public IP. Any ';
+ print 'action from your IP will be assumed to be your action. By submitting ';
+ print 'this form you agree to this.<br><br>';
+ print 'The proxy will be locked again: <ul>';
+ print '<li>$timeout_unlock minutes after unlocking</li>';
+ print '<li>after $timeoout_inact minutes of inactivity</li>';
+ print "</ul></body></html>\n";
+}
+
+sub unlockedpage {
+ print "Content-type: text/html\n\n";
+ print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "">';
+ print '<html lang="en"><head>';
+ print '<title>Unlocked</title>';
+ print '<meta http-equiv="Content-type" content="text/html; charset=UTF-8">';
+ print '</head><body>';
+ print '<h1>Unlocked</h1>';
+ print "The proxy is now unlocked for IP $IP.<br><br>";
+ print 'The proxy will be locked again: <ul>';
+ print '<li>$timeout_unlock minutes after unlocking</li>';
+ print '<li>after $timeoout_inact minutes of inactivity</li>';
+ print "</ul></body></html>\n";
}
sub debag {
print "Content-type: text/plain\n\n";
- print foreach $envk (keys %ENV) {
+ foreach $envk (keys %ENV) {
print "$envk = $ENV{$envk}\n";
}
print "\n";
}
print 'URL: ',$URL,"\n";
}
-
-
-
-
-
bicyclesonthemoon.info / projects / yplom / proxy / commitdiff