#!/usr/local/bin/perl # # CGIでアクセス制限2用パスワードセット作成ツール # (c)rescue.ne.jp crypt.cgi is Free. # http://www.rescue.ne.jp/ $buffer = $ENV{'QUERY_STRING'}; @pairs = split(/&/,$buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $FORM{$name} = $value; } if ($buffer eq '') { print "Content-type: text/html\n\n"; print "
\n"; print "
\n"; print "
\n"; print "\n"; exit; } if ($FORM{'id'} eq '' || $FORM{'id'} =~ /\ || $FORM{'id'} =~ /\>/ || $FORM{'id'} =~ /\:/) { &error('IDの入力が無いか、文字列に不適切な文字が含まれています.'); } if ($FORM{'plain'} eq '' || $FORM{'plain'} =~ /\W/) { &error('パスワードの入力が無いか、文字列に半角英数字以外の文字が含まれています.'); } @char = ('a'..'z','A'..'Z','0'..'9'); srand(time|$$); foreach (0..7) { { local(@temp); push(@temp,splice(@char,rand(@char),1)) while @char; @char = @temp; } $keisu = $char[($_)] . $keisu; } $now = time; ($p1, $p2) = unpack("C2",$keisu); $wk = $now / (60*60*24*7) + $p1 + $p2 - 8; @saltset = ('a'..'z','A'..'Z','0'..'9','.','/'); $nsalt = $saltset[$wk % 64] . $saltset[$now % 64]; $pwd = crypt($FORM{'plain'}, $nsalt); if ($pwd =~ /^\$1\$/) { $salt = 3; } else { $salt = 0; } if (crypt($FORM{'plain'}, substr($pwd,$salt,2)) eq $pwd) { $verify = 'OK'; } else { $verify = 'NG'; } print "Content-type: text/html\n\n"; print "
\n"; print "\n"; print "\n"; exit; sub error { print "Content-type: text/html\n\n"; print "