]>
Commit | Line | Data |
---|---|---|
ed38f89d | 1 | #!/usr/bin/perl |
70df8302 MT |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2007 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
ed38f89d MT |
21 | |
22 | use CGI qw(param); | |
18e74048 | 23 | use Crypt::PasswdMD5; |
ed38f89d | 24 | |
363fb6af | 25 | $swroot = "/var/ipfire"; |
ed38f89d MT |
26 | |
27 | my %cgiparams; | |
28 | my %mainsettings; | |
29 | my %proxysettings; | |
30 | ||
31 | $proxysettings{'NCSA_MIN_PASS_LEN'} = 6; | |
32 | ||
33 | ### Initialize environment | |
34 | &readhash("${swroot}/main/settings", \%mainsettings); | |
35 | &readhash("${swroot}/proxy/advanced/settings", \%proxysettings); | |
36 | $language = $mainsettings{'LANGUAGE'}; | |
37 | ||
38 | ### Initialize language | |
39 | if ($language =~ /^(\w+)$/) {$language = $1;} | |
40 | # | |
41 | # Uncomment this to force a certain language: | |
42 | # $language='en'; | |
43 | # | |
44 | require "${swroot}/langs/en.pl"; | |
45 | require "${swroot}/langs/${language}.pl"; | |
46 | ||
47 | my $userdb = "$swroot/proxy/advanced/ncsa/passwd"; | |
48 | ||
49 | &readhash("$swroot/ethernet/settings", \%netsettings); | |
50 | ||
51 | my $success = 0; | |
52 | ||
53 | &getcgihash(\%cgiparams); | |
54 | ||
55 | if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'}) | |
56 | { | |
57 | if ($cgiparams{'USERNAME'} eq '') | |
58 | { | |
59 | $errormessage = $tr{'advproxy errmsg no username'}; | |
60 | goto ERROR; | |
61 | } | |
62 | if (($cgiparams{'OLD_PASSWORD'} eq '') || ($cgiparams{'NEW_PASSWORD_1'} eq '') || ($cgiparams{'NEW_PASSWORD_2'} eq '')) | |
63 | { | |
64 | $errormessage = $tr{'advproxy errmsg no password'}; | |
65 | goto ERROR; | |
66 | } | |
67 | if (!($cgiparams{'NEW_PASSWORD_1'} eq $cgiparams{'NEW_PASSWORD_2'})) | |
68 | { | |
69 | $errormessage = $tr{'advproxy errmsg passwords different'}; | |
70 | goto ERROR; | |
71 | } | |
72 | if (length($cgiparams{'NEW_PASSWORD_1'}) < $proxysettings{'NCSA_MIN_PASS_LEN'}) | |
73 | { | |
74 | $errormessage = $tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$tr{'advproxy errmsg password length 2'}; | |
75 | goto ERROR; | |
76 | } | |
77 | if (! -z $userdb) | |
78 | { | |
79 | open FILE, $userdb; | |
80 | @users = <FILE>; | |
81 | close FILE; | |
82 | ||
83 | $username = ''; | |
84 | $cryptpwd = ''; | |
85 | ||
86 | foreach (@users) | |
87 | { | |
88 | chomp; | |
89 | @temp = split(/:/,$_); | |
90 | if ($temp[0] =~ /^$cgiparams{'USERNAME'}$/i) | |
91 | { | |
92 | $username = $temp[0]; | |
93 | $cryptpwd = $temp[1]; | |
94 | } | |
95 | } | |
96 | } | |
97 | if ($username eq '') | |
98 | { | |
99 | $errormessage = $tr{'advproxy errmsg invalid user'}; | |
100 | goto ERROR; | |
101 | } | |
18e74048 AF |
102 | if ( |
103 | !(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd) && | |
104 | !(apache_md5_crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd) | |
105 | ) | |
ed38f89d MT |
106 | { |
107 | $errormessage = $tr{'advproxy errmsg password incorrect'}; | |
108 | goto ERROR; | |
109 | } | |
8fb1a115 | 110 | $returncode = system("/usr/sbin/htpasswd -b $userdb $username $cgiparams{'NEW_PASSWORD_1'}"); |
ed38f89d MT |
111 | if ($returncode == 0) |
112 | { | |
