[people/pmueller/ipfire-2.x.git] / html / cgi-bin / chpasswd.cgi

#!/usr/bin/perl

#
# $Id: chpasswd.cgi,v 1.0 2005/01/25 00:00:00 marco Exp $
#

use CGI qw(param);

$swroot = "/var/ipfire";

my %cgiparams;
my %mainsettings;
my %proxysettings;

$proxysettings{'NCSA_MIN_PASS_LEN'} = 6;

### Initialize environment
&readhash("${swroot}/main/settings", \%mainsettings);
&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
$language = $mainsettings{'LANGUAGE'};

### Initialize language
if ($language =~ /^(\w+)$/) {$language = $1;}
 #
 # Uncomment this to force a certain language:
 # $language='en';
 #
require "${swroot}/langs/en.pl";
require "${swroot}/langs/${language}.pl";

my $userdb = "$swroot/proxy/advanced/ncsa/passwd";

&readhash("$swroot/ethernet/settings", \%netsettings);

my $success = 0;

&getcgihash(\%cgiparams);

if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
{
	if ($cgiparams{'USERNAME'} eq '')
	{
		$errormessage = $tr{'advproxy errmsg no username'};
		goto ERROR;
	}
	if (($cgiparams{'OLD_PASSWORD'} eq '') || ($cgiparams{'NEW_PASSWORD_1'} eq '') || ($cgiparams{'NEW_PASSWORD_2'} eq ''))
	{
		$errormessage = $tr{'advproxy errmsg no password'};
		goto ERROR;
	}
	if (!($cgiparams{'NEW_PASSWORD_1'} eq $cgiparams{'NEW_PASSWORD_2'}))
	{
		$errormessage = $tr{'advproxy errmsg passwords different'};
		goto ERROR;
	}
	if (length($cgiparams{'NEW_PASSWORD_1'}) < $proxysettings{'NCSA_MIN_PASS_LEN'})
	{
		$errormessage = $tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$tr{'advproxy errmsg password length 2'};
		goto ERROR;
	}
	if (! -z $userdb)
	{
		open FILE, $userdb;
		@users = <FILE>;
		close FILE;

		$username = '';
		$cryptpwd = '';

		foreach (@users)
		{
 			chomp;
			@temp = split(/:/,$_);
			if ($temp[0] =~ /^$cgiparams{'USERNAME'}$/i)
			{
				$username = $temp[0];
				$cryptpwd = $temp[1];
			}
		}
	}
	if ($username eq '')
	{
		$errormessage = $tr{'advproxy errmsg invalid user'};
		goto ERROR;
	}
	if (!(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd))
	{
		$errormessage = $tr{'advproxy errmsg password incorrect'};
		goto ERROR;
	}
	$returncode = system("/usr/bin/htpasswd -b $userdb $username $cgiparams{'NEW_PASSWORD_1'}");
	if ($returncode == 0)
	{
		$success = 1;
		undef %cgiparams;
	} else {
		$errormessage = $tr{'advproxy errmsg change fail'};
		goto ERROR;
	}
}

ERROR:

print "Pragma: no-cache\n";
print "Cache-control: no-cache\n";
print "Connection: close\n";
print "Content-type: text/html\n\n";

print <<END
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title></title>
</head>

