[ipfire-2.x.git] / html / cgi-bin / chpasswd.cgi

#!/usr/bin/perl
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

use CGI qw(param);
use Apache::Htpasswd;
use Crypt::PasswdMD5;

$swroot = "/var/ipfire";

my %cgiparams;
my %mainsettings;
my %proxysettings;

$proxysettings{'NCSA_MIN_PASS_LEN'} = 6;

### Initialize environment
&readhash("${swroot}/main/settings", \%mainsettings);
&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
$language = $mainsettings{'LANGUAGE'};

### Initialize language
if ($language =~ /^(\w+)$/) {$language = $1;}
 #
 # Uncomment this to force a certain language:
 # $language='en';
 #
require "${swroot}/langs/en.pl";
require "${swroot}/langs/${language}.pl";

my $userdb = "$swroot/proxy/advanced/ncsa/passwd";

&readhash("$swroot/ethernet/settings", \%netsettings);

my $success = 0;

&getcgihash(\%cgiparams);

if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
{
	if ($cgiparams{'USERNAME'} eq '')
	{
		$errormessage = $tr{'advproxy errmsg no username'};
		goto ERROR;
	}
	if (($cgiparams{'OLD_PASSWORD'} eq '') || ($cgiparams{'NEW_PASSWORD_1'} eq '') || ($cgiparams{'NEW_PASSWORD_2'} eq ''))
	{
		$errormessage = $tr{'advproxy errmsg no password'};
		goto ERROR;
	}
	if (!($cgiparams{'NEW_PASSWORD_1'} eq $cgiparams{'NEW_PASSWORD_2'}))
	{
		$errormessage = $tr{'advproxy errmsg passwords different'};
		goto ERROR;
	}
	if (length($cgiparams{'NEW_PASSWORD_1'}) < $proxysettings{'NCSA_MIN_PASS_LEN'})
	{
		$errormessage = $tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$tr{'advproxy errmsg password length 2'};
		goto ERROR;
	}

	my $htpasswd = new Apache::Htpasswd("$userdb");

	# Check if a user with this name exists
	my $old_password = $htpasswd->fetchPass($cgiparams{'USERNAME'});
	if (!$old_password) {
		$errormessage = $tr{'advproxy errmsg invalid user'};
		goto ERROR;
	}

	# Reset password
	if (!$htpasswd->htpasswd($cgiparams{'USERNAME'}, $cgiparams{'NEW_PASSWORD_1'},
			$cgiparams{'OLD_PASSWORD'})) {
		$errormessage = $tr{'advproxy errmsg password incorrect'};
		goto ERROR;
	}

	$success = 1;
	undef %cgiparams;
}

ERROR:

print "Pragma: no-cache\n";
print "Cache-control: no-cache\n";
print "Connection: close\n";
print "Content-type: text/html\n\n";

print <<END
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title></title>
</head>

<body bgcolor="#FFFFFF">

<center>

<form method='post' action='$ENV{'SCRIPT_NAME'}'>

<table width="80%" cellspacing="10" cellpadding="5">

<tr>
	<td bgcolor="#FFFFFF" align="center">
		<table width="100%" cellspacing="10" cellpadding="10" bordercolor="#9A9A9A" border="1">
		<tr>
			<td nowrap bgcolor="#993333" align="center" >
			<font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="4">
			<b>$tr{'advproxy chgwebpwd change web password'}</b>
			</font>
			</td>
		</tr>
		<tr>
			<td align="center">
				<table width="50%" cellspacing="7" cellpadding="7">
				<tr>
					<td nowrap bgcolor="#FFFFFF" align="left">
					<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
					<b>$tr{'advproxy chgwebpwd username'}:</b>
					</font>
					</td>
					<td ><input type="text" name="USERNAME" value="$cgiparams{'USERNAME'}" size="30"></td>
				</tr>
				<tr>
					<td nowrap bgcolor="#FFFFFF" align="left">
					<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
					<b>$tr{'advproxy chgwebpwd old password'}:</b>
					</font>
					</td>
					<td><input type="password" name="OLD_PASSWORD" value="$cgiparams{'OLD_PASSWORD'}" size="30"></td>
				</tr>
				<tr>
					<td nowrap bgcolor="#FFFFFF" align="left">
					<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
					<b>$tr{'advproxy chgwebpwd new password'}:</b>
					</font>
					</td>
					<td><input type="password" name="NEW_PASSWORD_1" value="$cgiparams{'NEW_PASSWORD_1'}" size="30"></td>
				</tr>
				<tr>
					<td nowrap bgcolor="#FFFFFF" align="left">
					<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
					<b>$tr{'advproxy chgwebpwd new password confirm'}:</b>
					</font>
					</td>
					<td><input type="password" name="NEW_PASSWORD_2" value="$cgiparams{'NEW_PASSWORD_2'}" size="30"></td>
				</tr>
				</table>
				<table width="100%" cellspacing="7" cellpadding="7">
				<tr>
					<td align="center"><br><input type='submit' name='SUBMIT' value="$tr{'advproxy chgwebpwd change password'}"></td>
				</tr>
				</table>
			</td>
		</tr>
END
;

