[people/teissler/ipfire-2.x.git] / html / cgi-bin / chpasswd.cgi

#!/usr/bin/perl
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

use CGI qw(param);
use Crypt::PasswdMD5;

$swroot = "/var/ipfire";

my %cgiparams;
my %mainsettings;
my %proxysettings;

$proxysettings{'NCSA_MIN_PASS_LEN'} = 6;

### Initialize environment
&readhash("${swroot}/main/settings", \%mainsettings);
&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
$language = $mainsettings{'LANGUAGE'};

### Initialize language
if ($language =~ /^(\w+)$/) {$language = $1;}
 #
 # Uncomment this to force a certain language:
 # $language='en';
 #
require "${swroot}/langs/en.pl";
require "${swroot}/langs/${language}.pl";

my $userdb = "$swroot/proxy/advanced/ncsa/passwd";

&readhash("$swroot/ethernet/settings", \%netsettings);

my $success = 0;

&getcgihash(\%cgiparams);

if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
{
	if ($cgiparams{'USERNAME'} eq '')
	{
		$errormessage = $tr{'advproxy errmsg no username'};
		goto ERROR;
	}
	if (($cgiparams{'OLD_PASSWORD'} eq '') || ($cgiparams{'NEW_PASSWORD_1'} eq '') || ($cgiparams{'NEW_PASSWORD_2'} eq ''))
	{
		$errormessage = $tr{'advproxy errmsg no password'};
		goto ERROR;
	}
	if (!($cgiparams{'NEW_PASSWORD_1'} eq $cgiparams{'NEW_PASSWORD_2'}))
	{
		$errormessage = $tr{'advproxy errmsg passwords different'};
		goto ERROR;
	}
	if (length($cgiparams{'NEW_PASSWORD_1'}) < $proxysettings{'NCSA_MIN_PASS_LEN'})
	{
		$errormessage = $tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$tr{'advproxy errmsg password length 2'};
		goto ERROR;
	}
	if (! -z $userdb)
	{
		open FILE, $userdb;
		@users = <FILE>;
		close FILE;

		$username = '';
		$cryptpwd = '';

		foreach (@users)
		{
 			chomp;
			@temp = split(/:/,$_);
			if ($temp[0] =~ /^$cgiparams{'USERNAME'}$/i)
			{
				$username = $temp[0];
				$cryptpwd = $temp[1];
			}
		}
	}
	if ($username eq '')
	{
		$errormessage = $tr{'advproxy errmsg invalid user'};
		goto ERROR;
	}
	if (
	    !(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd) &&
	    !(apache_md5_crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd)
	   )
	{
		$errormessage = $tr{'advproxy errmsg password incorrect'};
		goto ERROR;
	}
	$returncode = system("/usr/sbin/htpasswd -b $userdb $username $cgiparams{'NEW_PASSWORD_1'}");
	if ($returncode == 0)
	{
		$success = 1;
		undef %cgiparams;
	} else {
		$errormessage = $tr{'advproxy errmsg change fail'};
		goto ERROR;
	}
}

ERROR:

print "Pragma: no-cache\n";
print "Cache-control: no-cache\n";
print "Connection: close\n";
print "Content-type: text/html\n\n";

print <<END
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title></title>
</head>

<body bgcolor="#FFFFFF">

<center>

<form method='post' action='$ENV{'SCRIPT_NAME'}'>

<table width="80%" cellspacing="10" cellpadding="5">

<tr>
	<td bgcolor="#FFFFFF" align="center">
		<table width="100%" cellspacing="10" cellpadding="10" bordercolor="#9A9A9A" border="1">
		<tr>
			<td nowrap bgcolor="#993333" align="center" >
			<font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="4">
			<b>$tr{'advproxy chgwebpwd change web password'}</b>
			</font>
			</td>
		</tr>
		<tr>
			<td align="center">
				<table width="50%" cellspacing="7" cellpadding="7">
				<tr>
					<td nowrap bgcolor="#FFFFFF" align="left">
					<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
					<b>$tr{'advproxy chgwebpwd username'}:</b>
					</font>
					</td>
					<td ><input type="text" name="USERNAME" value="$cgiparams{'USERNAME'}" size="30"></td>
				</tr>
				<tr>
					<td nowrap bgcolor="#FFFFFF" align="left">
					<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
					<b>$tr{'advproxy chgwebpwd old password'}:</b>
					</font>
					</td>
					<td><input type="password" name="OLD_PASSWORD" value="$cgiparams{'OLD_PASSWORD'}" size="30"></td>
				</tr>
				<tr>
					<td nowrap bgcolor="#FFFFFF" align="left">
					<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
					<b>$tr{'advproxy chgwebpwd new password'}:</b>
					</font>
					</td>
					<td><input type="password" name="NEW_PASSWORD_1" value="$cgiparams{'NEW_PASSWORD_1'}" size="30"></td>
				</tr>
				<tr>
					<td nowrap bgcolor="#FFFFFF" align="left">
					<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
					<b>$tr{'advproxy chgwebpwd new password confirm'}:</b>
					</font>
					</td>
					<td><input type="password" name="NEW_PASSWORD_2" value="$cgiparams{'NEW_PASSWORD_2'}" size="30"></td>
				</tr>
				</table>
				<table width="100%" cellspacing="7" cellpadding="7">
				<tr>
					<td align="center"><br><input type='submit' name='SUBMIT' value="$tr{'advproxy chgwebpwd change password'}"></td>
				</tr>
				</table>
			</td>
		</tr>
END
;

