yeah so I rewrote half of the project when you weren't looking

code/common.sh

@@ -65,3 +65,29 @@ function update_account_authtoken() {
 	auth=$(curl -s -X POST -H "Content-type: application/json" --data '{"phoneOS": "Android", "refreshToken": "'"$token"'"}' https://api-inmobile-pl.easypack24.net/v1/authenticate | jq -r .authToken | sed -s 's/Bearer //g')
 	sed -E -i 's/^'"$1"':.*/'"$1:$auth"'/g' secret/authTokens.dat
 }
+
+# check_mail(mail)
+function check_mail() {
+	if [[ $(cat secret/mail.dat | grep ":$1:") == '' ]]; then
+		return 0
+	else
+		return 1
+	fi
+}
+
+#get_account_mail(username)
+function get_account_mail() {
+	[[ $1 == '' ]] && return
+
+	cat secret/mail.dat | grep "^$1:" | awk -F: '{print $2}'
+}
+
+#account_verified(session)
+function account_verified {
+	[[ $1 == '' ]] && return
+	if [[ "$(cat secret/mail.dat | grep -P "^$(session_get_username "$1"):" | awk -F: '{print $4}')" != "yes" ]]; then
+		return 0
+	else
+		return 1
+	fi
+}

config.sh

@@ -1,2 +1,4 @@
 cfg[index]='index.html'
 worker_add updateKeys 5400
+
+cfg[who]='LauDom Enterprises' # who sent this message

webroot/api/collect.shs

@@ -1,11 +1,8 @@
 #!/bin/bash
-if ! session_verify ${cookies[sh_session]}; then
-	exit 0
-fi
-
+silent=yes source "${cfg[namespace]}/webroot/api/session.shs"
 source "${cfg[namespace]}/code/common.sh"
 
-data=$(curl -s -X POST -H "$(get_auth_string)" -H "Content-type: application/json" "https://api-inmobile-pl.easypack24.net/v1/collect/validate" --data '{"geoPoint":{"accuracy":"1","latitude":"'${post_data[lat]}'","longitude":"'${post_data[lon]}'"},"parcel":{"openCode":"'${post_data[openCode]}'","shipmentNumber":"'${post_data[id]}'"}}')
+data=$(curl -s -X POST -H "$(get_auth_string)" -H "Content-type: application/json" "https://api-inmobile-pl.easypack24.net/v1/collect/validate" --data '{"geoPoint":{"accuracy":"1","latitude":"'"${post_data[lat]}"'","longitude":"'"${post_data[lon]}"'"},"parcel":{"openCode":"'"${post_data[openCode]}"'","shipmentNumber":"'"${post_data[id]}"'"}}')
 
 if [[ $(echo $data | jq .status) == "403" ]]; then
 	echo $data | jq "{status: .status, msg: .error}"

webroot/api/login.shs

@@ -1,12 +1,17 @@
 #!/bin/bash
+source code/common.sh
 
-if [[ ${post_data[login]} != '' && ${post_data[password]} != '' ]]; then
-	login ${post_data[login]} ${post_data[password]}
+if [[ "${post_data[login]}" != '' && "${post_data[password]}" != '' ]]; then
+	login "${post_data[login]}" "${post_data[password]}"
 	status=$?
+	if ! account_verified "${post_data[login]}"; then
+		status=-2
+		reason="Account not verified"
+	fi
 	if [[ $status == 0 ]]; then
 		jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 200 "success"
-	elif [[ $status == 1 && $reason != '' ]]; then
-		jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -1 "$reason"
+	else
+		jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args "$status" "$reason"
 	fi
 else
 	jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -1 "Send me some credentials, dammit!"

webroot/api/logout.shs

@@ -1,3 +1,3 @@
 #!/bin/bash
 logout
-jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 200 "logged?? you?? out???? not sure, but probably"
+jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 200 "logged out"

webroot/api/mailcode.shs

@@ -0,0 +1,18 @@
+#!/bin/bash
+if ! session_verify "${cookies[sh_session]}"; then
+	jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -1 "You're not logged in!"
+	return
+fi
+
+
+if [[ "${post_data[code]}" != '' && "${post_data[phone]}" != '' ]]; then
+	username="$(session_get_username ${cookies[sh_session]})"
+	mail="$(get_account_mail $username)"
+	if [[ "$(cat secret/mail.dat | grep "$username:" | grep ":${post_data[code]}:")" != '' ]]; then
+		sed -i "s/$username:$mail:${post_data[code]}:no/$username:$mail:${post_data[code]}:yes/" secret/mail.dat
+		#curl -s "https://api-inmobile-pl.easypack24.net/v1/sendSMSCode/${post_data[phone]}" > /dev/null
+		jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 200 "success"
+	elif [[ $status == 1 && $reason != '' ]]; then
+		jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -1 "$reason"
+	fi
+fi

