more password disclosure avoidance

action.sh

@@ -54,8 +54,8 @@ function checkuser {
 }
 
 function checkpass {
-  REGEX="[ 'x\\]"   # Not allowed symbols
-  if [[ ! "$1" =~ $REGEX ]]; then 
+  REGEX="[ '\\]"   # Not allowed symbols
+  if [[ $(grep -E "$REGEX" $1 ; echo $?) == 1 ]]; then 
     echo "true" 
   else
     echo "false"
@@ -139,7 +139,7 @@ $ATTACHMENT
   rm $MAILTMP;
 }
 
-function notesdelete {  # $1=$USER
+function notesdelete { 
   USER="$1"
   # Extract Mail part | exclude LEAD and TAIL | delete user
   sed -n "/$LEAD/,/$TAIL/ p" $NOTES | grep -v "$LEAD\|$TAIL" | sed "/User:[ \t]*$USER$/,+2d" > $NOTESTMP
@@ -192,8 +192,8 @@ if [ "$ACTION" == "adduser" ]; then
     exit 1
   fi
   
-  if ! $(checkpass "$PASS"); then
-    echo "Password \"$PASS\" invalid"
+  if ! $(checkpass "$PASSFILE"); then
+    echo "Password \""$(cat $PASSFILE)"\" invalid"
     exit 1
   fi
   
@@ -203,7 +203,7 @@ if [ "$ACTION" == "adduser" ]; then
     # Send infomail
     $MAILTYPE "New Email account created" \
              "A new Email account has been created." \
-             "User: $USER | Password: $PASS"
+             "User: $USER"
     
     LEAD='## > EMAIL'
     TAIL='## < EMAIL'
@@ -224,8 +224,8 @@ if [ "$ACTION" == "changepw" ]; then
     exit 1
   fi
   
-  if ! $(checkpass "$PASS"); then
-    echo "Password \"$PASS\" invalid"
+  if ! $(checkpass "$PASSFILE"); then
+    echo "Password \""$(cat $PASSFILE)"\" invalid"
     exit 1
   fi
   
@@ -235,7 +235,7 @@ if [ "$ACTION" == "changepw" ]; then
     # Send infomail
     $MAILTYPE "Email password changed" \
              "An Email account password has been changed." \
-             "User: $USER | New Password: $PASS"
+             "User: $USER"
 
     # Update datasheet (delete entry in Email section and add a new one with the new password)
     # In fact a combination of deluser and adduser