if ($errormessage)
{
	print <<END
	<tr>
		<td nowrap bgcolor="#FF0000" align="center">
		<font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="2">
		<b>$tr{'advproxy chgwebpwd ERROR'}</b> $errormessage
		</font>
		</td>
	</tr>
END
;
}

if ($success)
{
	print <<END
	<tr>
		<td nowrap bgcolor="#00C000" align="center">
		<font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="2">
		<b>$tr{'advproxy chgwebpwd SUCCESS'}</b> $tr{'advproxy errmsg change success'}
		</font>
		</td>
	</tr>
END
;
}


print <<END

	</td>
</tr>
</table>

</table>

</form>

</center>

</body>

</html>
END
;

# -------------------------------------------------------------------

sub readhash
{
	my $filename = $_[0];
	my $hash = $_[1];
	my ($var, $val);

	if (-e $filename)
	{
		open(FILE, $filename) or die "Unable to read file $filename";
		while (<FILE>)
		{
			chop;
			($var, $val) = split /=/, $_, 2;
			if ($var)
			{
				$val =~ s/^\'//g;
				$val =~ s/\'$//g;
	
				# Untaint variables read from hash
				$var =~ /([A-Za-z0-9_-]*)/;        $var = $1;
				$val =~ /([\w\W]*)/; $val = $1;
				$hash->{$var} = $val;
			}
		}
		close FILE;
	}
}

# -------------------------------------------------------------------

sub getcgihash
{
	my ($hash, $params) = @_;
	my $cgi = CGI->new ();
	return if ($ENV{'REQUEST_METHOD'} ne 'POST');
	if (!$params->{'wantfile'}) {
		$CGI::DISABLE_UPLOADS = 1;
		$CGI::POST_MAX        = 512 * 1024;
	} else {
		$CGI::POST_MAX = 10 * 1024 * 1024;
	}

	$cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
	my $referer = $1;
	$cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
	my $servername = $1;
	return if ($referer ne $servername);

	### Modified for getting multi-vars, split by |
	%temp = $cgi->Vars();
	foreach my $key (keys %temp) {
		$hash->{$key} = $temp{$key};
		$hash->{$key} =~ s/\0/|/g;
		$hash->{$key} =~ s/^\s*(.*?)\s*$/$1/;
	}

	if (($params->{'wantfile'})&&($params->{'filevar'})) {
		$hash->{$params->{'filevar'}} = $cgi->upload
					($params->{'filevar'});
	}
	return;
}