<body bgcolor="#FFFFFF">

<center>

<form method='post' action='$ENV{'SCRIPT_NAME'}'>

<table width="80%" cellspacing="10" cellpadding="5" border="0">

<tr>
	<td bgcolor="#C0C0C0">
		<font face="verdana, arial, sans serif" color="#000000" size="2">
		<b>&nbsp;</b>
		</font>
	</td>
</tr>
<tr>
	<td bgcolor="#F4F4F4" align="center">
		<table width="100%" cellspacing="10" cellpadding="10">
		<tr>
			<td nowrap bgcolor="#0050C0" align="center">
			<font face="verdana, arial, sans serif" color="#FFFFFF" size="3">
			<b>$tr{'advproxy chgwebpwd change web password'}</b>
			</font>
			</td>
		</tr>
		<tr>
			<td align="center">
				<table width="70%" cellspacing="7" cellpadding="7">
				<tr>
					<td nowrap bgcolor="#F4F4F4" align="left">
					<font face="verdana, arial, sans serif" color="#000000" size="2">
					<b>$tr{'advproxy chgwebpwd username'}:</b>
					</font>
					</td>
					<td><input type="text" name="USERNAME" value="$cgiparams{'USERNAME'}" size="15"></td>
				</tr>
				<tr>
					<td nowrap bgcolor="#F4F4F4" align="left">
					<font face="verdana, arial, sans serif" color="#000000" size="2">
					<b>$tr{'advproxy chgwebpwd old password'}:</b>
					</font>
					</td>
					<td><input type="password" name="OLD_PASSWORD" value="$cgiparams{'OLD_PASSWORD'}" size="15"></td>
				</tr>
				<tr>
					<td nowrap bgcolor="#F4F4F4" align="left">
					<font face="verdana, arial, sans serif" color="#000000" size="2">
					<b>$tr{'advproxy chgwebpwd new password'}:</b>
					</font>
					</td>
					<td><input type="password" name="NEW_PASSWORD_1" value="$cgiparams{'NEW_PASSWORD_1'}" size="15"></td>
				</tr>
				<tr>
					<td nowrap bgcolor="#F4F4F4" align="left">
					<font face="verdana, arial, sans serif" color="#000000" size="2">
					<b>$tr{'advproxy chgwebpwd new password confirm'}:</b>
					</font>
					</td>
					<td><input type="password" name="NEW_PASSWORD_2" value="$cgiparams{'NEW_PASSWORD_2'}" size="15"></td>
				</tr>
				</table>
				<table width="100%" cellspacing="7" cellpadding="7">
				<tr>
					<td align="center"><br><input type='submit' name='SUBMIT' value="$tr{'advproxy chgwebpwd change password'}"></td>
				</tr>
				</table>
			</td>
		</tr>
END
;

if ($errormessage)
{
	print <<END
	<tr>
		<td nowrap bgcolor="#FF0000" align="center">
		<font face="verdana, arial, sans serif" color="#FFFFFF" size="2">
		<b>$tr{'advproxy chgwebpwd ERROR'}</b> $errormessage
		</font>
		</td>
	</tr>
END
;
}

if ($success)
{
	print <<END
	<tr>
		<td nowrap bgcolor="#00C000" align="center">
		<font face="verdana, arial, sans serif" color="#FFFFFF" size="2">
		<b>$tr{'advproxy chgwebpwd SUCCESS'}</b> $tr{'advproxy errmsg change success'}
		</font>
		</td>
	</tr>
END
;
}


print <<END

	</td>
</tr>
</table>

<tr>
	<td bgcolor="#C0C0C0" align="right">
		<a href="http://www.advproxy.net" target="_blank"><b>
		<font face="verdana,arial,sans serif" color="#FFFFFF" size="1">Advanced Proxy</b></a> running on</font>
		<a href="http://www.ipcop.org" target="_blank"><b>
		<font face="verdana,arial,sans serif" color="#FFFFFF" size="1">IPCop</b></a></font>
	</td>
</tr>

</table>

</form>

</center>

</body>

</html>
END
;

# -------------------------------------------------------------------

sub readhash
{
	my $filename = $_[0];
	my $hash = $_[1];
	my ($var, $val);

	if (-e $filename)
	{
		open(FILE, $filename) or die "Unable to read file $filename";
		while (<FILE>)
		{
			chop;
			($var, $val) = split /=/, $_, 2;
			if ($var)
			{
				$val =~ s/^\'//g;
				$val =~ s/\'$//g;
	