if ($errormessage)
{
	print <<END
	<tr>
		<td nowrap bgcolor="#FF0000" align="center">
		<font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="2">
		<b>$tr{'advproxy chgwebpwd ERROR'}</b> $errormessage
		</font>
		</td>
	</tr>
END
;
}

if ($success)
{
	print <<END
	<tr>
		<td nowrap bgcolor="#00C000" align="center">
		<font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="2">
		<b>$tr{'advproxy chgwebpwd SUCCESS'}</b> $tr{'advproxy errmsg change success'}
		</font>
		</td>
	</tr>
END
;
}


print <<END

	</td>
</tr>
</table>

</table>

</form>

</center>

</body>

</html>
END
;

# -------------------------------------------------------------------

sub readhash
{
	my $filename = $_[0];
	my $hash = $_[1];
	my ($var, $val);

	if (-e $filename)
	{
		open(FILE, $filename) or die "Unable to read file $filename";
		while (<FILE>)
		{
			chop;
			($var, $val) = split /=/, $_, 2;
			if ($var)
			{
				$val =~ s/^\'//g;
				$val =~ s/\'$//g;
	
				# Untaint variables read from hash
				$var =~ /([A-Za-z0-9_-]*)/;        $var = $1;
				$val =~ /([\w\W]*)/; $val = $1;
				$hash->{$var} = $val;
			}
		}
		close FILE;
	}
}

# -------------------------------------------------------------------

sub getcgihash
{
	my ($hash, $params) = @_;
	my $cgi = CGI->new ();
	return if ($ENV{'REQUEST_METHOD'} ne 'POST');
	if (!$params->{'wantfile'}) {
		$CGI::DISABLE_UPLOADS = 1;
		$CGI::POST_MAX        = 512 * 1024;
	} else {
		$CGI::POST_MAX = 10 * 1024 * 1024;
	}

	$cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
	my $referer = $1;
	$cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
	my $servername = $1;
	return if ($referer ne $servername);

	### Modified for getting multi-vars, split by |
	%temp = $cgi->Vars();
	foreach my $key (keys %temp) {
		$hash->{$key} = $temp{$key};
		$hash->{$key} =~ s/\0/|/g;
		$hash->{$key} =~ s/^\s*(.*?)\s*$/$1/;
	}

	if (($params->{'wantfile'})&&($params->{'filevar'})) {
		$hash->{$params->{'filevar'}} = $cgi->upload
					($params->{'filevar'});
	}
	return;
}

