Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 89d4875f authored by Nivesh Krishna's avatar Nivesh Krishna Committed by Arnau Vàzquez
Browse files

allow multiple secrets

parent d8db8f64

htdocs/process_email_invite.php

+9 −7
Original line number Diff line number Diff line
@@ -36,8 +36,6 @@ if (isAccountCreationDisabled()) { 
    respond_with_json($result);

}



$ei_secret = getenv("EI_SECRET");



session_set_cookie_params(['SameSite' => 'None', 'Secure' => true]);

session_start();

header("Access-Control-Allow-Origin: *");
@@ -184,13 +182,17 @@ function email_check($email1, $email2, $from_easy_installer) 
function captcha_check($email, $from_easy_installer)

{

    if ($from_easy_installer) {

        global $ei_secret;

        // Get array of secrets and filter empty

        $ei_secrets = array_filter(explode(',', getenv("EI_SECRET")));

        $to_check = htmlspecialchars($_POST["check"]);

        $check = md5($email. $ei_secret);

        if ($to_check !== $check) {

        foreach ($ei_secrets as $secret) {

            $check = md5($email . trim($secret));

            if ($to_check === $check) {

                return;

            }

        }

        $ret = get_easy_installer_message(500);

        respond_with_json($ret);

        }

    } else {

        $result = new \stdClass();

        $secure = isset($_POST['secure']) ? $_POST['secure'] : '';