				# Untaint variables read from hash
				$var =~ /([A-Za-z0-9_-]*)/;        $var = $1;
				$val =~ /([\w\W]*)/; $val = $1;
				$hash->{$var} = $val;
			}
		}
		close FILE;
	}
}

# -------------------------------------------------------------------

sub getcgihash
{
	my ($hash, $params) = @_;
	my $cgi = CGI->new ();
	return if ($ENV{'REQUEST_METHOD'} ne 'POST');
	if (!$params->{'wantfile'}) {
		$CGI::DISABLE_UPLOADS = 1;
		$CGI::POST_MAX        = 512 * 1024;
	} else {
		$CGI::POST_MAX = 10 * 1024 * 1024;
	}

	$cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
	my $referer = $1;
	$cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
	my $servername = $1;
	return if ($referer ne $servername);

	### Modified for getting multi-vars, split by |
	%temp = $cgi->Vars();
	foreach my $key (keys %temp) {
		$hash->{$key} = $temp{$key};
		$hash->{$key} =~ s/\0/|/g;
		$hash->{$key} =~ s/^\s*(.*?)\s*$/$1/;
	}

	if (($params->{'wantfile'})&&($params->{'filevar'})) {
		$hash->{$params->{'filevar'}} = $cgi->upload
					($params->{'filevar'});
	}
	return;
}

