Date: Fri, 9 Apr 1999 00:02:47 +0200 (SAST) From: Khetan Gajjar <khetan@chain.freebsd.os.org.za> To: Dibyo Gahari <dibyo@bali.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: how to change a password through a web page ? Message-ID: <Pine.BSF.4.10.9904082359300.16986-100000@chain.freebsd.os.org.za> In-Reply-To: <Pine.BSF.4.03.9904081233240.25113-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Around Today, "Doug White" wrote : DW> > Where can I find a freeware script to realize it ? DW> DW> Everyone wants to do this, surely _SOMEONE_ has their code posed o a site DW> somewhere... Even better, I'll include one here. This was taken from somewhere (I forget where). Set httpd.server.name to the name that runs the script, and poppassd.server.name to the name of the server running Qualcomm's poppassd. I would personally recommend tcp_wrapping popassd so that it can only be accessed by the web server, to increase security slightly. I call it with a bit of HTML that looks like this : --sample passwd.html-- <form action="/cgi-bin/change-pass.cgi" method="POST"> Enter your username (all lower case): <BR> <input type=text name="username" size=20><BR> <P> Enter your current password: <BR> <input type="password" name="oldpasswd" size=20><br> Select a new password: <BR><input type="password" name="passwd" size=20> <BR> Re-enter your new password for verification: <BR> <input type="password" name="passwd1" size=20> <p> <input type="submit" value="Change Password"> <input type = "reset" value = "Clear Fields"> </form> --sample passwd.html-- --/cgi-bin/change-pass.cgi-- #!/usr/bin/perl # # Simple POPPASSD Password Changer # mp@atlantic.net 2/1/97 # # Thanks to westnet.com for the idea; written cause I couldnt # get theirs to work. This one asks for username and password # and changes the password via POPPASSD. (There is a sample # index.html that goes with this. put it in a directory called # password under your document root, and then users can call # it like http://www.atlantic.net/password # # It uses your poppassd port to do the work, so it requires # you have it installed -- but that way it will honor any # type of security checks you want/have implemented. # Isn't that special? # # You will need to change the line with $clientid= # to your poppassd server -- this script can be run on a # different machine than where the poppassd program resides; # and you will have to change the "rawclient" line from # rio.atlantic.net to match the hostname of the host # this script runs from. # # If your looking for a link to the 'net, check out # http://www.atlantic.net; we work with ISPs/corporations/individuals # # Use @ your own risk! read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); # Split the name-value pairs @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); # Un-Webify plus signs and %-encoding $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $name =~ tr/+/ /; $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; # Set each variable if ($name eq "username") { $n=$value; } if ($name eq "oldpasswd") { $op=$value; } if ($name eq "passwd") { $np=$value; } if ($name eq "passwd1") { $np1=$value; } # Stop people from using subshells to execute commands # Not a big deal when using sendmail, but very important # when using UCB mail (aka mailx). # $value =~ s/~!/ ~!/g; # Uncomment for debugging purposes # print "Setting $name to $value<P>"; # $FORM{$name} = $value; } if ($np ne $np1) { $line="New Passwords Dont Match."; &error_out; } $port=106; $clientid="popassd.server.name"; while(getservbyport($port,"tcp")) { $port++; } ($d1,$d2,$prototype)=getprotobyname("tcp"); ($d1,$d2,$d3,$d4,$rawclient)=gethostbyname("httpd.server.name"); ($d1,$d2,$d3,$d4,$rawserver)=gethostbyname($clientid); $clientaddr=pack("Sna4x8",2,0,$rawclient); $serveraddr=pack("Sna4x8",2,$port,$rawserver); socket(SOCKET,2,1,$prototype) || die("No socket"); bind (SOCKET,$clientaddr) || die ("Can't bind"); $cstat=connect(SOCKET, $serveraddr); select(SOCKET); $|=1; if ($cstat != 0) { &get_reply; print SOCKET "user $n\n"; &get_reply; print SOCKET "pass $op\n"; &get_reply; print SOCKET "newpass $np\n"; &get_reply; select(STDOUT); printf("Content-type: text/html\n"); printf("\n"); printf("<HTML>\n"); printf("<TITLE>Password Changed Successfully.</TITLE>\n"); printf("<BR>\n"); printf("Your password has been changed successfully. It may take up\n"); printf("to 6 hours for your new password to take effect.<BR>"); printf("<BR>\n"); printf("$line<BR>\n"); printf("<BR>"); printf("</HTML>\n"); exit(1); } else { $line="Password Server is not responding.\n"; &error_out; } close(SOCKET); exit(1); sub get_reply { $line=<SOCKET>; $v=substr($line,0,3); if ($v ne "200") { &error_out; } } sub error_out { select(STDOUT); printf("Content-type: text/html\n"); printf("\n"); printf("<HTML>\n"); printf("<TITLE>An error has occurred</TITLE>\n"); printf("<BR>\n"); printf("We were unable to change your password. Please read the\n"); printf("diagnostic message below and try again. If you need additional\n"); printf("assistance, please send e-mail to webmaster\@dom.a.in with the following"); printf(" diagnostic message.<BR><BR>"); printf("<BR>\n"); printf("<B>$line</B><BR>\n"); printf("<BR>"); printf("Please go to <a href=\"http://httpd.server.name/blah.html\">http://httpd.server.name/blah.html</A>; to try again.\n"); printf("</HTML>\n"); exit(1); } --/cgi-bin/change-pass.cgi-- --- Khetan Gajjar (!kg1779) * khetan@os.org.za http://www.os.org.za/~khetan * Talk/Finger khetan@chain.freebsd.os.org.za FreeBSD enthusiast * http://www2.za.freebsd.org/ Security-wise, NT is a OS with a "kick me" sign taped to it Reference : <Pine.BSF.4.03.9904081233240.25113-100000@resnet.uoregon.edu> Date : Apr 8, 1999, 12:34pm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9904082359300.16986-100000>