Date: Sun, 2 Feb 1997 11:39:18 -0500 From: exidor@superior.net (Christopher Masto) To: ernie@spooky.eis.net.au (Ernie Elu) Cc: freebsd-isp@freebsd.org Subject: Re: popassd Message-ID: <19970202113918.KQ21026@@> In-Reply-To: <199702020454.OAA29877@spooky.eis.net.au>; from Ernie Elu on Feb 2, 1997 14:54:43 %2B1000 References: <199702020454.OAA29877@spooky.eis.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Ernie Elu writes:
> I am still trying out schemes to change passwords via a web page.
Oh, for the love of cheese.. this thread is getting waay to long.
Please hire a competent technical staff if you value your business.
There are a lot of things that are a LOT harder than this.
Brutally butchered because you don't need my HTML.
#!/usr/local/bin/suidperl -w
# We're running setuid, so some safety steps are required.
$ENV{PATH}="/bin:/usr/bin:/usr/local/bin";
# Import some utility functions that are needed by several scripts
BEGIN { require './home-lib.pl'; }
# A couple of optional modules
use English;
use CGI qw(:standard :html);
use POSIX;
use Time::Local;
# Get form input
$req = new CGI;
$req->cache('no');
$username = radius::whofrom($req->remote_host);
exit unless $username;
# Wacky characters for salt generation
@chars=("0".."9", "a".."z", "A".."Z");
print
header(-expires => "now"),
std_head("xxxyourispherexxx Password Tool"),
std_toolbar;
if ($req->param("change")) {
# Verify that the old password is correct
# Get data from form submission
$oldpass = $req->param("oldpass");
$newpass = $req->param("newpass");
# Get the user's old crypted password and extract the salt
$realpw = (getpwnam($username))[1];
$realslt = substr($realpw, 0, 2);
# Find out if they entered the correct old password
if (crypt($oldpass, $realslt) ne $realpw) {
print h1({-align => "center"}, "Old password incorrect - try again"), "\n";
goto form;
}
# Make sure they got the new password right
if ($newpass ne $req->param("verify")) {
print h1({-align => "center"}, "New passwords do not match - try again");
goto form;
}
# Crypt the requested new password
srand;
$newslt = $chars[rand @chars] . $chars[rand @chars];
$newpw = crypt($newpass, $newslt);
$< = $>; # Rootify me
if (not system "chpass", "-p", $newpw, $username) {
print
h1({-align => "center"}, "Password changed successfully"),
Etc.
goto finish;
}
else {
print
h1({-align => "center"}, "Error setting new password"),
p("Your password has not been changed due to an error. Please",
"contact technical support for assistance.");
goto finish;
}
}
else {
print h1({-align => "center"}, "Changing your password"), "\n";
}
form:
print
p("Your password is the key to the security of your Internet account.",
Etc.
Naturally, you'll have to obtain the username somehow.
--
Christopher Masto . . . .
chris@masto.com . . . . . Masto Consulting: info@masto.com
On Talking:
If I wasn't talking, I wounldn't know what to say.
- Chico Resch, New York Islanders goaltender
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970202113918.KQ21026>