# -------------------------------------------------------------------
Commit	Line	Data
ed38f89d	1	#!/usr/bin/perl
70df8302 MT	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
ed38f89d MT	21
ed38f89d MT	22	use CGI qw(param);
18e74048	23	use Crypt::PasswdMD5;
ed38f89d	24
363fb6af	25	$swroot = "/var/ipfire";
ed38f89d MT	26
	27	my %cgiparams;
	28	my %mainsettings;
	29	my %proxysettings;
	30
	31	$proxysettings{'NCSA_MIN_PASS_LEN'} = 6;
	32
	33	### Initialize environment
	34	&readhash("${swroot}/main/settings", \%mainsettings);
	35	&readhash("${swroot}/proxy/advanced/settings", \%proxysettings);
	36	$language = $mainsettings{'LANGUAGE'};
	37
	38	### Initialize language
	39	if ($language =~ /^(\w+)$/) {$language = $1;}
	40	#
	41	# Uncomment this to force a certain language:
	42	# $language='en';
	43	#
	44	require "${swroot}/langs/en.pl";
	45	require "${swroot}/langs/${language}.pl";
	46
	47	my $userdb = "$swroot/proxy/advanced/ncsa/passwd";
	48
	49	&readhash("$swroot/ethernet/settings", \%netsettings);
	50
	51	my $success = 0;
	52
	53	&getcgihash(\%cgiparams);
	54
	55	if ($cgiparams{'SUBMIT'} eq $tr{'advproxy chgwebpwd change password'})
	56	{
	57	if ($cgiparams{'USERNAME'} eq '')
	58	{
	59	$errormessage = $tr{'advproxy errmsg no username'};
	60	goto ERROR;
	61	}
	62	if (($cgiparams{'OLD_PASSWORD'} eq '') \|\| ($cgiparams{'NEW_PASSWORD_1'} eq '') \|\| ($cgiparams{'NEW_PASSWORD_2'} eq ''))
	63	{
	64	$errormessage = $tr{'advproxy errmsg no password'};
	65	goto ERROR;
	66	}
	67	if (!($cgiparams{'NEW_PASSWORD_1'} eq $cgiparams{'NEW_PASSWORD_2'}))
	68	{
	69	$errormessage = $tr{'advproxy errmsg passwords different'};
	70	goto ERROR;
	71	}
	72	if (length($cgiparams{'NEW_PASSWORD_1'}) < $proxysettings{'NCSA_MIN_PASS_LEN'})
	73	{
	74	$errormessage = $tr{'advproxy errmsg password length 1'}.$proxysettings{'NCSA_MIN_PASS_LEN'}.$tr{'advproxy errmsg password length 2'};
	75	goto ERROR;
	76	}
	77	if (! -z $userdb)
	78	{
	79	open FILE, $userdb;
	80	@users = <FILE>;
	81	close FILE;
	82
	83	$username = '';
	84	$cryptpwd = '';
	85
	86	foreach (@users)
	87	{
	88	chomp;
	89	@temp = split(/:/,$_);
90	if ($temp[0] =~ /^$cgiparams{'USERNAME'}$/i)
91	{
92	$username = $temp[0];
93	$cryptpwd = $temp[1];
94	}
95	}
96	}
97	if ($username eq '')
98	{
99	$errormessage = $tr{'advproxy errmsg invalid user'};
100	goto ERROR;
101	}
18e74048 AF	102	if (
	103	!(crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd) &&
	104	!(apache_md5_crypt($cgiparams{'OLD_PASSWORD'}, $cryptpwd) eq $cryptpwd)
	105	)
ed38f89d MT	106	{
	107	$errormessage = $tr{'advproxy errmsg password incorrect'};
	108	goto ERROR;
	109	}
8fb1a115	110	$returncode = system("/usr/sbin/htpasswd -b $userdb $username $cgiparams{'NEW_PASSWORD_1'}");
ed38f89d MT	111	if ($returncode == 0)
	112	{
	113	$success = 1;
	114	undef %cgiparams;
	115	} else {
	116	$errormessage = $tr{'advproxy errmsg change fail'};
	117	goto ERROR;
	118	}
	119	}
	120
	121	ERROR:
	122
	123	print "Pragma: no-cache\n";
	124	print "Cache-control: no-cache\n";
	125	print "Connection: close\n";
	126	print "Content-type: text/html\n\n";
	127
	128	print <<END
	129	<html>
	130	<head>
	131	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
	132	<title></title>
	133	</head>
	134
	135	<body bgcolor="#FFFFFF">
	136
	137	<center>
	138
	139	<form method='post' action='$ENV{'SCRIPT_NAME'}'>
	140
5be3900c	141	<table width="80%" cellspacing="10" cellpadding="5">
ed38f89d MT	142
ed38f89d MT	143	<tr>
5be3900c JPT	144	<td bgcolor="#FFFFFF" align="center">
5be3900c JPT	145	<table width="100%" cellspacing="10" cellpadding="10" bordercolor="#9A9A9A" border="1">
ed38f89d	146	<tr>
5be3900c JPT	147	<td nowrap bgcolor="#993333" align="center" >
5be3900c JPT	148	<font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="4">
ed38f89d MT	149	<b>$tr{'advproxy chgwebpwd change web password'}</b>
	150	</font>
	151	</td>
	152	</tr>
	153	<tr>
	154	<td align="center">
5be3900c	155	<table width="50%" cellspacing="7" cellpadding="7">
ed38f89d	156	<tr>
5be3900c JPT	157	<td nowrap bgcolor="#FFFFFF" align="left">
5be3900c JPT	158	<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
