#!/usr/bin/perl
use strict;
use CGI;
use Digest::MD5 qw(md5 md5_hex);
 
# Author: Kevin Hughes <kev@...>
# Date: 19 January 2006
#
# Date: 13 April 2009
# Stefan Bauer add generation of valid bypass-url
# stefan.bauer@...
 
 
# Set up the passwords that will guarantee access along with the identification.
 
my %passwordlist = ( "dgbypass", "admin");
 
# Set up the URL for the denied page...
 
my $invalidurl = "http://192.168.4.1/deny.html";
 
# ===================================================
 
my $cgi = new CGI;
 
my $bypass = $cgi->param('bypasslink');
my $pass = $cgi->param('password');
my $sip = $cgi->param('sourceip');
my $name = $cgi->param('username');
my $url = $cgi->param('url');
my $magic = 'verysecret';
 
#Generating HASH for dgbypass
 
my $unixtime = time + 300;
my $hashstring = $url . $magic . $sip . $unixtime;
my $hex_hash = md5_hex $hashstring;
my $hash = uc($hex_hash . $unixtime);
my $bypass_url="";
if ($url =~ m/\?/)
{
$bypass_url = $url . '&GBYPASS=' . $hash;
}
else
{
$bypass_url = $url . '?GBYPASS=' . $hash;
}



if (exists($passwordlist{$pass}))
{
# Password match
my $passname = $passwordlist{$pass};
print $cgi->redirect (-url =>$bypass_url);
}
else
{
# No password match. Go to the invalid password URL
print $cgi->redirect (-url =>$invalidurl);
}