Date: Sat, 10 Apr 1999 10:04:00 +0800 From: Dibyo Gahari <dibyo@bali.net> To: Khetan Gajjar <khetan@os.org.za> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: how to change a password through a web page ? Message-ID: <Version.32.19990410094255.016d9d90@bali.net> In-Reply-To: <Pine.BSF.4.10.9904091831350.16986-100000@chain.freebsd.os. org.za> References: <Version.32.19990410000043.01701da0@bali.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, At 00:32 10/04/99 , Khetan Gajjar wrote: >DG> Although I have not successfully installed the script yet, I think it's >DG> close to what I need. There is "Password Server is not responding." message. > >You _MUST_ edit the script file to replace the hostnames correctly. server.jad.net is my hostname, and bali.net as a virtual host. So, on the script, I used "server.jad.net", but failed. I used "bali.net", also failed. >DG> FYI, I installed poppassd-4_0.tgz from FreeBSD.ORG. >DG> Please advice. > >Did you edit the cgi to ensure that it's pointing to the correct poppassd >host ? Also, is the script executable ? I used both domains, and failed. And of course, chmod is 755. Please advice. Regards, Dibyo Gahari ---------------modified script------------------ #!/usr/bin/perl # # Simple POPPASSD Password Changer # mp@atlantic.net 2/1/97 # # Thanks to westnet.com for the idea; written cause I couldnt # get theirs to work. This one asks for username and password # and changes the password via POPPASSD. (There is a sample # index.html that goes with this. put it in a directory called # password under your document root, and then users can call # it like http://www.atlantic.net/password # # It uses your poppassd port to do the work, so it requires # you have it installed -- but that way it will honor any # type of security checks you want/have implemented. # Isn't that special? # # You will need to change the line with $clientid= # to your poppassd server -- this script can be run on a # different machine than where the poppassd program resides; # and you will have to change the "rawclient" line from # rio.atlantic.net to match the hostname of the host # this script runs from. # # If your looking for a link to the 'net, check out # http://www.atlantic.net; we work with ISPs/corporations/individuals # # Use @ your own risk! read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); # Split the name-value pairs @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); # Un-Webify plus signs and %-encoding $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $name =~ tr/+/ /; $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; # Set each variable if ($name eq "username") { $n=$value; } if ($name eq "oldpasswd") { $op=$value; } if ($name eq "passwd") { $np=$value; } if ($name eq "passwd1") { $np1=$value; } # Stop people from using subshells to execute commands # Not a big deal when using sendmail, but very important # when using UCB mail (aka mailx). # $value =~ s/~!/ ~!/g; # Uncomment for debugging purposes # print "Setting $name to $value<P>"; # $FORM{$name} = $value; } if ($np ne $np1) { $line="New Passwords Don't Match."; &error_out; } $port=106; $clientid="bali.net"; while(getservbyport($port,"tcp")) { $port++; } ($d1,$d2,$prototype)=getprotobyname("tcp"); ($d1,$d2,$d3,$d4,$rawclient)=gethostbyname("bali.net"); ($d1,$d2,$d3,$d4,$rawserver)=gethostbyname($clientid); $clientaddr=pack("Sna4x8",2,0,$rawclient); $serveraddr=pack("Sna4x8",2,$port,$rawserver); socket(SOCKET,2,1,$prototype) || die("No socket"); bind (SOCKET,$clientaddr) || die ("Can't bind"); $cstat=connect(SOCKET, $serveraddr); select(SOCKET); $|=1; if ($cstat != 0) { &get_reply; print SOCKET "user $n\n"; &get_reply; print SOCKET "pass $op\n"; &get_reply; print SOCKET "newpass $np\n"; &get_reply; select(STDOUT); printf("Content-type: text/html\n"); printf("\n"); printf("<HTML>\n"); printf("<TITLE>Password Changed Successfully.</TITLE>\n"); printf("<BR>\n"); printf("Your password has been changed successfully. It may take up\n"); printf("to 6 hours for your new password to take effect.<BR>"); printf("<BR>\n"); printf("$line<BR>\n"); printf("<BR>"); printf("</HTML>\n"); exit(1); } else { $line="Password Server is not responding.\n"; &error_out; } close(SOCKET); exit(1); sub get_reply { $line=<SOCKET>; $v=substr($line,0,3); if ($v ne "200") { &error_out; } } sub error_out { select(STDOUT); printf("Content-type: text/html\n"); printf("\n"); printf("<HTML>\n"); printf("<TITLE>An error has occurred</TITLE>\n"); printf("<BR>\n"); printf("We were unable to change your password. Please read the\n"); printf("diagnostic message below and try again. If you need additional\n"); printf("assistance, please send e-mail to webmaster\@jad.net with the following"); printf(" diagnostic message.<BR><BR>"); printf("<BR>\n"); printf("<B>$line</B><BR>\n"); printf("<BR>"); printf("Please go to <a href=\"http://202.134.2.38/password.html\">password page to try again.\n"); printf("</HTML>\n"); exit(1); } -------------end of script---------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Version.32.19990410094255.016d9d90>