source: cgi-scripts/dovecot-changepw@ 354

Last change on this file since 354 was 195, checked in by Rick van der Zwet, 14 years ago

Webinterface script to allow changing of password in password file.

  • Property svn:executable set to *
File size: 3.2 KB
Line 
1#!/usr/bin/perl -w
2#
3# $Id$
4#
5# Simple CGI script to change your password, currently 'configured'
6# for dovecotpw, but could easy be ported to something else.
7#
8# License: BSDLike
9# Rick van der Zwet <info@rickvanderzwet.nl>
10
11use CGI;
12$q = CGI->new;
13
14$MIN_PASSWD_LENGTH=8;
15
16$PASSWDFILE='/usr/local/etc/dovecot.passwd';
17$DOVECOTPW='/usr/local/sbin/dovecotpw';
18
19if (! -w $PASSWDFILE || ! -x $DOVECOTPW) {
20 print $q->header(-status=>$error);
21 print $q->start_html('Problems');
22 print $q->h2('Not able to open internals (database or binary)');
23 exit 1;
24};
25
26
27# Message 'buffer', entries in here will be pushed on top of form
28@messages = ();
29
30
31#
32# Verify validity of CGI input
33sub check_cgi() {
34 if ($q->request_method() eq "POST") {
35 if (! ($q->param('username') && $q->param('old_password') &&
36 $q->param('new_password') && $q->param('verify_password'))) {
37 push(@messages, "Not all fields are provided");
38 return 1;
39 }
40 if ($q->param('new_password') ne $q->param('verify_password')) {
41 push(@messages, 'New passwords does not match');
42 return 1;
43 }
44 if ($q->param('new_password') eq $q->param('old_password')) {
45 push(@messages, 'New password equal to old password not changing');
46 return 1;
47 }
48 if (length($q->param('new_password')) < $MIN_PASSWD_LENGTH) {
49 push(@messages, "New password to short (minimal $MIN_PASSWD_LENGTH characters)");
50 return 1;
51 }
52 return 0;
53 }
54 return 1;
55}
56
57
58#
59# Process CGI, assuming all values are correct
60sub process_cgi_for_dovecotpw() {
61 my $username = $q->param('username');
62 my $old_password = $q->param('old_password');
63 my $new_password = $q->param('new_password');
64
65 # XXX: Untested LOCK setup
66 open(LOCK, '>> /tmp/changepw.lock');
67 flock LOCK, 2;
68 my $password = `$DOVECOTPW -p $old_password`;
69 open(FH, "<$PASSWDFILE");
70 my @users = <FH>;
71 close(FH);
72 # Find all lines _NOT_ matching this entry
73 my @lines = grep (!/^$username:$password/, @users);
74 # If we still have the same amount of lines we did not remove anything
75 if ((scalar(@lines) - scalar(@users)) == 0) {
76 push(@messages, "Username or password invalid");
77 flock LOCK, 2;
78 close(LOCK);
79 return;
80 }
81 $password = `$DOVECOTPW -p $new_password`;
82 push(@lines,"$username:$password");
83
84 open(FH, ">$PASSWDFILE");
85 print FH sort(@lines);
86 close(FH);
87 push(@messages, "Password changed");
88 flock LOCK, 2;
89 close(LOCK);
90}
91
92# Only process if field are valid
93if (check_cgi() == 0) {
94 process_cgi_for_dovecotpw();
95}
96
97print $q->header;
98print $q->start_html('Change Email Password');
99print $q->start_center();
100if (@messages) {
101 print $q->h2($q->ul({-style => 'list-style-type: none'}, $q->li(@messages)));
102};
103print $q->start_form();
104print $q->table($q->caption($q->h2('Please provide your values to change password')),
105 $q->Tr([$q->td(['username', $q->textfield('username','somebody@example.org')])]),
106 $q->Tr([$q->td(['old password', $q->password_field('old_password')])]),
107 $q->Tr([$q->td(['new password', $q->password_field('new_password')])]),
108 $q->Tr([$q->td(['verify new password', $q->password_field('verify_password')])]),
109 $q->Tr([$q->td({-colspan=>2,-align=>'center'},[$q->submit('submit', 'Change Password')])])
110);
111print '</table>';
112print $q->end_form();
113print $q->end_center();
114print $q->end_html;
Note: See TracBrowser for help on using the repository browser.