diff --git a/web/SimpleWebPage.py b/web/SimpleWebPage.py index 1eb4733..b3015ab 100755 --- a/web/SimpleWebPage.py +++ b/web/SimpleWebPage.py @@ -159,10 +159,9 @@ def generate_password_page(path, password_file, password): def scramble(p,t): - p = (p * (int(len(t)/len(p))+1))[:len(t)] - t = (t * (int(len(p)/len(t))+1))[:len(p)] + p += t s = '' - for i in range(len(p)): + for i in range(len(t)): s += chr(ord(p[i]) + ord(t[i])) return s @@ -171,24 +170,31 @@ def generate_password_page(path, password_file, password): return base64.b64encode(s.encode('latin1')).decode('ascii') - def random_string(stringLength=8): + def random_string(stringLength=16): letters = string.ascii_lowercase + string.digits return ''.join(random.choice(letters) for i in range(stringLength)) def get_target(filename): - return "{0}.{2}{1}".format( - *os.path.splitext(filename) + (random_string(),) + splitted = os.path.splitext(filename) + return ( + splitted[0], + random_string(), + splitted[1] ) - target_file = get_target(password_file) + target_base, target_middle, target_ext = get_target(password_file) secret = "{}:{}".format( ha(password), - enc(scramble(password, target_file)) + enc(scramble(password, target_middle)) ) with open(os.path.join(path, password_file), 'wt') as f: - f.write(get_password_page(secret)) - return target_file + f.write(get_password_page(secret, target_base, target_ext)) + return "{}.{}{}".format( + target_base, + target_middle, + target_ext + ) def get_filelink(path,fname,images=False): @@ -238,7 +244,7 @@ def get_pathlink(path,dname): ) -def get_password_page(secret): +def get_password_page(secret, target_base, target_ext): return """ @@ -258,8 +264,7 @@ Object.defineProperty(String.prototype, 'hashCode', { } }); function scramble(p,t) { - p = p.padEnd(t.length, p); - t = t.padEnd(p.length,' '); + p += t; var sstr = ''; for (var i=0; i < t.length; i++) { sstr += String.fromCharCode(p.charCodeAt(i) + t.charCodeAt(i)); @@ -267,11 +272,12 @@ function scramble(p,t) { return sstr; } function unscramble(p,t) { - p = p.padEnd(t.length, p); - t = t.padEnd(p.length, ' '); var sstr = ''; + var schr = ''; for (var i=0; i < t.length; i++) { - sstr += String.fromCharCode(t.charCodeAt(i) - p.charCodeAt(i)); + schr = String.fromCharCode(t.charCodeAt(i) - p.charCodeAt(i)); + sstr += schr; + p += schr; } return sstr; } @@ -285,7 +291,7 @@ function pw(element) { if (element.value) { pw = pw.split(':',2); if (element.value.hashCode() == parseInt(pw[0])) { - this.location.href = unscramble(element.value, atob(pw[1])); + this.location.href = "TARGET_BASE." + unscramble(element.value, atob(pw[1])) + "TARGET_EXT"; } else { document.getElementById("message").innerHTML = "No match"; setTimeout(clear_message, 5000); @@ -326,7 +332,19 @@ function newPass(password, target) { -""".replace("SECRET",secret) +""".replace( + "TARGET_EXT", + target_ext, + 1 +).replace( + "TARGET_BASE", + target_base, + 1 +).replace( + "SECRET", + secret, + 1 +) def get_header(opts): header='''