Date: Wed, 29 Dec 1999 16:21:02 -0500 From: TrouBle <trouble@netquick.net> To: Troy Settle <st@i-plus.net> Cc: aLan Tait <aLan@fil.net>, Brent Rector <brentr@tccsweb.com>, freebsd-isp@FreeBSD.ORG Subject: Re: Changing Passwords for Users using http: port 80 Message-ID: <386A7B3E.F66B9E02@netquick.net> References: <FNEMIHIFMKFBMDBKFDPBGEHMCAAA.st@i-plus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------94D06D7E055FFCD8B6D19D40 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit here is a correct working passwd changing php script..... just had to modify the %'s to be ?'s --------------94D06D7E055FFCD8B6D19D40 Content-Type: text/plain; charset=us-ascii; name="passwd.php" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="passwd.php" <? /* * Poppass Gateway * * Shamelessly stolen from the imp/contrib directory * * re-written to work standalone, or included from any other applications * * This would probably be better written as a class, but this serves my * purposes. I tested this with all manner of input, trying to break it, * and didn't manage to do it. If you make modifications or improvements * to this, please email them to me at <st@i-plus.net>, I would appreciate it. */ /* * Set your server and port */ $poppass_server = "127.0.0.1"; $poppass_port = 106; /* * Do some basic error checking. * * Required fields: * * login * old password * newpassword twice (make sure user has at least some idea of what he's doing) */ if (($user[name]) && ($user[pass]) && (($user[new1]) == ($user[new2])) && ($user[new1])) { /* * I changed this routine quite a bit because it was originally calling * some error functions from the IMP libraries. Presumably, these functions * spit out an error message, and exited the script. * * I'm doing it with $__ppc * */ $__ppc = "yes"; $passd = fsockopen($poppass_server, $poppass_port, &$errno, &$errstr); set_socket_blocking($passd,true); if ($passd){ $input = fgets($passd, 128); if(!eregi( "^200", $input)) { fclose($passd); echo "<H2>Password NOT Changed</H2>\n"; echo "<STRONG>Died while connecting:</STRONG> $input<P>\n"; unset($__ppc); } if ($__ppc) { fputs($passd,"user $user[name]\n"); $input = fgets($passd, 128); if(!eregi( "^200", $input)) { fclose($passd); echo "<H2>Password NOT Changed</H2>\n"; echo "<STRONG>Died while logging in:</STRONG> $input<P>\n"; unset($__ppc); } } if ($__ppc) { fputs($passd,"pass $user[pass]\n"); $input = fgets($passd, 128); if(!eregi( "^200", $input)) { fclose($passd); echo "<H2>Password NOT Changed</H2>\n"; echo "<STRONG>Died while logging in:</STRONG> $input<P>\n"; unset($__ppc); } } if ($__ppc) { fputs($passd,"newpass $user[new1]\n"); $input = fgets($passd, 128); if(!eregi( "^200", $input)){ fclose($passd); echo "<H2>Password NOT Changed</H2>\n"; echo "<STRONG>Died while changing password:</STRONG> $input<P>\n"; unset($__ppc); } } if ($__ppc) { fputs($passd,"quit\n"); $input = fgets($passd, 128); if(!eregi( "^200", $input)){ fclose($passd); echo "<H2>Password NOT Changed</H2>\n"; echo "<STRONG>Died while quitting:</STRONG> $input<P>\n"; unset($__ppc); } } if ($__ppc) { fclose($passd); ?> <H2>Password Sucessfully Changed</H2> <? } } else { ?><H2>Password NOT Changed</H2> <STRONG>Could Not Open Socket</STRONG><P><? } } else { if ($user[new1] != $user[new2]) { ?><H2>Password NOT Changed</H2> <STRONG>New Password Mis-match</STRONG><P><? } $showform == "yes"; } if(($showform == "yes") || (!($__ppc))) { // We need to show the damn form again ?> <p>Please enter your username, old password, and new password (twice) in the form below.</p> <p>Please be careful with your password selection, your password should be something you will remember, but someone trying to break into your account would find hard to guess. You can use any combination of 6 to 8 upper and lower case letters, numbers, and punctuation. Please note that the password is case sensitive, so 'HELLO' is different from 'hello' is different from 'hElLo'. You are required to either mix upper/lower case or mix alpha/numeric characters.</p> <p><strong>DO NOT USE YOUR NAME AS A PASSWORD!</strong> In fact, you should avoid using actual words at all. You might take two short words and combine them with a special character or number, as in "robot4my', or 'eye-con'. You could also put together an acronym that is special to you, such as 'Notfsw' for 'None Of This Fancy Stuff Works." Of course, these examples are now BAD passwords, since they are here.</p> <CENTER> <FORM METHOD=POST ACTION="<% echo $PHP_SELF %>"> <TABLE BORDER=3 CELLPADDING=0 CELLSPACING=0> <TR> <TD ALIGN=CENTER BGCOLOR=#C0C0C0> <TABLE BORDER=0 CELLPADDING=3 CELLSPACING=3> <TR> <TD ALIGN=RIGHT>User Name</TD> <TD><INPUT TYPE=TEXT SIZE=10 MAXLENGTH=16 NAME=user[name]></TD> </TR> <TR> <TD ALIGN=RIGHT>Password</TD> <TD><INPUT TYPE=PASSWORD SIZE=10 MAXLENGTH=10 NAME=user[pass]></TD> </TR> <TR> <TD ALIGN=RIGHT>New Password</TD> <TD><INPUT TYPE=PASSWORD SIZE=10 MAXLENGTH=10 NAME=user[new1]></TD> </TR> <TR> <TD ALIGN=RIGHT>Confirm New Password</TD> <TD><INPUT TYPE=PASSWORD SIZE=10 MAXLENGTH=10 NAME=user[new2]></TD> </TR> </TABLE> <HR> <INPUT TYPE=SUBMIT VALUE="Change Password"> <INPUT TYPE="reset" VALUE="Clear"><BR><BR> </TD> </TR> </TABLE> </FORM> </CENTER> <? } ?> --------------94D06D7E055FFCD8B6D19D40-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?386A7B3E.F66B9E02>