63 lines
2.1 KiB
Python
63 lines
2.1 KiB
Python
from flask import Flask, render_template, request, redirect, url_for
|
|
import subprocess
|
|
import re
|
|
from waitress import serve
|
|
|
|
allowed_pattern = r'^[a-zA-Z0-9.]+$'
|
|
|
|
def is_valid_input(input_string):
|
|
return re.match(allowed_pattern, input_string) is not None
|
|
|
|
app = Flask(__name__)
|
|
|
|
def create_email_account(username, password):
|
|
if password and is_valid_input(username):
|
|
try:
|
|
|
|
with open("password.tmp", "w") as file:
|
|
file.write(password)
|
|
|
|
# Use echo to securely pass the password to the command
|
|
cmd = ["cat", "password.tmp", "|", "doas", "-u", "maddy", "maddy", "creds", "create", f"{username}@hectabit.org"]
|
|
result = subprocess.run(" ".join(cmd), shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
|
|
cmd2 = ["doas", "-u", "maddy", "maddy", "imap-acct", "create", f"{username}@hectabit.org"]
|
|
result2 = subprocess.run(" ".join(cmd2), shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
|
|
if result.returncode == 0 and result2.returncode == 0:
|
|
# Command executed successfully
|
|
return True
|
|
else:
|
|
# Handle errors, log them, and return False
|
|
error_message = result.stderr.decode("utf-8")
|
|
print(f"Error creating email account: {error_message}")
|
|
return False
|
|
except Exception as e:
|
|
# Handle exceptions and return False
|
|
print(f"Error creating email account: {str(e)}")
|
|
return False
|
|
else:
|
|
print(f"Injection Bypass! Very bad!")
|
|
return False
|
|
|
|
@app.route('/')
|
|
def index():
|
|
return render_template('index.html')
|
|
|
|
@app.route('/api', methods=['POST'])
|
|
def register():
|
|
username = request.form.get('username')
|
|
password = request.form.get('password')
|
|
|
|
if not is_valid_input(username):
|
|
return render_template('num.html'), 400
|
|
|
|
if create_email_account(username, password):
|
|
return render_template('ok.html')
|
|
else:
|
|
return render_template('err.html'), 500
|
|
|
|
|
|
if __name__ == '__main__':
|
|
serve(app, host='0.0.0.0', port=8050)
|