| 1 | #!/usr/bin/perl -w
|
---|
| 2 | #
|
---|
| 3 | # $Id$
|
---|
| 4 | #
|
---|
| 5 | # Simple CGI script to change your password, currently 'configured'
|
---|
| 6 | # for dovecotpw, but could easy be ported to something else.
|
---|
| 7 | #
|
---|
| 8 | # License: BSDLike
|
---|
| 9 | # Rick van der Zwet <info@rickvanderzwet.nl>
|
---|
| 10 |
|
---|
| 11 | # WARNING: Fail safe switch
|
---|
| 12 | # WARNING: CHANGE ME TO A STATIC STRING ELSE I FAIL TO WORK
|
---|
| 13 | $STATIC_AUTH_KEY= rand(100000);
|
---|
| 14 |
|
---|
| 15 | use CGI;
|
---|
| 16 | $q = CGI->new;
|
---|
| 17 |
|
---|
| 18 | $MIN_PASSWD_LENGTH=8;
|
---|
| 19 |
|
---|
| 20 | $PASSWDFILE='/usr/local/www/eurobsdcon2011/.htpasswd';
|
---|
| 21 | $HTPASSWD='/usr/local/sbin/htpasswd';
|
---|
| 22 |
|
---|
| 23 |
|
---|
| 24 | if (! -w $PASSWDFILE || ! -x $HTPASSWD) {
|
---|
| 25 | print $q->header(-status=>$error);
|
---|
| 26 | print $q->start_html('Problems');
|
---|
| 27 | print $q->h2('Not able to open internals (database or binary)');
|
---|
| 28 | exit 1;
|
---|
| 29 | };
|
---|
| 30 |
|
---|
| 31 |
|
---|
| 32 | # Message 'buffer', entries in here will be pushed on top of form
|
---|
| 33 | @messages = ();
|
---|
| 34 |
|
---|
| 35 |
|
---|
| 36 | #
|
---|
| 37 | # Verify validity of CGI input
|
---|
| 38 | sub check_cgi() {
|
---|
| 39 | if ($q->request_method() eq "POST") {
|
---|
| 40 | if (! ($q->param('username') && $q->param('auth_key') &&
|
---|
| 41 | $q->param('new_password') && $q->param('verify_password'))) {
|
---|
| 42 | push(@messages, "Not all fields are provided");
|
---|
| 43 | return 1;
|
---|
| 44 | }
|
---|
| 45 | if ($q->param('new_password') ne $q->param('verify_password')) {
|
---|
| 46 | push(@messages, 'New passwords does not match');
|
---|
| 47 | return 1;
|
---|
| 48 | }
|
---|
| 49 | if ($q->param('new_password') eq $q->param('auth_key')) {
|
---|
| 50 | push(@messages, 'New password equal to old password not changing');
|
---|
| 51 | return 1;
|
---|
| 52 | }
|
---|
| 53 | if (length($q->param('new_password')) < $MIN_PASSWD_LENGTH) {
|
---|
| 54 | push(@messages, "New password to short (minimal $MIN_PASSWD_LENGTH characters)");
|
---|
| 55 | return 1;
|
---|
| 56 | }
|
---|
| 57 | return 0;
|
---|
| 58 | }
|
---|
| 59 | return 1;
|
---|
| 60 | }
|
---|
| 61 |
|
---|
| 62 |
|
---|
| 63 | #
|
---|
| 64 | # Process CGI, assuming all values are correct
|
---|
| 65 | sub process_cgi_for_dovecotpw() {
|
---|
| 66 | my $username = $q->param('username');
|
---|
| 67 | my $auth_key = $q->param('auth_key');
|
---|
| 68 | my $new_password = $q->param('new_password');
|
---|
| 69 |
|
---|
| 70 | if ($auth_key ne $STATIC_AUTH_KEY) {
|
---|
| 71 | push(@messages, "Auth key invalid");
|
---|
| 72 | return;
|
---|
| 73 | }
|
---|
| 74 |
|
---|
| 75 | my $retval = `grep '^$username:' $PASSWDFILE`;
|
---|
| 76 | if ( $retval ) {
|
---|
| 77 | push(@messages, "Username does already exists!");
|
---|
| 78 | return;
|
---|
| 79 | }
|
---|
| 80 |
|
---|
| 81 | $password = `$HTPASSWD -b $PASSWDFILE $username $new_password 2>&1`;
|
---|
| 82 | push(@messages, "User added succesfully ($password)");
|
---|
| 83 | }
|
---|
| 84 |
|
---|
| 85 | # Only process if field are valid
|
---|
| 86 | if (check_cgi() == 0) {
|
---|
| 87 | process_cgi_for_dovecotpw();
|
---|
| 88 | }
|
---|
| 89 |
|
---|
| 90 | print $q->header;
|
---|
| 91 | print $q->start_html('Change Email Password');
|
---|
| 92 | print $q->start_center();
|
---|
| 93 | if (@messages) {
|
---|
| 94 | print $q->h2($q->ul({-style => 'list-style-type: none'}, $q->li(@messages)));
|
---|
| 95 | };
|
---|
| 96 | print $q->start_form();
|
---|
| 97 | print $q->table($q->caption($q->h2('Please provide your values to change password')),
|
---|
| 98 | $q->Tr([$q->td(['username', $q->textfield('username','somebody')])]),
|
---|
| 99 | $q->Tr([$q->td(['auth key', $q->password_field('auth_key')])]),
|
---|
| 100 | $q->Tr([$q->td(['new password', $q->password_field('new_password')])]),
|
---|
| 101 | $q->Tr([$q->td(['verify new password', $q->password_field('verify_password')])]),
|
---|
| 102 | $q->Tr([$q->td({-colspan=>2,-align=>'center'},[$q->submit('submit', 'Change Password')])])
|
---|
| 103 | );
|
---|
| 104 | print '</table>';
|
---|
| 105 | print $q->end_form();
|
---|
| 106 | print $q->end_center();
|
---|
| 107 | print $q->end_html;
|
---|