# -------------------------------------------------------------------
Commit	Line	Data
ed38f89d MT	1	#!/usr/bin/perl
	2
	3	#
	4	# $Id: chpasswd.cgi,v 1.0 2005/01/25 00:00:00 marco Exp $
	5	#
	6
	7	use CGI qw(param);
	8
363fb6af	9	$swroot = "/var/ipfire";
ed38f89d MT	10
	11	my %cgiparams;
	12	my %mainsettings;
	13	my %proxysettings;
	14
	15	$proxysettings{'NCSA_MIN_PASS_LEN'} = 6;
	16
	17	### Initialize environment
	18	&readhash("${swroot}/main/settings", \%mainsettings);
	19	&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
	20	$language = $mainsettings{'LANGUAGE'};
	21
	22	### Initialize language
	23	if ($language =~ /^(\w+)$/) {$language = $1;}
	24	#
	25	# Uncomment this to force a certain language:
	26	# $language='en';
	27	#
	28	require "${swroot}/langs/en.pl";
	29	require "${swroot}/langs/${language}.pl";
	30
	31	my $userdb = "$swroot/proxy/advanced/ncsa/passwd";
	32
	33	&readhash("$swroot/ethernet/settings", \%netsettings);
	34
	35	my $success = 0;
	36
	37	&getcgihash(\%cgiparams);
	38
	39	if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
	40	{
	41	if ($cgiparams{'USERNAME'} eq '')
	42	{
	43	$errormessage = $tr{'advproxy errmsg no username'};
	44	goto ERROR;
	45	}
	46	if (($cgiparams{'OLD_PASSWORD'} eq '') \|\| ($cgiparams{'NEW_PASSWORD_1'} eq '') \|\| ($cgiparams{'NEW_PASSWORD_2'} eq ''))
	47	{
	48	$errormessage = $tr{'advproxy errmsg no password'};
	49	goto ERROR;
	50	}
	51	if (!($cgiparams{'NEW_PASSWORD_1'} eq $cgiparams{'NEW_PASSWORD_2'}))
	52	{
	53	$errormessage = $tr{'advproxy errmsg passwords different'};
	54	goto ERROR;
	55	}
	56	if (length($cgiparams{'NEW_PASSWORD_1'}) < $proxysettings{'NCSA_MIN_PASS_LEN'})
	57	{
	58	$errormessage = $tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$tr{'advproxy errmsg password length 2'};
	59	goto ERROR;
	60	}
	61	if (! -z $userdb)
	62	{
	63	open FILE, $userdb;
	64	@users = <FILE>;
	65	close FILE;
	66
	67	$username = '';
	68	$cryptpwd = '';
	69
	70	foreach (@users)
	71	{
	72	chomp;
	73	@temp = split(/:/,$_);
74	if ($temp[0] =~ /^$cgiparams{'USERNAME'}$/i)
75	{
76	$username = $temp[0];
77	$cryptpwd = $temp[1];
78	}
79	}
80	}
81	if ($username eq '')
82	{
83	$errormessage = $tr{'advproxy errmsg invalid user'};
84	goto ERROR;
85	}
86	if (!(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd))
87	{
88	$errormessage = $tr{'advproxy errmsg password incorrect'};
89	goto ERROR;
90	}
91	$returncode = system("/usr/bin/htpasswd -b $userdb $username $cgiparams{'NEW_PASSWORD_1'}");
92	if ($returncode == 0)
93	{
94	$success = 1;
95	undef %cgiparams;
96	} else {
97	$errormessage = $tr{'advproxy errmsg change fail'};
98	goto ERROR;
99	}
100	}
101
102	ERROR:
103
104	print "Pragma: no-cache\n";
105	print "Cache-control: no-cache\n";
106	print "Connection: close\n";
107	print "Content-type: text/html\n\n";
108
109	print <<END
110	<html>
111	<head>
112	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
113	<title></title>
114	</head>
115
116	<body bgcolor="#FFFFFF">
117
118	<center>
119
120	<form method='post' action='$ENV{'SCRIPT_NAME'}'>
121
122	<table width="80%" cellspacing="10" cellpadding="5" border="0">
123
124	<tr>
125	<td bgcolor="#C0C0C0">
126	<font face="verdana, arial, sans serif" color="#000000" size="2">
127	<b> </b>
128	</font>
129	</td>
130	</tr>
131	<tr>
132	<td bgcolor="#F4F4F4" align="center">
133	<table width="100%" cellspacing="10" cellpadding="10">
134	<tr>
135	<td nowrap bgcolor="#0050C0" align="center">
136	<font face="verdana, arial, sans serif" color="#FFFFFF" size="3">
137	<b>$tr{'advproxy chgwebpwd change web password'}</b>
138	</font>
139	</td>
140	</tr>
141	<tr>
142	<td align="center">
143	<table width="70%" cellspacing="7" cellpadding="7">
144	<tr>
145	<td nowrap bgcolor="#F4F4F4" align="left">
146	<font face="verdana, arial, sans serif" color="#000000" size="2">
147	<b>$tr{'advproxy chgwebpwd username'}:</b>
148	</font>
149	</td>
150	<td><input type="text" name="USERNAME" value="$cgiparams{'USERNAME'}" size="15"></td>
151	</tr>
