', "\n",
$q->end_html;
exit;
}elsif( $q->param('signup') ){
my $c = Captcha::reCAPTCHA->new;
print $q->header(-expires=>'now'),
$q->start_html(-title=>$title,style=>$style), "\n";
if( (my $addr=$q->param('addr')) && (my $wifi=$q->param('wifi')) &&
(my $un=$q->param('un')) && (my $pw=$q->param('pw')) &&
(my $email=$q->param('email')) ){
my $challenge = $q->param('recaptcha_challenge_field');
my $response = $q->param('recaptcha_response_field');
my $result = $c->check_answer( $captcha{private}, $ENV{REMOTE_ADDR},
$challenge, $response,
);
my @err;
unless( $result->{is_valid} ){
push @err, "Invalid Security Code";
}
push @err, "Warranty agreement is required." unless $q->param('warranty');
push @err, "Consent to full release is required." unless $q->param('release');
push @err, "Indemnification agreement is required." unless $q->param('indemnify');
my $pn = 1 if $pw =~ /[a-z]/;
$pn++ if $pw =~ /[A-Z]/;
$pn++ if $pw =~ /[0-9]/;
$pn++ if $pw =~ /[^a-zA-Z0-9]/;
unless( $pn >= 3 ){
push @err, "pn: $pn";
push @err, q{ password must use at least 3 of the 4 groups:
* lower case letters
* upper case letters
* numbers
* special characters (e.g.: !@#$%^&*) };
}
unless( length($pw) > 7 ){
push @err, "password must be at least 7 characters.\n";
}
unless( $un =~ /^[a-z0-9]{5,255}$/i ){
push @err, q{ problem with username.
use only lower case letters and numbers
at least five characters long. };
}
unless( $addr =~ /^\d{10}$/ ){
push @err, "problem with phone number.\n";
}
unless( $wifi =~ /^[0-9A-F]{2}:?[0-9A-F]{2}$/i ){
push @err, "problem with wifi. enter last four, like ABCD\n";
}
if( my $code = Mail::VRFY::CheckAddress($email) ){
my $english = Mail::VRFY::English($code);
push @err, "problem with email address: $english\n";
}
if( @err ){
for my $e (@err){
print "ERROR: $e \n";
}
exit;
}
my $sql = 'SELECT id FROM devices WHERE addr = ? AND wifi = ?';
my $sth = $dbh->prepare($sql);
$sth->execute($addr,$wifi);
my $row = $sth->fetchrow_arrayref;
my $new_did = $row->[0];
unless( $new_did ){
print "error - please install SMSpy on your iDevice before creating this account.\n";
exit;
}
my $aref = $dbh->selectrow_arrayref(
q{ SELECT COUNT(*) FROM credentials
WHERE un = } . $dbh->quote($un) .
' OR email = ' . $dbh->quote($email) );
if( $aref->[0] ){
print "error: please choose different username and/or email addr.\n";
exit;
}
my $crypt = unix_md5_crypt($pw);
$dbh->do( 'INSERT INTO credentials (un,pw,email) VALUES (?,?,?)', undef, ($un,$crypt,$email) );
$aref = $dbh->selectrow_arrayref( 'SELECT id FROM credentials WHERE un = ' .
$dbh->quote($un) );
my $c_id = $aref->[0];
$dbh->do( 'INSERT INTO authorization (c_id,d_id) VALUES (?,?)', undef, ($c_id,$new_did) );
print qq{
SMSpy Account Configured.
click here to log in.\n },
$q->end_html();
exit;
}
print $q->start_form('post',$me), "\n",
q{
SMSpy Signup Page
Device Details
Phone Number:
Last four of Wi-Fi MAC Addr (e.g. ABC1)
Login Details
Username:
Password:
Email:
Never used for spam; only technical issues.
Legal Details
I understand this service is provided without warranty.
I consent to full release and hold harmless any/all maintainers,
designers, owners, etc. of this service/product.
I agree to reimburse/indemnify Jeremy Kister
for any and all costs associated with misuse or abuse of this product.
},
$c->get_html($captcha{public}), "\n",
" \n",
$q->submit('signup'), "\n",
$q->end_form(), "\n",
$q->end_html();
exit;
}elsif((my $login=$q->param('username')) && (my $password=$q->param('password'))){
# check
my $sql = 'SELECT id,pw FROM credentials WHERE un = ' . $dbh->quote($login);
my $sth = $dbh->prepare($sql);
$sth->execute;
my $row=$sth->fetchrow_arrayref;
my $lid = $row->[0];
my $crypt = $row->[1];
(my $salt = $crypt) =~ s/^\$1\$//;
print $q->header(-expires=>'now'), $q->start_html(-title=>$title,style=>$style);
if(($crypt eq unix_md5_crypt($password, $salt)) && defined($crypt)){
# good
$dbh->do( 'INSERT INTO sessions (cred_id,sess_id,date) VALUES (?,?,?)', undef, ($lid,$sess_id,time()) );
print qq{ \n };
}else{
print q{ Invalid username/password.
Click here
if you forgot your username/password. };
warn "JK -> bad un/pw: [${login}/${password}] from $ENV{REMOTE_ADDR}\n";
}
print $q->end_html();
exit;
}else{
my $sql = 'SELECT COUNT(*) FROM sessions WHERE sess_id = ' . $dbh->quote($sess_id);
my $sth = $dbh->prepare($sql);
$sth->execute;
my $row=$sth->fetchrow_arrayref;
if( ($row->[0] == 1) && (! $q->param('logout')) ){ # logout = hack. meh.
print $q->header(-expires=>'now');
}else{
my $cookie = $q->cookie(-name=>'sess_id',-value=>'',-expires=>'now');
print $q->header(-cookie=>[$cookie],-expires=>'now'),
qq{ ${title}
Redirecting.. },
$q->end_html();
exit;
}
}
# user is logged in.
print $q->start_html(-title => $title,
-style => $style,
-bgcolor => '#d3d3d3',
), "\n",
'
', "\n",
"
\n";
# what is he authorized to see?
my $uid = $q->param('device');
print $q->start_form('post',$me), "\n",
q{