From owner-freebsd-questions Fri Apr 9 14:32:50 1999 Delivered-To: freebsd-questions@freebsd.org Received: from server.jad.net (unknown [202.134.2.38]) by hub.freebsd.org (Postfix) with ESMTP id E9E4715D99 for ; Fri, 9 Apr 1999 13:51:53 -0700 (PDT) (envelope-from dibyo@bali.net) Received: from home (ppp004.dpr.vidas.telkom.net.id [203.130.255.4]) by server.jad.net (8.8.5/8.9.0) with SMTP id XAA00294; Fri, 9 Apr 1999 23:04:12 +0700 (JAVT) Message-Id: X-Sender: dibyo@bali.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Sat, 10 Apr 1999 00:03:48 +0800 To: Khetan Gajjar From: Dibyo Gahari Subject: Re: how to change a password through a web page ? Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thanks a lot, Khetan Gajjar. Although I have not successfully installed the script yet, I think it's close to what I need. There is "Password Server is not responding." message. FYI, I installed poppassd-4_0.tgz from FreeBSD.ORG. Please advice. Regards, Dibyo Gahari At 06:02 09/04/99 , Khetan Gajjar wrote: >Around Today, "Doug White" wrote : > >DW> > Where can I find a freeware script to realize it ? >DW> >DW> Everyone wants to do this, surely _SOMEONE_ has their code posed o a site >DW> somewhere... > >Even better, I'll include one here. > >This was taken from somewhere (I forget where). > >Set httpd.server.name to the name that runs the script, >and poppassd.server.name to the name of the server running >Qualcomm's poppassd. > >I would personally recommend tcp_wrapping popassd so that it >can only be accessed by the web server, to increase security >slightly. > >I call it with a bit of HTML that looks like this : > >--sample passwd.html-- >
>Enter your username (all lower case):
>
>

>Enter your current password:
>
>Select a new password:

>Re-enter your new password for verification:
>

> > > > >

>--sample passwd.html-- > >--/cgi-bin/change-pass.cgi-- >#!/usr/bin/perl ># ># Simple POPPASSD Password Changer ># mp@atlantic.net 2/1/97 ># ># Thanks to westnet.com for the idea; written cause I couldnt ># get theirs to work. This one asks for username and password ># and changes the password via POPPASSD. (There is a sample ># index.html that goes with this. put it in a directory called ># password under your document root, and then users can call ># it like http://www.atlantic.net/password ># ># It uses your poppassd port to do the work, so it requires ># you have it installed -- but that way it will honor any ># type of security checks you want/have implemented. ># Isn't that special? ># ># You will need to change the line with $clientid= ># to your poppassd server -- this script can be run on a ># different machine than where the poppassd program resides; ># and you will have to change the "rawclient" line from ># rio.atlantic.net to match the hostname of the host ># this script runs from. ># ># If your looking for a link to the 'net, check out ># http://www.atlantic.net; we work with ISPs/corporations/individuals ># ># Use @ your own risk! > >read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); > ># Split the name-value pairs >@pairs = split(/&/, $buffer); > >foreach $pair (@pairs) >{ > ($name, $value) = split(/=/, $pair); > > # Un-Webify plus signs and %-encoding > $value =~ tr/+/ /; > $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; > $name =~ tr/+/ /; > $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; > > > # Set each variable > >if ($name eq "username") >{ > $n=$value; >} >if ($name eq "oldpasswd") >{ > $op=$value; >} >if ($name eq "passwd") >{ > $np=$value; >} >if ($name eq "passwd1") >{ > $np1=$value; >} > # Stop people from using subshells to execute commands > # Not a big deal when using sendmail, but very important > # when using UCB mail (aka mailx). > # $value =~ s/~!/ ~!/g; > > # Uncomment for debugging purposes > # print "Setting $name to $value

"; > ># $FORM{$name} = $value; >} > >if ($np ne $np1) >{ > $line="New Passwords Dont Match."; > &error_out; >} > >$port=106; >$clientid="popassd.server.name"; > > >while(getservbyport($port,"tcp")) { > $port++; >} > >($d1,$d2,$prototype)=getprotobyname("tcp"); >($d1,$d2,$d3,$d4,$rawclient)=gethostbyname("httpd.server.name"); >($d1,$d2,$d3,$d4,$rawserver)=gethostbyname($clientid); >$clientaddr=pack("Sna4x8",2,0,$rawclient); >$serveraddr=pack("Sna4x8",2,$port,$rawserver); >socket(SOCKET,2,1,$prototype) || die("No socket"); >bind (SOCKET,$clientaddr) || die ("Can't bind"); >$cstat=connect(SOCKET, $serveraddr); >select(SOCKET); >$|=1; > >if ($cstat != 0) >{ >&get_reply; >print SOCKET "user $n\n"; >&get_reply; >print SOCKET "pass $op\n"; >&get_reply; >print SOCKET "newpass $np\n"; >&get_reply; >select(STDOUT); >printf("Content-type: text/html\n"); >printf("\n"); >printf("\n"); >printf("Password Changed Successfully.\n"); >printf("
\n"); >printf("Your password has been changed successfully. It may take up\n"); >printf("to 6 hours for your new password to take effect.
"); >printf("
\n"); >printf("$line
\n"); >printf("
"); >printf("\n"); >exit(1); >} >else >{ > $line="Password Server is not responding.\n"; > &error_out; >} > >close(SOCKET); >exit(1); > >sub get_reply >{ > $line=; > $v=substr($line,0,3); > if ($v ne "200") > { > &error_out; > } >} > >sub error_out >{ > >select(STDOUT); >printf("Content-type: text/html\n"); >printf("\n"); >printf("\n"); >printf("An error has occurred\n"); >printf("
\n"); >printf("We were unable to change your password. Please read the\n"); >printf("diagnostic message below and try again. If you need additional\n"); >printf("assistance, please send e-mail to webmaster\@dom.a.in with the >following"); >printf(" diagnostic message.

"); >printf("
\n"); >printf("$line
\n"); >printf("
"); >printf("Please go to href=\"http://httpd.server.name/blah.html\">http://httpd.server.name/blah.h tml >to try again.\n"); printf("\n"); >exit(1); > >} >--/cgi-bin/change-pass.cgi-- > >--- >Khetan Gajjar (!kg1779) * khetan@os.org.za >http://www.os.org.za/~khetan * Talk/Finger khetan@chain.freebsd.os.org.za >FreeBSD enthusiast * http://www2.za.freebsd.org/ >Security-wise, NT is a OS with a "kick me" sign taped to it > >Reference : >Date : Apr 8, 1999, 12:34pm > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message