113 | $success = 1; | |
114 | undef %cgiparams; | |
115 | } else { | |
116 | $errormessage = $tr{'advproxy errmsg change fail'}; | |
117 | goto ERROR; | |
118 | } | |
119 | } | |
120 | ||
121 | ERROR: | |
122 | ||
123 | print "Pragma: no-cache\n"; | |
124 | print "Cache-control: no-cache\n"; | |
125 | print "Connection: close\n"; | |
126 | print "Content-type: text/html\n\n"; | |
127 | ||
128 | print <<END | |
129 | <html> | |
130 | <head> | |
131 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> | |
132 | <title></title> | |
133 | </head> | |
134 | ||
135 | <body bgcolor="#FFFFFF"> | |
136 | ||
137 | <center> | |
138 | ||
139 | <form method='post' action='$ENV{'SCRIPT_NAME'}'> | |
140 | ||
5be3900c | 141 | <table width="80%" cellspacing="10" cellpadding="5"> |
ed38f89d MT |
142 | |
143 | <tr> | |
5be3900c JPT |
144 | <td bgcolor="#FFFFFF" align="center"> |
145 | <table width="100%" cellspacing="10" cellpadding="10" bordercolor="#9A9A9A" border="1"> | |
ed38f89d | 146 | <tr> |
5be3900c JPT |
147 | <td nowrap bgcolor="#993333" align="center" > |
148 | <font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="4"> | |
ed38f89d MT |
149 | <b>$tr{'advproxy chgwebpwd change web password'}</b> |
150 | </font> | |
151 | </td> | |
152 | </tr> | |
153 | <tr> | |
154 | <td align="center"> | |
5be3900c | 155 | <table width="50%" cellspacing="7" cellpadding="7"> |
ed38f89d | 156 | <tr> |
5be3900c JPT |
157 | <td nowrap bgcolor="#FFFFFF" align="left"> |
158 | <font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2"> | |
ed38f89d MT |
159 | <b>$tr{'advproxy chgwebpwd username'}:</b> |
160 | </font> | |
161 | </td> | |
5be3900c | 162 | <td ><input type="text" name="USERNAME" value="$cgiparams{'USERNAME'}" size="30"></td> |
ed38f89d MT |
163 | </tr> |
164 | <tr> | |
5be3900c JPT |
165 | <td nowrap bgcolor="#FFFFFF" align="left"> |
166 | <font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2"> | |
ed38f89d MT |
167 | <b>$tr{'advproxy chgwebpwd old password'}:</b> |
168 | </font> | |
169 | </td> | |
5be3900c | 170 | <td><input type="password" name="OLD_PASSWORD" value="$cgiparams{'OLD_PASSWORD'}" size="30"></td> |
ed38f89d MT |
171 | </tr> |
172 | <tr> | |
5be3900c JPT |
173 | <td nowrap bgcolor="#FFFFFF" align="left"> |
174 | <font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2"> | |
ed38f89d MT |
175 | <b>$tr{'advproxy chgwebpwd new password'}:</b> |
176 | </font> | |
177 | </td> | |
5be3900c | 178 | <td><input type="password" name="NEW_PASSWORD_1" value="$cgiparams{'NEW_PASSWORD_1'}" size="30"></td> |
ed38f89d MT |
179 | </tr> |
180 | <tr> | |
5be3900c JPT |
181 | <td nowrap bgcolor="#FFFFFF" align="left"> |
182 | <font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2"> | |
ed38f89d MT |
183 | <b>$tr{'advproxy chgwebpwd new password confirm'}:</b> |
184 | </font> | |
185 | </td> | |
5be3900c | 186 | <td><input type="password" name="NEW_PASSWORD_2" value="$cgiparams{'NEW_PASSWORD_2'}" size="30"></td> |
ed38f89d MT |
187 | </tr> |
188 | </table> | |
189 | <table width="100%" cellspacing="7" cellpadding="7"> | |
190 | <tr> | |
191 | <td align="center"><br><input type='submit' name='SUBMIT' value="$tr{'advproxy chgwebpwd change password'}"></td> | |