# -------------------------------------------------------------------
Commit	Line	Data
ed38f89d	1	#!/usr/bin/perl
70df8302 MT	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
ed38f89d MT	21
ed38f89d MT	22	use CGI qw(param);
0aff7b81	23	use Apache::Htpasswd;
18e74048	24	use Crypt::PasswdMD5;
ed38f89d	25
363fb6af	26	$swroot = "/var/ipfire";
ed38f89d MT	27
	28	my %cgiparams;
	29	my %mainsettings;
	30	my %proxysettings;
	31
	32	$proxysettings{'NCSA_MIN_PASS_LEN'} = 6;
	33
	34	### Initialize environment
	35	&readhash("${swroot}/main/settings", \%mainsettings);
	36	&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
	37	$language = $mainsettings{'LANGUAGE'};
	38
	39	### Initialize language
	40	if ($language =~ /^(\w+)$/) {$language = $1;}
	41	#
	42	# Uncomment this to force a certain language:
	43	# $language='en';
	44	#
	45	require "${swroot}/langs/en.pl";
	46	require "${swroot}/langs/${language}.pl";
	47
	48	my $userdb = "$swroot/proxy/advanced/ncsa/passwd";
	49
	50	&readhash("$swroot/ethernet/settings", \%netsettings);
	51
	52	my $success = 0;
	53
	54	&getcgihash(\%cgiparams);
	55
	56	if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
	57	{
	58	if ($cgiparams{'USERNAME'} eq '')
	59	{
	60	$errormessage = $tr{'advproxy errmsg no username'};
	61	goto ERROR;
	62	}
	63	if (($cgiparams{'OLD_PASSWORD'} eq '') \|\| ($cgiparams{'NEW_PASSWORD_1'} eq '') \|\| ($cgiparams{'NEW_PASSWORD_2'} eq ''))
	64	{
	65	$errormessage = $tr{'advproxy errmsg no password'};
	66	goto ERROR;
	67	}
	68	if (!($cgiparams{'NEW_PASSWORD_1'} eq $cgiparams{'NEW_PASSWORD_2'}))
	69	{
	70	$errormessage = $tr{'advproxy errmsg passwords different'};
	71	goto ERROR;
	72	}
	73	if (length($cgiparams{'NEW_PASSWORD_1'}) < $proxysettings{'NCSA_MIN_PASS_LEN'})
	74	{
	75	$errormessage = $tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$tr{'advproxy errmsg password length 2'};
	76	goto ERROR;
	77	}
0aff7b81 MT	78
	79	my $htpasswd = new Apache::Htpasswd("$userdb");
	80
	81	# Check if a user with this name exists
	82	my $old_password = $htpasswd->fetchPass($cgiparams{'USERNAME'});
	83	if (!$old_password) {
ed38f89d MT	84	$errormessage = $tr{'advproxy errmsg invalid user'};
	85	goto ERROR;
	86	}
0aff7b81 MT	87
	88	# Reset password
	89	if (!$htpasswd->htpasswd($cgiparams{'USERNAME'}, $cgiparams{'NEW_PASSWORD_1'},
	90	$cgiparams{'OLD_PASSWORD'})) {
ed38f89d MT	91	$errormessage = $tr{'advproxy errmsg password incorrect'};
	92	goto ERROR;
	93	}
0aff7b81 MT	94
	95	$success = 1;
	96	undef %cgiparams;
ed38f89d MT	97	}
	98
	99	ERROR:
	100
	101	print "Pragma: no-cache\n";
	102	print "Cache-control: no-cache\n";
	103	print "Connection: close\n";
	104	print "Content-type: text/html\n\n";
	105
	106	print <<END
	107	<html>
	108	<head>
	109	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
	110	<title></title>
	111	</head>
	112
	113	<body bgcolor="#FFFFFF">
	114
	115	<center>
	116
	117	<form method='post' action='$ENV{'SCRIPT_NAME'}'>
	118
5be3900c	119	<table width="80%" cellspacing="10" cellpadding="5">
ed38f89d MT	120
ed38f89d MT	121	<tr>
5be3900c JPT	122	<td bgcolor="#FFFFFF" align="center">
5be3900c JPT	123	<table width="100%" cellspacing="10" cellpadding="10" bordercolor="#9A9A9A" border="1">
ed38f89d	124	<tr>
5be3900c JPT	125	<td nowrap bgcolor="#993333" align="center" >
5be3900c JPT	126	<font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="4">
ed38f89d MT	127	<b>$tr{'advproxy chgwebpwd change web password'}</b>
	128	</font>
	129	</td>
	130	</tr>
	131	<tr>
	132	<td align="center">
5be3900c	133	<table width="50%" cellspacing="7" cellpadding="7">
ed38f89d	134	<tr>
5be3900c JPT	135	<td nowrap bgcolor="#FFFFFF" align="left">
5be3900c JPT	136	<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
ed38f89d MT	137	<b>$tr{'advproxy chgwebpwd username'}:</b>
	138	</font>
	139	</td>
5be3900c	140	<td ><input type="text" name="USERNAME" value="$cgiparams{'USERNAME'}" size="30"></td>
ed38f89d MT	141	</tr>
