1 rizwank 1.1 #!/usr/bin/perl -wT
2 #
3 # TWiki Collaboration Platform, http://TWiki.org/
4 #
5 # Copyright (C) 2001 Klaus Wriessnegger, kw@sap.com
6 # Copyright (C) 2001 Andrea Sterbini, a.sterbini@flashnet.it
7 # Copyright (C) 2001-2003 Peter Thoeny, peter@thoeny.com
8 #
9 # For licensing info read license.txt file in the TWiki root.
10 # This program is free software; you can redistribute it and/or
11 # modify it under the terms of the GNU General Public License
12 # as published by the Free Software Foundation; either version 2
13 # of the License, or (at your option) any later version.
14 #
15 # This program is distributed in the hope that it will be useful,
16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU General Public License for more details, published at
19 # http://www.gnu.ai.mit.edu/copyleft/gpl.html
20 #
21 # 26-5-01 Password installation (only by the $superAdminGroup)
22 rizwank 1.1 # 15-12-2003 moved requesting a passwd reset from passwd (as it is also htpasswd specific)
23 #
24
25 #NOTE: InstallPassword code is protected from anonymous use, but it is still risky
26 #(anyone who has a valid htpasswd entry can call it by hand
27
28 #WARNING: this script only works when using htpasswd files.
29 #usage example:
30 #
31 #I n s t a l l
32 #
33 #</form>
34 #<form name="passwd" action="/%SCRIPTURLPATH%/installpasswd%SCRIPTSUFFIX%/%WEB%/">
35 #Username:EncryptedPW <input type="text" name="encryptedpassword" value="" size="16" /> <br />
36 #<input type="submit" name="passwd" />
37 #<input type="hidden" name="installPasswd" value="on" />
38 #</form>
39 #
40 # this code is here for symetery only - the actual usable bit is in the passwd script
41 #R e s e t
42 #
43 rizwank 1.1 #<form name="passwd" action="/%SCRIPTURLPATH%/installpasswd%SCRIPTSUFFIX%/%WEB%/">
44 #Username <input type="text" name="username" value="" size="16" /> <br />
45 #New password <input type="password" name="password" size="16" />
46 #retype New password <input type="password" name="passwordA" size="16" />
47 #<input type="hidden" name="installPasswd" value="requestReset" />
48 #<input type="submit" name="passwd" />
49 #
50 #
51
52 BEGIN {
53 # Set default current working directory
54 if( $ENV{"SCRIPT_FILENAME"} && $ENV{"SCRIPT_FILENAME"} =~ /^(.+)\/[^\/]+$/ ) {
55 chdir $1;
56 }
57 # Set library paths in @INC at compile time
58 unshift @INC, '.';
59 require 'setlib.cfg';
60 }
61
62 use CGI::Carp qw(fatalsToBrowser);
63 use CGI;
64 rizwank 1.1 use TWiki;
65 use TWiki::User;
66 use TWiki::User::HtPasswdUser;
67
68 $query= new CGI;
69
70 &main();
71
72 sub main
73 {
74 my $wikiName = $query->param( 'username' );
75
76 #initialize
77 my $topicName = $query->param( 'TopicName' );
78 my $thePathInfo = $query->path_info();
79 my $theUrl = $query->url;
80
81 ( $topic, $webName ) =
82 &TWiki::initialize( $thePathInfo, $wikiName, $topicName, $theUrl, $query );
83
84 my $text = "";
85 rizwank 1.1 my $url = "";
86
87 my $theRemoteUser = $query->remote_user();
88 my ( $dummy1, $dummy2, $dummy3, $userName ) =
89 &TWiki::initialize( $thePathInfo, $theRemoteUser, $topicName, $theUrl, $query );
90
91 my $action = $query->param("installPasswd");
92
93 if ( $action eq "on" ) {
94 installEncryptedPasswd ($webName, $topic, $userName);
95 } elsif ( $action eq "requestReset" ) {
96 showEncryptedPasswd ($webName, $topic);
97 } else {
98 $url = &TWiki::getOopsUrl( $webName, $topic, "oopsmanage");
99 TWiki::redirect( $query, $url );
100 }
101 }
102
