From owner-freebsd-isp Sun Feb 2 08:39:43 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA24612 for isp-outgoing; Sun, 2 Feb 1997 08:39:43 -0800 (PST) Received: from nimbus.superior.net (root@nimbus.superior.net [206.153.96.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA24607 for ; Sun, 2 Feb 1997 08:39:40 -0800 (PST) Received: (from exidor@localhost) by nimbus.superior.net (8.8.5/8.8.5) id LAA25758; Sun, 2 Feb 1997 11:39:18 -0500 (EST) Message-ID: <19970202113918.KQ21026@@> Date: Sun, 2 Feb 1997 11:39:18 -0500 From: exidor@superior.net (Christopher Masto) To: ernie@spooky.eis.net.au (Ernie Elu) Cc: freebsd-isp@freebsd.org Subject: Re: popassd References: <199702020454.OAA29877@spooky.eis.net.au> X-Mailer: Mutt 0.59.1 Mime-Version: 1.0 In-Reply-To: <199702020454.OAA29877@spooky.eis.net.au>; from Ernie Elu on Feb 2, 1997 14:54:43 +1000 Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Ernie Elu writes: > I am still trying out schemes to change passwords via a web page. Oh, for the love of cheese.. this thread is getting waay to long. Please hire a competent technical staff if you value your business. There are a lot of things that are a LOT harder than this. Brutally butchered because you don't need my HTML. #!/usr/local/bin/suidperl -w # We're running setuid, so some safety steps are required. $ENV{PATH}="/bin:/usr/bin:/usr/local/bin"; # Import some utility functions that are needed by several scripts BEGIN { require './home-lib.pl'; } # A couple of optional modules use English; use CGI qw(:standard :html); use POSIX; use Time::Local; # Get form input $req = new CGI; $req->cache('no'); $username = radius::whofrom($req->remote_host); exit unless $username; # Wacky characters for salt generation @chars=("0".."9", "a".."z", "A".."Z"); print header(-expires => "now"), std_head("xxxyourispherexxx Password Tool"), std_toolbar; if ($req->param("change")) { # Verify that the old password is correct # Get data from form submission $oldpass = $req->param("oldpass"); $newpass = $req->param("newpass"); # Get the user's old crypted password and extract the salt $realpw = (getpwnam($username))[1]; $realslt = substr($realpw, 0, 2); # Find out if they entered the correct old password if (crypt($oldpass, $realslt) ne $realpw) { print h1({-align => "center"}, "Old password incorrect - try again"), "\n"; goto form; } # Make sure they got the new password right if ($newpass ne $req->param("verify")) { print h1({-align => "center"}, "New passwords do not match - try again"); goto form; } # Crypt the requested new password srand; $newslt = $chars[rand @chars] . $chars[rand @chars]; $newpw = crypt($newpass, $newslt); $< = $>; # Rootify me if (not system "chpass", "-p", $newpw, $username) { print h1({-align => "center"}, "Password changed successfully"), Etc. goto finish; } else { print h1({-align => "center"}, "Error setting new password"), p("Your password has not been changed due to an error. Please", "contact technical support for assistance."); goto finish; } } else { print h1({-align => "center"}, "Changing your password"), "\n"; } form: print p("Your password is the key to the security of your Internet account.", Etc. Naturally, you'll have to obtain the username somehow. -- Christopher Masto . . . . chris@masto.com . . . . . Masto Consulting: info@masto.com On Talking: If I wasn't talking, I wounldn't know what to say. - Chico Resch, New York Islanders goaltender