ed38f89d MT	142	<tr>
5be3900c JPT	143	<td nowrap bgcolor="#FFFFFF" align="left">
5be3900c JPT	144	<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
ed38f89d MT	145	<b>$tr{'advproxy chgwebpwd old password'}:</b>
	146	</font>
	147	</td>
5be3900c	148	<td><input type="password" name="OLD_PASSWORD" value="$cgiparams{'OLD_PASSWORD'}" size="30"></td>
ed38f89d MT	149	</tr>
ed38f89d MT	150	<tr>
5be3900c JPT	151	<td nowrap bgcolor="#FFFFFF" align="left">
5be3900c JPT	152	<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
ed38f89d MT	153	<b>$tr{'advproxy chgwebpwd new password'}:</b>
	154	</font>
	155	</td>
5be3900c	156	<td><input type="password" name="NEW_PASSWORD_1" value="$cgiparams{'NEW_PASSWORD_1'}" size="30"></td>
ed38f89d MT	157	</tr>
ed38f89d MT	158	<tr>
5be3900c JPT	159	<td nowrap bgcolor="#FFFFFF" align="left">
5be3900c JPT	160	<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
ed38f89d MT	161	<b>$tr{'advproxy chgwebpwd new password confirm'}:</b>
	162	</font>
	163	</td>
5be3900c	164	<td><input type="password" name="NEW_PASSWORD_2" value="$cgiparams{'NEW_PASSWORD_2'}" size="30"></td>
ed38f89d MT	165	</tr>
	166	</table>
	167	<table width="100%" cellspacing="7" cellpadding="7">
	168	<tr>
	169	<td align="center"><br><input type='submit' name='SUBMIT' value="$tr{'advproxy chgwebpwd change password'}"></td>
	170	</tr>
	171	</table>
	172	</td>
	173	</tr>
	174	END
	175	;
	176
	177	if ($errormessage)
	178	{
	179	print <<END
	180	<tr>
	181	<td nowrap bgcolor="#FF0000" align="center">
5be3900c	182	<font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="2">
ed38f89d MT	183	<b>$tr{'advproxy chgwebpwd ERROR'}</b> $errormessage
	184	</font>
	185	</td>
	186	</tr>
	187	END
	188	;
	189	}
	190
	191	if ($success)
	192	{
	193	print <<END
	194	<tr>
	195	<td nowrap bgcolor="#00C000" align="center">
5be3900c	196	<font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="2">
ed38f89d MT	197	<b>$tr{'advproxy chgwebpwd SUCCESS'}</b> $tr{'advproxy errmsg change success'}
	198	</font>
	199	</td>
	200	</tr>
	201	END
	202	;
	203	}
	204
	205
	206	print <<END
	207
	208	</td>
	209	</tr>
	210	</table>
	211
ed38f89d MT	212	</table>
	213
	214	</form>
	215
	216	</center>
	217
	218	</body>
	219
	220	</html>
	221	END
	222	;
	223
	224	# -------------------------------------------------------------------
	225
	226	sub readhash
	227	{
	228	my $filename = $_[0];
	229	my $hash = $_[1];
	230	my ($var, $val);
	231
	232	if (-e $filename)
	233	{
	234	open(FILE, $filename) or die "Unable to read file $filename";
	235	while (<FILE>)
	236	{
	237	chop;
	238	($var, $val) = split /=/, $_, 2;
	239	if ($var)
	240	{
	241	$val =~ s/^\'//g;
	242	$val =~ s/\'$//g;
	243
	244	# Untaint variables read from hash
	245	$var =~ /([A-Za-z0-9_-]*)/; $var = $1;
	246	$val =~ /([\w\W]*)/; $val = $1;
	247	$hash->{$var} = $val;
	248	}
	249	}
	250	close FILE;
	251	}
	252	}
	253
	254	# -------------------------------------------------------------------
	255
	256	sub getcgihash
	257	{
	258	my ($hash, $params) = @_;
	259	my $cgi = CGI->new ();
	260	return if ($ENV{'REQUEST_METHOD'} ne 'POST');
	261	if (!$params->{'wantfile'}) {
	262	$CGI::DISABLE_UPLOADS = 1;
	263	$CGI::POST_MAX = 512 * 1024;
	264	} else {
	265	$CGI::POST_MAX = 10 * 1024 * 1024;
	266	}
	267
	268	$cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
	269	my $referer = $1;
	270	$cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
	271	my $servername = $1;
	272	return if ($referer ne $servername);
	273
	274	### Modified for getting multi-vars, split by \|
	275	%temp = $cgi->Vars();
276	foreach my $key (keys %temp) {
277	$hash->{$key} = $temp{$key};
278	$hash->{$key} =~ s/\0/\|/g;
279	$hash->{$key} =~ s/^\s(.?)\s*$/$1/;
280	}
281
282	if (($params->{'wantfile'})&&($params->{'filevar'})) {
283	$hash->{$params->{'filevar'}} = $cgi->upload
284	($params->{'filevar'});
285	}
286	return;
287	}
288
289	# -------------------------------------------------------------------