192 | </tr> | |
193 | </table> | |
194 | </td> | |
195 | </tr> | |
196 | END | |
197 | ; | |
198 | ||
199 | if ($errormessage) | |
200 | { | |
201 | print <<END | |
202 | <tr> | |
203 | <td nowrap bgcolor="#FF0000" align="center"> | |
5be3900c | 204 | <font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="2"> |
ed38f89d MT |
205 | <b>$tr{'advproxy chgwebpwd ERROR'}</b> $errormessage |
206 | </font> | |
207 | </td> | |
208 | </tr> | |
209 | END | |
210 | ; | |
211 | } | |
212 | ||
213 | if ($success) | |
214 | { | |
215 | print <<END | |
216 | <tr> | |
217 | <td nowrap bgcolor="#00C000" align="center"> | |
5be3900c | 218 | <font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="2"> |
ed38f89d MT |
219 | <b>$tr{'advproxy chgwebpwd SUCCESS'}</b> $tr{'advproxy errmsg change success'} |
220 | </font> | |
221 | </td> | |
222 | </tr> | |
223 | END | |
224 | ; | |
225 | } | |
226 | ||
227 | ||
228 | print <<END | |
229 | ||
230 | </td> | |
231 | </tr> | |
232 | </table> | |
233 | ||
ed38f89d MT |
234 | </table> |
235 | ||
236 | </form> | |
237 | ||
238 | </center> | |
239 | ||
240 | </body> | |
241 | ||
242 | </html> | |
243 | END | |
244 | ; | |
245 | ||
246 | # ------------------------------------------------------------------- | |
247 | ||
248 | sub readhash | |
249 | { | |
250 | my $filename = $_[0]; | |
251 | my $hash = $_[1]; | |
252 | my ($var, $val); | |
253 | ||
254 | if (-e $filename) | |
255 | { | |
256 | open(FILE, $filename) or die "Unable to read file $filename"; | |
257 | while (<FILE>) | |
258 | { | |
259 | chop; | |
260 | ($var, $val) = split /=/, $_, 2; | |
261 | if ($var) | |
262 | { | |
263 | $val =~ s/^\'//g; | |
264 | $val =~ s/\'$//g; | |
265 | ||
266 | # Untaint variables read from hash | |
267 | $var =~ /([A-Za-z0-9_-]*)/; $var = $1; | |
268 | $val =~ /([\w\W]*)/; $val = $1; | |
269 | $hash->{$var} = $val; | |
270 | } | |
271 | } | |
272 | close FILE; | |
273 | } | |
274 | } | |
275 | ||
276 | # ------------------------------------------------------------------- | |
277 | ||
278 | sub getcgihash | |
279 | { | |
280 | my ($hash, $params) = @_; | |
281 | my $cgi = CGI->new (); | |
282 | return if ($ENV{'REQUEST_METHOD'} ne 'POST'); | |
283 | if (!$params->{'wantfile'}) { | |
284 | $CGI::DISABLE_UPLOADS = 1; | |
285 | $CGI::POST_MAX = 512 * 1024; | |
286 | } else { | |
287 | $CGI::POST_MAX = 10 * 1024 * 1024; | |
288 | } | |
289 | ||
290 | $cgi->referer() =~ m/^https?\:\/\/([^\/]+)/; | |
291 | my $referer = $1; | |
292 | $cgi->url() =~ m/^https?\:\/\/([^\/]+)/; | |
293 | my $servername = $1; | |
294 | return if ($referer ne $servername); | |
295 | ||
296 | ### Modified for getting multi-vars, split by | | |
297 | %temp = $cgi->Vars(); | |
298 | foreach my $key (keys %temp) { | |
299 | $hash->{$key} = $temp{$key}; | |
300 | $hash->{$key} =~ s/\0/|/g; | |
301 | $hash->{$key} =~ s/^\s*(.*?)\s*$/$1/; | |
302 | } | |
303 | ||
304 | if (($params->{'wantfile'})&&($params->{'filevar'})) { | |
305 | $hash->{$params->{'filevar'}} = $cgi->upload | |
306 | ($params->{'filevar'}); | |
307 | } | |
308 | return; | |
309 | } | |
310 | ||
311 | # ------------------------------------------------------------------- |