#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see . #
# #
###############################################################################
use CGI qw(param);
use Crypt::PasswdMD5;
$swroot = "/var/ipfire";
my %cgiparams;
my %mainsettings;
my %proxysettings;
$proxysettings{'NCSA_MIN_PASS_LEN'} = 6;
### Initialize environment
&readhash("${swroot}/main/settings", \%mainsettings);
&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
$language = $mainsettings{'LANGUAGE'};
### Initialize language
if ($language =~ /^(\w+)$/) {$language = $1;}
#
# Uncomment this to force a certain language:
# $language='en';
#
require "${swroot}/langs/en.pl";
require "${swroot}/langs/${language}.pl";
my $userdb = "$swroot/proxy/advanced/ncsa/passwd";
&readhash("$swroot/ethernet/settings", \%netsettings);
my $success = 0;
&getcgihash(\%cgiparams);
if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
{
if ($cgiparams{'USERNAME'} eq '')
{
$errormessage = $tr{'advproxy errmsg no username'};
goto ERROR;
}
if (($cgiparams{'OLD_PASSWORD'} eq '') || ($cgiparams{'NEW_PASSWORD_1'} eq '') || ($cgiparams{'NEW_PASSWORD_2'} eq ''))
{
$errormessage = $tr{'advproxy errmsg no password'};
goto ERROR;
}
if (!($cgiparams{'NEW_PASSWORD_1'} eq $cgiparams{'NEW_PASSWORD_2'}))
{
$errormessage = $tr{'advproxy errmsg passwords different'};
goto ERROR;
}
if (length($cgiparams{'NEW_PASSWORD_1'}) < $proxysettings{'NCSA_MIN_PASS_LEN'})
{
$errormessage = $tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$tr{'advproxy errmsg password length 2'};
goto ERROR;
}
if (! -z $userdb)
{
open FILE, $userdb;
@users = ;
close FILE;
$username = '';
$cryptpwd = '';
foreach (@users)
{
chomp;
@temp = split(/:/,$_);
if ($temp[0] =~ /^$cgiparams{'USERNAME'}$/i)
{
$username = $temp[0];
$cryptpwd = $temp[1];
}
}
}
if ($username eq '')
{
$errormessage = $tr{'advproxy errmsg invalid user'};
goto ERROR;
}
if (
!(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd) &&
!(apache_md5_crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd)
)
{
$errormessage = $tr{'advproxy errmsg password incorrect'};
goto ERROR;
}
$returncode = system("/usr/sbin/htpasswd -b $userdb $username $cgiparams{'NEW_PASSWORD_1'}");
if ($returncode == 0)
{
$success = 1;
undef %cgiparams;
} else {
$errormessage = $tr{'advproxy errmsg change fail'};
goto ERROR;
}
}
ERROR:
print "Pragma: no-cache\n";
print "Cache-control: no-cache\n";
print "Connection: close\n";
print "Content-type: text/html\n\n";
print <