152	<tr>
153	<td nowrap bgcolor="#F4F4F4" align="left">
154	<font face="verdana, arial, sans serif" color="#000000" size="2">
155	<b>$tr{'advproxy chgwebpwd old password'}:</b>
156	</font>
157	</td>
158	<td><input type="password" name="OLD_PASSWORD" value="$cgiparams{'OLD_PASSWORD'}" size="15"></td>
159	</tr>
160	<tr>
161	<td nowrap bgcolor="#F4F4F4" align="left">
162	<font face="verdana, arial, sans serif" color="#000000" size="2">
163	<b>$tr{'advproxy chgwebpwd new password'}:</b>
164	</font>
165	</td>
166	<td><input type="password" name="NEW_PASSWORD_1" value="$cgiparams{'NEW_PASSWORD_1'}" size="15"></td>
167	</tr>
168	<tr>
169	<td nowrap bgcolor="#F4F4F4" align="left">
170	<font face="verdana, arial, sans serif" color="#000000" size="2">
171	<b>$tr{'advproxy chgwebpwd new password confirm'}:</b>
172	</font>
173	</td>
174	<td><input type="password" name="NEW_PASSWORD_2" value="$cgiparams{'NEW_PASSWORD_2'}" size="15"></td>
175	</tr>
176	</table>
177	<table width="100%" cellspacing="7" cellpadding="7">
178	<tr>
179	<td align="center"><br><input type='submit' name='SUBMIT' value="$tr{'advproxy chgwebpwd change password'}"></td>
180	</tr>
181	</table>
182	</td>
183	</tr>
184	END
185	;
186
187	if ($errormessage)
188	{
189	print <<END
190	<tr>
191	<td nowrap bgcolor="#FF0000" align="center">
192	<font face="verdana, arial, sans serif" color="#FFFFFF" size="2">
193	<b>$tr{'advproxy chgwebpwd ERROR'}</b> $errormessage
194	</font>
195	</td>
196	</tr>
197	END
198	;
199	}
200
201	if ($success)
202	{
203	print <<END
204	<tr>
205	<td nowrap bgcolor="#00C000" align="center">
206	<font face="verdana, arial, sans serif" color="#FFFFFF" size="2">
207	<b>$tr{'advproxy chgwebpwd SUCCESS'}</b> $tr{'advproxy errmsg change success'}
208	</font>
209	</td>
210	</tr>
211	END
212	;
213	}
214
215
216	print <<END
217
218	</td>
219	</tr>
220	</table>
221
222	<tr>
223	<td bgcolor="#C0C0C0" align="right">
224	<a href="http://www.advproxy.net" target="_blank"><b>
225	<font face="verdana,arial,sans serif" color="#FFFFFF" size="1">Advanced Proxy</b></a> running on</font>
226	<a href="http://www.ipcop.org" target="_blank"><b>
227	<font face="verdana,arial,sans serif" color="#FFFFFF" size="1">IPCop</b></a></font>
228	</td>
229	</tr>
230
231	</table>
232
233	</form>
234
235	</center>
236
237	</body>
238
239	</html>
240	END
241	;
242
243	# -------------------------------------------------------------------
244
245	sub readhash
246	{
247	my $filename = $_[0];
248	my $hash = $_[1];
249	my ($var, $val);
250
251	if (-e $filename)
252	{
253	open(FILE, $filename) or die "Unable to read file $filename";
254	while (<FILE>)
255	{
256	chop;
257	($var, $val) = split /=/, $_, 2;
258	if ($var)
259	{
260	$val =~ s/^\'//g;
261	$val =~ s/\'$//g;
262
263	# Untaint variables read from hash
264	$var =~ /([A-Za-z0-9_-]*)/; $var = $1;
265	$val =~ /([\w\W]*)/; $val = $1;
266	$hash->{$var} = $val;
267	}
268	}
269	close FILE;
270	}
271	}
272
273	# -------------------------------------------------------------------
274
275	sub getcgihash
276	{
277	my ($hash, $params) = @_;
278	my $cgi = CGI->new ();
279	return if ($ENV{'REQUEST_METHOD'} ne 'POST');
280	if (!$params->{'wantfile'}) {
281	$CGI::DISABLE_UPLOADS = 1;
282	$CGI::POST_MAX = 512 * 1024;
283	} else {
284	$CGI::POST_MAX = 10 * 1024 * 1024;
285	}
286
287	$cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
288	my $referer = $1;
289	$cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
290	my $servername = $1;
291	return if ($referer ne $servername);
292
293	### Modified for getting multi-vars, split by \|
294	%temp = $cgi->Vars();
295	foreach my $key (keys %temp) {
296	$hash->{$key} = $temp{$key};
297	$hash->{$key} =~ s/\0/\|/g;
298	$hash->{$key} =~ s/^\s(.?)\s*$/$1/;
299	}
300
301	if (($params->{'wantfile'})&&($params->{'filevar'})) {
302	$hash->{$params->{'filevar'}} = $cgi->upload
303	($params->{'filevar'});
304	}
305	return;
306	}
307
308	# -------------------------------------------------------------------