From owner-freebsd-isp  Wed Dec 29 13: 6: 0 1999
Delivered-To: freebsd-isp@freebsd.org
Received: from bekool.com (ns2.netquick.net [216.48.34.2])
	by hub.freebsd.org (Postfix) with ESMTP id D293414EB9
	for <freebsd-isp@freebsd.org>; Wed, 29 Dec 1999 13:05:53 -0800 (PST)
	(envelope-from trouble@netquick.net)
Received: from bastille.netquick.net
	([216.48.32.159] helo=netquick.net ident=root)
	by bekool.com with esmtp (Exim 3.03 #1)
	id 123Ql4-000F4a-00; Wed, 29 Dec 1999 16:35:50 -0500
Message-ID: <386A7B3E.F66B9E02@netquick.net>
Date: Wed, 29 Dec 1999 16:21:02 -0500
From: TrouBle <trouble@netquick.net>
Reply-To: trouble@netquick.net
Organization: Hacked Furbies
X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.4-STABLE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Troy Settle <st@i-plus.net>
Cc: aLan Tait <aLan@fil.net>, Brent Rector <brentr@tccsweb.com>,
	freebsd-isp@FreeBSD.ORG
Subject: Re: Changing Passwords for Users using http: port 80
References: <FNEMIHIFMKFBMDBKFDPBGEHMCAAA.st@i-plus.net>
Content-Type: multipart/mixed;
 boundary="------------94D06D7E055FFCD8B6D19D40"
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

This is a multi-part message in MIME format.
--------------94D06D7E055FFCD8B6D19D40
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

here is a correct working passwd changing php script.....

just had to modify the %'s to be ?'s
--------------94D06D7E055FFCD8B6D19D40
Content-Type: text/plain; charset=us-ascii;
 name="passwd.php"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="passwd.php"

<?
/*
 * Poppass Gateway
 * 
 * Shamelessly stolen from the imp/contrib directory
 * 
 * re-written to work standalone, or included from any other applications
 *
 * This would probably be better written as a class, but this serves my
 * purposes.  I tested this with all manner of input, trying to break it,
 * and didn't manage to do it.  If you make modifications or improvements
 * to this, please email them to me at <st@i-plus.net>, I would appreciate it.
 */



/*
 * Set your server and port
 */

$poppass_server	= "127.0.0.1";
$poppass_port	= 106;

/*
 * Do some basic error checking.
 * 
 * Required fields:
 * 
 * 	login
 * 	old password
 *      newpassword twice (make sure user has at least some idea of what he's doing)
 */

if (($user[name]) && ($user[pass]) && (($user[new1]) == ($user[new2])) && ($user[new1])) {


/*
 * I changed this routine quite a bit because it was originally calling
 * some error functions from the IMP libraries.  Presumably, these functions
 * spit out an error message, and exited the script.
 * 
 * I'm doing it with $__ppc
 *
 */


	$__ppc = "yes";
	$passd = fsockopen($poppass_server, $poppass_port, &$errno, &$errstr);
	set_socket_blocking($passd,true);
	if ($passd){
		$input = fgets($passd, 128);
		if(!eregi( "^200", $input)) {
			fclose($passd);
			echo "<H2>Password NOT Changed</H2>\n";
			echo "<STRONG>Died while connecting:</STRONG> $input<P>\n";
			unset($__ppc);
		}
		if ($__ppc) {
			fputs($passd,"user $user[name]\n");
			$input = fgets($passd, 128);
			if(!eregi( "^200", $input)) {
				fclose($passd);
				echo "<H2>Password NOT Changed</H2>\n";
				echo "<STRONG>Died while logging in:</STRONG> $input<P>\n";
				unset($__ppc);
			}
		}

		if ($__ppc) {
			fputs($passd,"pass $user[pass]\n");
			$input = fgets($passd, 128);
			if(!eregi( "^200", $input)) {
				fclose($passd);
				echo "<H2>Password NOT Changed</H2>\n";
				echo "<STRONG>Died while logging in:</STRONG> $input<P>\n";
				unset($__ppc);
			}
		}

