From 9a7af27b5501bbb642067c6f43a880ecdc238d43 Mon Sep 17 00:00:00 2001
From: Ryan Rix <Ry@n.Rix.si>
Date: Wed, 22 Jun 2011 18:06:25 -0600
Subject: [PATCH] Convert password storage to SHA.

So, ya, after much wailing and gnashing of teeth, I have emerged victorious from combat
with introductory ruby. It was a fearful battle, and Ruby fought well, but the passwords
are now safe from the likes of anyone who might have access to the server.

# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
# On branch master
# Changes to be committed:
#   (use "git reset HEAD <file>..." to unstage)
#
#	modified:   cgi-bin/access.rb
#	modified:   index.html
#
---
 cgi-bin/access.rb | 3 ++-
 index.html        | 0
 2 files changed, 2 insertions(+), 1 deletion(-)
 mode change 100755 => 100644 index.html

diff --git a/cgi-bin/access.rb b/cgi-bin/access.rb
index 5baf08a..3e8ded5 100755
--- a/cgi-bin/access.rb
+++ b/cgi-bin/access.rb
@@ -15,6 +15,7 @@ require 'rubygems'
 require 'cgi'
 require 'serialport'
 require 'json'
+require 'digest/sha2'
 
 cgi = CGI.new
 userfile = File.read('../../users.json')
@@ -22,7 +23,7 @@ users = JSON.parse(userfile)
 
 puts "Content-type: text/html \r\n\r\n"
 
-if(users[cgi['user']]['pass'] == cgi['pass']) then
+if users[cgi['user']]['pass'].to_s == (Digest::SHA2.new(bitlen=512) << cgi['pass']).to_s then
   
   serial = SerialPort.new("/dev/ttyUSB0", 57600, 8, 1, SerialPort::NONE)
   serial.print "e 1234\r"
diff --git a/index.html b/index.html
old mode 100755
new mode 100644