From owner-freebsd-questions Fri Apr 9 19:11:29 1999 Delivered-To: freebsd-questions@freebsd.org Received: from server.jad.net (unknown [202.134.2.38]) by hub.freebsd.org (Postfix) with ESMTP id 171EF14CFA for ; Fri, 9 Apr 1999 19:11:20 -0700 (PDT) (envelope-from dibyo@bali.net) Received: from home (ppp085.dpr.vidas.telkom.net.id [203.130.255.85]) by server.jad.net (8.8.5/8.9.0) with SMTP id JAA03278; Sat, 10 Apr 1999 09:07:17 +0700 (JAVT) Message-Id: Message-Id: X-Sender: dibyo@bali.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Sat, 10 Apr 1999 10:04:00 +0800 To: Khetan Gajjar From: Dibyo Gahari Subject: Re: how to change a password through a web page ? Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, At 00:32 10/04/99 , Khetan Gajjar wrote: >DG> Although I have not successfully installed the script yet, I think it's >DG> close to what I need. There is "Password Server is not responding." message. > >You _MUST_ edit the script file to replace the hostnames correctly. server.jad.net is my hostname, and bali.net as a virtual host. So, on the script, I used "server.jad.net", but failed. I used "bali.net", also failed. >DG> FYI, I installed poppassd-4_0.tgz from FreeBSD.ORG. >DG> Please advice. > >Did you edit the cgi to ensure that it's pointing to the correct poppassd >host ? Also, is the script executable ? I used both domains, and failed. And of course, chmod is 755. Please advice. Regards, Dibyo Gahari ---------------modified script------------------ #!/usr/bin/perl # # Simple POPPASSD Password Changer # mp@atlantic.net 2/1/97 # # Thanks to westnet.com for the idea; written cause I couldnt # get theirs to work. This one asks for username and password # and changes the password via POPPASSD. (There is a sample # index.html that goes with this. put it in a directory called # password under your document root, and then users can call # it like http://www.atlantic.net/password # # It uses your poppassd port to do the work, so it requires # you have it installed -- but that way it will honor any # type of security checks you want/have implemented. # Isn't that special? # # You will need to change the line with $clientid= # to your poppassd server -- this script can be run on a # different machine than where the poppassd program resides; # and you will have to change the "rawclient" line from # rio.atlantic.net to match the hostname of the host # this script runs from. # # If your looking for a link to the 'net, check out # http://www.atlantic.net; we work with ISPs/corporations/individuals # # Use @ your own risk! read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); # Split the name-value pairs @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); # Un-Webify plus signs and %-encoding $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $name =~ tr/+/ /; $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; # Set each variable if ($name eq "username") { $n=$value; } if ($name eq "oldpasswd") { $op=$value; } if ($name eq "passwd") { $np=$value; } if ($name eq "passwd1") { $np1=$value; } # Stop people from using subshells to execute commands # Not a big deal when using sendmail, but very important # when using UCB mail (aka mailx). # $value =~ s/~!/ ~!/g; # Uncomment for debugging purposes # print "Setting $name to $value

"; # $FORM{$name} = $value; } if ($np ne $np1) { $line="New Passwords Don't Match."; &error_out; } $port=106; $clientid="bali.net"; while(getservbyport($port,"tcp")) { $port++; } ($d1,$d2,$prototype)=getprotobyname("tcp"); ($d1,$d2,$d3,$d4,$rawclient)=gethostbyname("bali.net"); ($d1,$d2,$d3,$d4,$rawserver)=gethostbyname($clientid); $clientaddr=pack("Sna4x8",2,0,$rawclient); $serveraddr=pack("Sna4x8",2,$port,$rawserver); socket(SOCKET,2,1,$prototype) || die("No socket"); bind (SOCKET,$clientaddr) || die ("Can't bind"); $cstat=connect(SOCKET, $serveraddr); select(SOCKET); $|=1; if ($cstat != 0) { &get_reply; print SOCKET "user $n\n"; &get_reply; print SOCKET "pass $op\n"; &get_reply; print SOCKET "newpass $np\n"; &get_reply; select(STDOUT); printf("Content-type: text/html\n"); printf("\n"); printf("\n"); printf("Password Changed Successfully.\n"); printf("
\n"); printf("Your password has been changed successfully. It may take up\n"); printf("to 6 hours for your new password to take effect.
"); printf("
\n"); printf("$line
\n"); printf("
"); printf("\n"); exit(1); } else { $line="Password Server is not responding.\n"; &error_out; } close(SOCKET); exit(1); sub get_reply { $line=; $v=substr($line,0,3); if ($v ne "200") { &error_out; } } sub error_out { select(STDOUT); printf("Content-type: text/html\n"); printf("\n"); printf("\n"); printf("An error has occurred\n"); printf("
\n"); printf("We were unable to change your password. Please read the\n"); printf("diagnostic message below and try again. If you need additional\n"); printf("assistance, please send e-mail to webmaster\@jad.net with the following"); printf(" diagnostic message.

"); printf("
\n"); printf("$line
\n"); printf("
"); printf("Please go to password page to try again.\n"); printf("\n"); exit(1); } -------------end of script---------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message