Date: Thu, 20 Jun 2002 15:53:40 -0500 From: "Brett Cates" <bcates513@hotmail.com> To: freebsd-questions@freebsd.org Subject: Changing passwords via web page Message-ID: <F1846PYzDabigPasSmz000002bc@hotmail.com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_72d1_64a4_2915 Content-Type: text/plain; format=flowed Hi, I am trying to allow users to change their password via a web interface. I found a script that uses poppassd but I can not get it to work correctly. Poppassd is working correctly. I have attached both the script and the webpage just in case... If anyone knows a better way or can get the script working, I would be forever grateful. I am running 4.6 RELEASE and Apache. Thanks, Brett _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com ------=_NextPart_000_72d1_64a4_2915 Content-Type: text/html; name="index.html" Content-Transfer-Encoding: 8bit Content-Disposition: attachment; filename="index.html" <HTML> <HEAD> <TITLE>Atlantic.NET: Modify Password</TITLE> <BODY BGCOLOR="#ffffff" Text="#000000" Link="#0000bb" Vlink="#555555" Alink="#888888"> <IMG SRC="/images/atlantic_net.gif" ALT="Welcome To Atlantic Net" ALIGN=TOP> <CENTER><H1>Change Your Password</H1><hr></CENTER> </HEAD> <BODY> <h2>Identity Verification</h2> To verify your identity, please enter your current password below. We ask for your current password at this point so that an unauthorized person can not change your password without your knowledge, should you leave your computer unattended. <P> <form action="/cgi-bin/change-pass.cgi" method="POST"> <P> Enter your username (all lower case): <input type=text name="username" size=8><BR> <P> Enter your current password: <input type="password" name="oldpasswd" size=8><br> <hr> <h2> Select A New Password </h2> Now you must select a new password. Your password should be something you will remember, but someone trying to break into your account would find hard to guess. You can use any combination of 6 to 8 upper and lower case letters, numbers, and punctuation. Please note that the password is case sensitive, so 'HELLO' is different from 'hello' is different from 'hElLo'. <P> <STRONG>DO NOT USE YOUR NAME AS A PASSWORD!</STRONG> In fact, you should avoid using actual words at all. You might take two short words and combine them with a special character or number, as in "robot4my', or 'eye-con'. You could also put together an acronym that is special to you, such as 'Notfsw' for 'None Of This Fancy Stuff Works." Of course, these examples are now BAD passwords, since they are here. :-) If you choose a poor password, the system will not accept it, and may ask you to try again. <p> Here are the basic system requirements for a new password, remember, the system will reject passwords that may be poor. The best passwords consist of the following: <UL> <LI>Between 6 and 8 characters <LI>At least one upper-case character, and one lower-case character <LI>At least one non-alpha character, such as a number and/or character such as: !,@,#,$,% </UL> Select a new password: <input type="password" name="passwd" size=8> <BR> Re-enter your new password for verification: <input type="password" name="passwd1" size=8> <p> <input type="submit" value="Change Password"> <input type = "reset" value = "Clear Fields"> </form> </BODY> </HTML> ------=_NextPart_000_72d1_64a4_2915 Content-Type: text/plain; name="change-pass.cgi"; format=flowed Content-Transfer-Encoding: 8bit Content-Disposition: attachment; filename="change-pass.cgi" #!/usr/bin/perl # # Simple POPPASSD Password Changer # mp@atlantic.net 2/1/97 # # Thanks to westnet.com for the idea; written cause I couldnt # get theirs to work. This one asks for username and password # and changes the password via POPPASSD. (There is a sample # index.html that goes with this. put it in a directory called # password under your document root, and then users can call # it like http://www.atlantic.net/password # # It uses your poppassd port to do the work, so it requires # you have it installed -- but that way it will honor any # type of security checks you want/have implemented. # Isn't that special? # # You will need to change the line with $clientid= # to your poppassd server -- this script can be run on a # different machine than where the poppassd program resides; # and you will have to change the "rawclient" line from # rio.atlantic.net to match the hostname of the host # this script runs from. # # If your looking for a link to the 'net, check out # http://www.atlantic.net; we work with ISPs/corporations/individuals # # Use @ your own risk! read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); # Split the name-value pairs @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); # Un-Webify plus signs and %-encoding $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $name =~ tr/+/ /; $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; # Set each variable if ($name eq "username") { $n=$value; } if ($name eq "oldpasswd") { $op=$value; } if ($name eq "passwd") { $np=$value; } if ($name eq "passwd1") { $np1=$value; } # Stop people from using subshells to execute commands # Not a big deal when using sendmail, but very important # when using UCB mail (aka mailx). # $value =~ s/~!/ ~!/g; # Uncomment for debugging purposes # print "Setting $name to $value<P>"; # $FORM{$name} = $value; } if ($np ne $np1) { $line="New Passwords Dont Match."; &error_out; } $port=106; $clientid="rio.atlantic.net"; while(getservbyport($port,"tcp")) { $port++; } ($d1,$d2,$prototype)=getprotobyname("tcp"); ($d1,$d2,$d3,$d4,$rawclient)=gethostbyname("rio.atlantic.net"); ($d1,$d2,$d3,$d4,$rawserver)=gethostbyname($clientid); $clientaddr=pack("Sna4x8",2,0,$rawclient); $serveraddr=pack("Sna4x8",2,$port,$rawserver); socket(SOCKET,2,1,$prototype) || die("No socket"); bind (SOCKET,$clientaddr) || die ("Can't bind"); $cstat=connect(SOCKET, $serveraddr); select(SOCKET); $|=1; if ($cstat != 0) { &get_reply; print SOCKET "user $n\n"; &get_reply; print SOCKET "pass $op\n"; &get_reply; print SOCKET "newpass $np\n"; &get_reply; select(STDOUT); printf("Content-type: text/html\n"); printf("\n"); printf("<HTML>\n"); printf("<TITLE>Password Changed Successfully.</TITLE>\n"); printf("<BR>\n"); printf("Your password has been changed successfully. It may take up\n"); printf("to 6 hours for your new password to take effect.<BR>"); printf("<BR>\n"); printf("$line<BR>\n"); printf("<BR>"); printf("</HTML>\n"); exit(1); } else { $line="Password Server is not responding.\n"; &error_out; } close(SOCKET); exit(1); sub get_reply { $line=<SOCKET>; $v=substr($line,0,3); if ($v ne "200") { &error_out; } } sub error_out { select(STDOUT); printf("Content-type: text/html\n"); printf("\n"); printf("<HTML>\n"); printf("<TITLE>An error has occurred</TITLE>\n"); printf("<BR>\n"); printf("We were unable to change your password. Please read the\n"); printf("diagnostic message below and try again. If you need additional\n"); printf("assistance, please send e-mail to support\@atlantic.net with the following"); printf(" diagnostic message.<BR><BR>"); printf("<BR>\n"); printf("<B>$line</B><BR>\n"); printf("<BR>"); printf("Please go to <a href=\"http://www.atlantic.net/password\">http://www.atlantic.net/password</A> to try again.\n"); printf("</HTML>\n"); exit(1); } ------=_NextPart_000_72d1_64a4_2915-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F1846PYzDabigPasSmz000002bc>