		if ($__ppc) {
			fputs($passd,"newpass $user[new1]\n");
			$input = fgets($passd, 128);
			if(!eregi( "^200", $input)){
				fclose($passd);
				echo "<H2>Password NOT Changed</H2>\n";
				echo "<STRONG>Died while changing password:</STRONG> $input<P>\n";
				unset($__ppc);
			}
		}
		if ($__ppc) {
			fputs($passd,"quit\n");
			$input = fgets($passd, 128);
			if(!eregi( "^200", $input)){
				fclose($passd);
				echo "<H2>Password NOT Changed</H2>\n";
				echo "<STRONG>Died while quitting:</STRONG> $input<P>\n";
				unset($__ppc);
			}
		}
		if ($__ppc) {
			fclose($passd);
			?>
			<H2>Password Sucessfully Changed</H2>
			<?
		}
	} else {
		?><H2>Password NOT Changed</H2>
		<STRONG>Could Not Open Socket</STRONG><P><?
	}
} else {
	if ($user[new1] != $user[new2]) {
		?><H2>Password NOT Changed</H2>
		<STRONG>New Password Mis-match</STRONG><P><?
	}
	$showform == "yes";
}


if(($showform == "yes") || (!($__ppc))) {

// We need to show the damn form again

?>
<p>Please enter your username, old password, and new password (twice) in the form below.</p>

<p>Please be careful with your password selection, your password should be something you will remember, but
someone trying to break into your account would find hard to guess. You can use any combination of 6 to 8 upper
and lower case letters, numbers, and punctuation. Please note that the password is case sensitive, so 'HELLO' is
different from 'hello' is different from 'hElLo'.&nbsp; You are required to either mix upper/lower case or mix
alpha/numeric characters.</p>

<p><strong>DO NOT USE YOUR NAME AS A PASSWORD!</strong> In fact, you should avoid using actual words at all. You
might take two short words and combine them with a special character or number, as in &quot;robot4my', or
'eye-con'. You could also put together an acronym that is special to you, such as 'Notfsw' for 'None Of This Fancy
Stuff Works.&quot; Of course, these examples are now BAD passwords, since they are here.</p>

<CENTER>
  <FORM METHOD=POST ACTION="<% echo $PHP_SELF %>">
    <TABLE BORDER=3 CELLPADDING=0 CELLSPACING=0>
      <TR>
        <TD ALIGN=CENTER BGCOLOR=#C0C0C0>
          <TABLE BORDER=0 CELLPADDING=3 CELLSPACING=3>
            <TR>
              <TD ALIGN=RIGHT>User Name</TD>
              <TD><INPUT TYPE=TEXT SIZE=10 MAXLENGTH=16 NAME=user[name]></TD>
            </TR>
            <TR>
              <TD ALIGN=RIGHT>Password</TD>
            <TD><INPUT TYPE=PASSWORD SIZE=10 MAXLENGTH=10 NAME=user[pass]></TD>
            </TR>
            <TR>
              <TD ALIGN=RIGHT>New Password</TD>
              <TD><INPUT TYPE=PASSWORD SIZE=10 MAXLENGTH=10 NAME=user[new1]></TD>
            </TR>
            <TR>
              <TD ALIGN=RIGHT>Confirm New Password</TD>
              <TD><INPUT TYPE=PASSWORD SIZE=10 MAXLENGTH=10 NAME=user[new2]></TD>
            </TR>
          </TABLE>
          <HR>
          <INPUT TYPE=SUBMIT VALUE="Change Password">
          <INPUT TYPE="reset" VALUE="Clear"><BR><BR>
        </TD>
      </TR>
    </TABLE>
  </FORM>
</CENTER>

<?
}
?>

--------------94D06D7E055FFCD8B6D19D40--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message