ed38f89d MT	159	<b>$tr{'advproxy chgwebpwd username'}:</b>
	160	</font>
	161	</td>
5be3900c	162	<td ><input type="text" name="USERNAME" value="$cgiparams{'USERNAME'}" size="30"></td>
ed38f89d MT	163	</tr>
ed38f89d MT	164	<tr>
5be3900c JPT	165	<td nowrap bgcolor="#FFFFFF" align="left">
5be3900c JPT	166	<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
ed38f89d MT	167	<b>$tr{'advproxy chgwebpwd old password'}:</b>
	168	</font>
	169	</td>
5be3900c	170	<td><input type="password" name="OLD_PASSWORD" value="$cgiparams{'OLD_PASSWORD'}" size="30"></td>
ed38f89d MT	171	</tr>
ed38f89d MT	172	<tr>
5be3900c JPT	173	<td nowrap bgcolor="#FFFFFF" align="left">
5be3900c JPT	174	<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
ed38f89d MT	175	<b>$tr{'advproxy chgwebpwd new password'}:</b>
	176	</font>
	177	</td>
5be3900c	178	<td><input type="password" name="NEW_PASSWORD_1" value="$cgiparams{'NEW_PASSWORD_1'}" size="30"></td>
ed38f89d MT	179	</tr>
ed38f89d MT	180	<tr>
5be3900c JPT	181	<td nowrap bgcolor="#FFFFFF" align="left">
5be3900c JPT	182	<font face="trebuchet ms, helvetica, sans-serif" color="#666666" size="2">
ed38f89d MT	183	<b>$tr{'advproxy chgwebpwd new password confirm'}:</b>
	184	</font>
	185	</td>
5be3900c	186	<td><input type="password" name="NEW_PASSWORD_2" value="$cgiparams{'NEW_PASSWORD_2'}" size="30"></td>
ed38f89d MT	187	</tr>
	188	</table>
	189	<table width="100%" cellspacing="7" cellpadding="7">
	190	<tr>
	191	<td align="center"><br><input type='submit' name='SUBMIT' value="$tr{'advproxy chgwebpwd change password'}"></td>
	192	</tr>
	193	</table>
	194	</td>
	195	</tr>
	196	END
	197	;
	198
	199	if ($errormessage)
	200	{
	201	print <<END
	202	<tr>
	203	<td nowrap bgcolor="#FF0000" align="center">
5be3900c	204	<font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="2">
ed38f89d MT	205	<b>$tr{'advproxy chgwebpwd ERROR'}</b> $errormessage
	206	</font>
	207	</td>
	208	</tr>
	209	END
	210	;
	211	}
	212
	213	if ($success)
	214	{
	215	print <<END
	216	<tr>
	217	<td nowrap bgcolor="#00C000" align="center">
5be3900c	218	<font face="trebuchet ms, helvetica, sans-serif" color="#FFFFFF" size="2">
ed38f89d MT	219	<b>$tr{'advproxy chgwebpwd SUCCESS'}</b> $tr{'advproxy errmsg change success'}
	220	</font>
	221	</td>
	222	</tr>
	223	END
	224	;
	225	}
	226
	227
	228	print <<END
	229
	230	</td>
	231	</tr>
	232	</table>
	233
ed38f89d MT	234	</table>
	235
	236	</form>
	237
	238	</center>
	239
	240	</body>
	241
	242	</html>
	243	END
	244	;
	245
	246	# -------------------------------------------------------------------
	247
	248	sub readhash
	249	{
	250	my $filename = $_[0];
	251	my $hash = $_[1];
	252	my ($var, $val);
	253
	254	if (-e $filename)
	255	{
	256	open(FILE, $filename) or die "Unable to read file $filename";
	257	while (<FILE>)
	258	{
	259	chop;
	260	($var, $val) = split /=/, $_, 2;
	261	if ($var)
	262	{
	263	$val =~ s/^\'//g;
	264	$val =~ s/\'$//g;
	265
	266	# Untaint variables read from hash
	267	$var =~ /([A-Za-z0-9_-]*)/; $var = $1;
	268	$val =~ /([\w\W]*)/; $val = $1;
	269	$hash->{$var} = $val;
	270	}
	271	}
	272	close FILE;
	273	}
	274	}
	275
	276	# -------------------------------------------------------------------
	277
	278	sub getcgihash
	279	{
	280	my ($hash, $params) = @_;
	281	my $cgi = CGI->new ();
	282	return if ($ENV{'REQUEST_METHOD'} ne 'POST');
	283	if (!$params->{'wantfile'}) {
	284	$CGI::DISABLE_UPLOADS = 1;
	285	$CGI::POST_MAX = 512 * 1024;
	286	} else {
	287	$CGI::POST_MAX = 10 * 1024 * 1024;
	288	}
	289
	290	$cgi->referer() =~ m/^https?\:\/\/([^\/]+)/;
	291	my $referer = $1;
	292	$cgi->url() =~ m/^https?\:\/\/([^\/]+)/;
	293	my $servername = $1;
	294	return if ($referer ne $servername);
	295
	296	### Modified for getting multi-vars, split by \|
	297	%temp = $cgi->Vars();
298	foreach my $key (keys %temp) {
299	$hash->{$key} = $temp{$key};
300	$hash->{$key} =~ s/\0/\|/g;
301	$hash->{$key} =~ s/^\s(.?)\s*$/$1/;
302	}
303
304	if (($params->{'wantfile'})&&($params->{'filevar'})) {
305	$hash->{$params->{'filevar'}} = $cgi->upload
306	($params->{'filevar'});
307	}
308	return;
309	}
310
311	# -------------------------------------------------------------------