103 #==============================================
104 # ($webName, $topic)
105 sub showEncryptedPasswd
106 rizwank 1.1 {
107 my ($webName, $topic) = @_;
108
109 # get all parameters from the form
110 my $wikiName = $query->param( 'username' );
111 my $passwordA = $query->param( 'password' );
112 my $passwordB = $query->param( 'passwordA' );
113
114 my $url = "";
115
116 # check if required fields are filled in
117 if( ! $wikiName || ! $passwordA ) {
118 $url = &TWiki::getOopsUrl( $webName, $topic, "oopsregrequ", );
119 TWiki::redirect( $query, $url );
120 return;
121 }
122
123 # check if user entry exists
124 if( ( $wikiName ) && (! TWiki::User::UserPasswordExists( $wikiName ) ) ) {
125 # PTh 20 Jun 2000: changed to getOopsUrl
126 $url = &TWiki::getOopsUrl( $webName, $topic, "oopsnotwikiuser", $wikiName );
127 rizwank 1.1 TWiki::redirect( $query, $url );
128 return;
129 }
130
131 # check if passwords are identical
132 if( $passwordA ne $passwordB ) {
133 $url = &TWiki::getOopsUrl( $webName, $topic, "oopsregpasswd" );
134 TWiki::redirect( $query, $url );
135 return;
136 }
137
138 my $theCryptPassword = &TWiki::User::HtPasswdUser::_htpasswdGeneratePasswd( $wikiName, $passwordA );
139
140 # and finally display the reset password page
141 $url = &TWiki::getOopsUrl( $webName, $wikiName, "oopsresetpasswd", $wikiName.":".$theCryptPassword );
142 TWiki::redirect( $query, $url );
143 }
144
145 #==============================================
146 sub installEncryptedPasswd
147 {
148 rizwank 1.1 my ($webName, $topic, $userName) = @_;
149
150 my $wikiUserName = &TWiki::userToWikiName( $userName );
151
152 if( ! &TWiki::Access::userIsInGroup( $wikiUserName, $TWiki::superAdminGroup ) ) {
153 # user has no permission to install the password
154 my $url = &TWiki::getOopsUrl( $webName, $topic, "oopsaccessgroup", "$TWiki::mainWebname.$TWiki::superAdminGroup" );
155 TWiki::redirect( $query, $url );
156 return;
157 }
158
159 my $theCryptPassword = $query->param( 'encryptedPassword' ) || '';
160 if ( ! $theCryptPassword ) {
161 # missing username:encryptedpassword
162 $url = &TWiki::getOopsUrl( $webName, $topic, "oopsregrequ", );
163 TWiki::redirect( $query, $url );
164 return;
165 }
166
167 # TODO: I18N fix here once basic auth problem with 8-bit user names is
168 # solved
169 rizwank 1.1 if ( $theCryptPassword =~ m/^([A-Z][a-zA-Z]+[A-Z][a-zA-Z]*)\:.{13}$/ ) {
170 $wikiName = $1;
171 } else {
172 # bad format
173 $url = &TWiki::getOopsUrl( $webName, $topic, "oopsbadpwformat", $theCryptPassword);
174 TWiki::redirect( $query, $url );
175 return;
176 }
177
178 # check if user entry exists
179 if( ( $wikiName ) && (! TWiki::User::UserPasswordExists( $wikiName ) ) ){
180 # PTh 20 Jun 2000: changed to getOopsUrl
181 $url = &TWiki::getOopsUrl( $webName, $topic, "oopsnotwikiuser", $wikiName );
182 TWiki::redirect( $query, $url );
183 return;
184 }
185
186 #this bit is specific to the TWiki::User::HtPasswdUser module
187 # old password
188 my $oldcrypt = TWiki::User::HtPasswdUser::_htpasswdReadPasswd( $wikiName );
189 # OK - password may be changed
190 rizwank 1.1 my $oldCryptPassword = "$wikiName\:$oldcrypt";
191 TWiki::User::HtPasswdUser::htpasswdUpdateUser( $wikiName, $oldCryptPassword, $theCryptPassword );
192
193 # OK - password changed
194 $url = &TWiki::getOopsUrl( $webName, $topic, "oopschangepasswd" );
195 TWiki::redirect( $query, $url );
196 return;
197 }
198
|
Return to
installpasswd.cgi
CVS log
Up to [RizwankCVS] / geekymedia_web / twiki / bin