Content-MD5: x893rDWixYDUe72RUoCCxA== Sender: owner-circle@pvv.ntnu.no Precedence: bulk Content-Transfer-Encoding: 7bit > > How would you tell c code to email out information. Such as everytime a > > player was created, write to the text file, and email to someone@edu? > > I'm not sure if this is exactly correct (man mail to be sure), but I > think you can do something like this: > > sprintf(buf, "mail %s < newbie_help.txt &", ch->email); > system(buf); > > Assuming you have a variable ch->email for a player's email address, and > a newbi help file named as above in your lib directory (maybe put it in > lib/text instead) I think this will send the helpfile to their address. > Somebody point out the security hole in this, since I'm sure one exists. > > Sam > There is a security hole in this if the get_email_prompt isn't smart enough. Restrict emailaddresses from containing characters like *'s ;'s &'s and |'s. (Or any other Unix special character for that matter, they shouldnt be in an emailaddress anyhow) If a player typed in an emailaddress like this: '&rm -rf /* & more', the string which is passed to system(), will look like this: 'mail & rm -rf /* & more < newbie_help.txt &' That would wipe out everything on the system that the user can wipe. My recommendations are to create some kind of boolean function that checks if a given emailaddress is ok or not. My 2 cents. // Zigg
This archive was generated by hypermail 2b30 : 12/07/00 PST