#!/usr/bin/env python2 # coding=utf-8 import cgi import cgitb import re import subprocess cgitb.enable() NAME_PATTERN = '^[a-zA-Z0-9-_\. äÄöÖüÜß]+$' CODE_PATTERN = '^[a-zA-Z0-9]{64}$' KEY_DIR='/home/kasalehlia/keys/' KEY_SCRIPT = '/home/kasalehlia/bin/ffbs_keys' print "Content-Type: text/html" print "" form = cgi.FieldStorage() try: name = form['name'].value code = form['code'].value if re.match(NAME_PATTERN, name) and re.match(CODE_PATTERN, code) and name not in ['.','..']: with open(KEY_DIR+'codes/'+code, 'r') as f: validate = f.read() if validate == name: try: print subprocess.check_output([KEY_SCRIPT, 'deny', name]) except subprocess.CalledProcessError as e: print e.output else: print "invalid request" else: print "invalid request" except Exception as e: print template % "Die Anfrage ist ungültig"