webroot/api/packages.shs

@@ -1,11 +1,6 @@
 #!/bin/bash
-if ! session_verify ${cookies[sh_session]}; then
-	exit 0
-fi
-
-source "${cfg[namespace]}/code/common.sh"
+silent=yes source "${cfg[namespace]}/webroot/api/session.shs"
 
 data=$(curl -s -H "$(get_auth_string)" "https://api-inmobile-pl.easypack24.net/v1/parcel?updatedAfter=1970-01-01T00:00:00.000Z")
 
-
 echo $data | jq -c "[.[] | {shipmentNumber: .shipmentNumber, status: .status, openCode: .openCode, senderName: .senderName, pickupPoint: {name: .pickupPoint.name, status: .pickupPoint.status, location: .pickupPoint.location, description: .pickupPoint.locationDescription, address: .pickupPoint.addressDetails}}]"

webroot/api/register.shs

@@ -1,11 +1,26 @@
 #!/bin/bash
+source "${cfg[namespace]}/code/common.sh"
 
-if [[ ${post_data[login]} != '' && ${post_data[password]} != '' && ${post_data[phone]} != '' ]]; then
-	register ${post_data[login]} ${post_data[password]}
-	status=$?
+if [[ "${post_data[login]}" != '' && "${post_data[password]}" != '' && "${post_data[mail]}" != '' ]]; then
+	if ! check_mail "${post_data[mail]}"; then
+		status=1
+		reason="This mail address is already in use!"
+	else
+		register "${post_data[login]}" "${post_data[password]}"
+		status=$?
+		verification="$RANDOM"
+		echo "${post_data[login]}:${post_data[mail]}:$verification:no" >> secret/mail.dat
+	fi
+	
 	if [[ $status == 0 ]]; then
+		sender_name="${cfg[who]}" mailsend "${post_data[mail]}" "OCW mail verification" "Hi ${post_data[login]},
+
+Your code: $verification
+
+Have a wonderful day!
+~ ${cfg[who]}" &
 		jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 200 "success"
-		curl -s "https://api-inmobile-pl.easypack24.net/v1/sendSMSCode/${post_data[phone]}" > /dev/null
+		echo "impostor: $(check_mail ${post_data[mail]} ; echo $?)"
 	elif [[ $status == 1 && $reason != '' ]]; then
 		jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -1 "$reason"
 	fi

webroot/api/session.shs

@@ -1,7 +1,16 @@
 #!/bin/bash
-if ! session_verify ${cookies[sh_session]}; then
+source "${cfg[namespace]}/code/common.sh"
+
+if ! session_verify "${cookies[sh_session]}"; then
 	jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -1 "You're not logged in!"
+	return
+elif account_verified "${cookies[sh_session]}"; then
+	jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -2 "You didn't verify your mail!"
+	return
+elif check_if_user_exists "authToken"; then
+	jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -3 "You didn't verify your phone!"
+	return
 else
-	jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 200 "OK"
+	[[ "$silent" != "yes" ]] && jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 200 "OK"
 fi
 

webroot/api/smscode.shs

@@ -1,11 +1,16 @@
 #!/bin/bash
-if ! session_verify ${cookies[sh_session]}; then
-	exit 0
+if ! session_verify "${cookies[sh_session]}"; then
+	jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -1 "You're not logged in!"
+	return
+elif ! account_verified "$(account_get_username ${cookies[sh_session]})"; then
+	jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -2 "You didn't verify your mail!"
+	return
+
 fi
 
 source "${cfg[namespace]}/code/common.sh"
 
-if [[ ${post_data[phone]} != "" && ${post_data[code]} != "" ]]; then
+if [[ "${post_data[phone]}" != "" && "${post_data[code]}" != "" ]]; then
 	tokens=$(curl -s -X POST -H "Content-type: application/json" --data '{"phoneOS":"Android"}' "https://api-inmobile-pl.easypack24.net/v1/confirmSMSCode/${post_data[phone]}/${post_data[code]}")
 
 	if [[ $(echo $tokens | jq .status) == "404" ]]; then