#!/usr/bin/perl -wT # # TWiki Collaboration Platform, http://TWiki.org/ # # Copyright (C) 2001 Klaus Wriessnegger, kw@sap.com # Copyright (C) 2001 Andrea Sterbini, a.sterbini@flashnet.it # Copyright (C) 2001-2003 Peter Thoeny, peter@thoeny.com # # For licensing info read license.txt file in the TWiki root. # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details, published at # http://www.gnu.ai.mit.edu/copyleft/gpl.html # # 26-5-01 Password installation (only by the $superAdminGroup) # 15-12-2003 moved requesting a passwd reset from passwd (as it is also htpasswd specific) # #NOTE: InstallPassword code is protected from anonymous use, but it is still risky #(anyone who has a valid htpasswd entry can call it by hand #WARNING: this script only works when using htpasswd files. #usage example: # #I n s t a l l # # #
#Username:EncryptedPW
# # #
# # this code is here for symetery only - the actual usable bit is in the passwd script #R e s e t # #
#Username
#New password #retype New password # # # # BEGIN { # Set default current working directory if( $ENV{"SCRIPT_FILENAME"} && $ENV{"SCRIPT_FILENAME"} =~ /^(.+)\/[^\/]+$/ ) { chdir $1; } # Set library paths in @INC at compile time unshift @INC, '.'; require 'setlib.cfg'; } use CGI::Carp qw(fatalsToBrowser); use CGI; use TWiki; use TWiki::User; use TWiki::User::HtPasswdUser; $query= new CGI; &main(); sub main { my $wikiName = $query->param( 'username' ); #initialize my $topicName = $query->param( 'TopicName' ); my $thePathInfo = $query->path_info(); my $theUrl = $query->url; ( $topic, $webName ) = &TWiki::initialize( $thePathInfo, $wikiName, $topicName, $theUrl, $query ); my $text = ""; my $url = ""; my $theRemoteUser = $query->remote_user(); my ( $dummy1, $dummy2, $dummy3, $userName ) = &TWiki::initialize( $thePathInfo, $theRemoteUser, $topicName, $theUrl, $query ); my $action = $query->param("installPasswd"); if ( $action eq "on" ) { installEncryptedPasswd ($webName, $topic, $userName); } elsif ( $action eq "requestReset" ) { showEncryptedPasswd ($webName, $topic); } else { $url = &TWiki::getOopsUrl( $webName, $topic, "oopsmanage"); TWiki::redirect( $query, $url ); } } #============================================== # ($webName, $topic) sub showEncryptedPasswd { my ($webName, $topic) = @_; # get all parameters from the form my $wikiName = $query->param( 'username' ); my $passwordA = $query->param( 'password' ); my $passwordB = $query->param( 'passwordA' ); my $url = ""; # check if required fields are filled in if( ! $wikiName || ! $passwordA ) { $url = &TWiki::getOopsUrl( $webName, $topic, "oopsregrequ", ); TWiki::redirect( $query, $url ); return; } # check if user entry exists if( ( $wikiName ) && (! TWiki::User::UserPasswordExists( $wikiName ) ) ) { # PTh 20 Jun 2000: changed to getOopsUrl $url = &TWiki::getOopsUrl( $webName, $topic, "oopsnotwikiuser", $wikiName ); TWiki::redirect( $query, $url ); return; } # check if passwords are identical if( $passwordA ne $passwordB ) { $url = &TWiki::getOopsUrl( $webName, $topic, "oopsregpasswd" ); TWiki::redirect( $query, $url ); return; } my $theCryptPassword = &TWiki::User::HtPasswdUser::_htpasswdGeneratePasswd( $wikiName, $passwordA ); # and finally display the reset password page $url = &TWiki::getOopsUrl( $webName, $wikiName, "oopsresetpasswd", $wikiName.":".$theCryptPassword ); TWiki::redirect( $query, $url ); } #============================================== sub installEncryptedPasswd { my ($webName, $topic, $userName) = @_; my $wikiUserName = &TWiki::userToWikiName( $userName ); if( ! &TWiki::Access::userIsInGroup( $wikiUserName, $TWiki::superAdminGroup ) ) { # user has no permission to install the password my $url = &TWiki::getOopsUrl( $webName, $topic, "oopsaccessgroup", "$TWiki::mainWebname.$TWiki::superAdminGroup" ); TWiki::redirect( $query, $url ); return; } my $theCryptPassword = $query->param( 'encryptedPassword' ) || ''; if ( ! $theCryptPassword ) { # missing username:encryptedpassword $url = &TWiki::getOopsUrl( $webName, $topic, "oopsregrequ", ); TWiki::redirect( $query, $url ); return; } # TODO: I18N fix here once basic auth problem with 8-bit user names is # solved if ( $theCryptPassword =~ m/^([A-Z][a-zA-Z]+[A-Z][a-zA-Z]*)\:.{13}$/ ) { $wikiName = $1; } else { # bad format $url = &TWiki::getOopsUrl( $webName, $topic, "oopsbadpwformat", $theCryptPassword); TWiki::redirect( $query, $url ); return; } # check if user entry exists if( ( $wikiName ) && (! TWiki::User::UserPasswordExists( $wikiName ) ) ){ # PTh 20 Jun 2000: changed to getOopsUrl $url = &TWiki::getOopsUrl( $webName, $topic, "oopsnotwikiuser", $wikiName ); TWiki::redirect( $query, $url ); return; } #this bit is specific to the TWiki::User::HtPasswdUser module # old password my $oldcrypt = TWiki::User::HtPasswdUser::_htpasswdReadPasswd( $wikiName ); # OK - password may be changed my $oldCryptPassword = "$wikiName\:$oldcrypt"; TWiki::User::HtPasswdUser::htpasswdUpdateUser( $wikiName, $oldCryptPassword, $theCryptPassword ); # OK - password changed $url = &TWiki::getOopsUrl( $webName, $topic, "oopschangepasswd" ); TWiki::redirect( $query, $url ); return; }