From: Michael Tremer Date: Fri, 8 Apr 2016 15:16:57 +0000 (+0100) Subject: Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next X-Git-Tag: v2.19-core101~18 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=36ba4ebe992fd023f9c86efd8a8d66fa0aa751ad;hp=b395d3289d0008b4fd274346f6cb5b50096b6f71;p=people%2Fpmueller%2Fipfire-2.x.git Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next --- diff --git a/config/rootfiles/core/101/filelists/files b/config/rootfiles/core/101/filelists/files index 409e5fe8ac..0f75ac841d 100644 --- a/config/rootfiles/core/101/filelists/files +++ b/config/rootfiles/core/101/filelists/files @@ -1,2 +1,5 @@ etc/system-release etc/issue +srv/web/ipfire/cgi-bin/chpasswd.cgi +srv/web/ipfire/cgi-bin/ipinfo.cgi +srv/web/ipfire/cgi-bin/proxy.cgi diff --git a/html/cgi-bin/chpasswd.cgi b/html/cgi-bin/chpasswd.cgi index ae9e6ec70b..0a66062edb 100644 --- a/html/cgi-bin/chpasswd.cgi +++ b/html/cgi-bin/chpasswd.cgi @@ -20,6 +20,7 @@ ############################################################################### use CGI qw(param); +use Apache::Htpasswd; use Crypt::PasswdMD5; $swroot = "/var/ipfire"; @@ -74,48 +75,25 @@ if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'}) $errormessage = $tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$tr{'advproxy errmsg password length 2'}; goto ERROR; } - if (! -z $userdb) - { - open FILE, $userdb; - @users = ; - close FILE; - $username = ''; - $cryptpwd = ''; + my $htpasswd = new Apache::Htpasswd("$userdb"); - foreach (@users) - { - chomp; - @temp = split(/:/,$_); - if ($temp[0] =~ /^$cgiparams{'USERNAME'}$/i) - { - $username = $temp[0]; - $cryptpwd = $temp[1]; - } - } - } - if ($username eq '') - { + # Check if a user with this name exists + my $old_password = $htpasswd->fetchPass($cgiparams{'USERNAME'}); + if (!$old_password) { $errormessage = $tr{'advproxy errmsg invalid user'}; goto ERROR; } - if ( - !(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd) && - !(apache_md5_crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd) - ) - { + + # Reset password + if (!$htpasswd->htpasswd($cgiparams{'USERNAME'}, $cgiparams{'NEW_PASSWORD_1'}, + $cgiparams{'OLD_PASSWORD'})) { $errormessage = $tr{'advproxy errmsg password incorrect'}; goto ERROR; } - $returncode = system("/usr/sbin/htpasswd -b $userdb $username $cgiparams{'NEW_PASSWORD_1'}"); - if ($returncode == 0) - { - $success = 1; - undef %cgiparams; - } else { - $errormessage = $tr{'advproxy errmsg change fail'}; - goto ERROR; - } + + $success = 1; + undef %cgiparams; } ERROR: diff --git a/html/cgi-bin/ipinfo.cgi b/html/cgi-bin/ipinfo.cgi index 71098a2529..8cefe6e853 100644 --- a/html/cgi-bin/ipinfo.cgi +++ b/html/cgi-bin/ipinfo.cgi @@ -19,6 +19,7 @@ # # ############################################################################### +use CGI; use IO::Socket; use strict; @@ -34,18 +35,14 @@ my %cgiparams=(); &Header::showhttpheaders(); -&Header::getcgihash(\%cgiparams); - -$ENV{'QUERY_STRING'} =~s/&//g; -my @addrs = split(/ip=/,$ENV{'QUERY_STRING'}); - &Header::openpage($Lang::tr{'ip info'}, 1, ''); - &Header::openbigbox('100%', 'left'); my @lines=(); my $extraquery=''; -foreach my $addr (@addrs) { -next if $addr eq ""; + +my $addr = CGI::param("ip") || ""; + +if (&General::validip($addr)) { $extraquery=''; @lines=(); my $whoisname = "whois.arin.net"; @@ -91,6 +88,14 @@ next if $addr eq ""; } print "\n"; &Header::closebox(); +} else { + &Header::openbox('100%', 'left', $Lang::tr{'invalid ip'}); + print < + $Lang::tr{'invalid ip'} +

+EOF + &Header::closebox(); } print <htpasswd($str_user, $str_pass); } if ($str_group eq 'standard') { open(FILE, ">>$stdgrp");