1 rizwank 1.1 #!/usr/bin/perl -wT
  2             #
  3             # TWiki Collaboration Platform, http://TWiki.org/
  4             #
  5             # Copyright (C) 2000-2003 Peter Thoeny, Peter@Thoeny.com
  6             # Copyright (C) 2001 Klaus Wriessnegger, kw@sap.com
  7             #
  8             # For licensing info read license.txt file in the TWiki root.
  9             # This program is free software; you can redistribute it and/or
 10             # modify it under the terms of the GNU General Public License
 11             # as published by the Free Software Foundation; either version 2
 12             # of the License, or (at your option) any later version.
 13             #
 14             # This program is distributed in the hope that it will be useful,
 15             # but WITHOUT ANY WARRANTY; without even the implied warranty of
 16             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 17             # GNU General Public License for more details, published at
 18             # http://www.gnu.ai.mit.edu/copyleft/gpl.html
 19             #
 20             
 21             #NOTE: the reset code is in this script because it needs to be in an un-authenticated 
 22 rizwank 1.1 # script (see the .htaccess file)
 23             # the matching InstallPassword code is protected, but still risky (anyone who has a valid 
 24             # htpasswd entry can call it by hand 
 25             
 26             #usage example:
 27             #
 28             #
 29             #R e s e t
 30             #
 31             #<form name="passwd" action="/%SCRIPTURLPATH%/passwd%SCRIPTSUFFIX%/%WEB%/">
 32             #Username     <input type="text" name="username" value="" size="16" /> <br />
 33             #New password <input type="password" name="password" size="16" />
 34             #retype New password <input type="password" name="passwordA" size="16" />
 35             #<input type="hidden" name="installPasswd" value="requestReset" />
 36             #<input type="submit" name="passwd" />
 37             #
 38             #
 39             
 40              
 41             BEGIN {
 42                 # Set default current working directory
 43 rizwank 1.1     if( $ENV{"SCRIPT_FILENAME"} && $ENV{"SCRIPT_FILENAME"} =~ /^(.+)\/[^\/]+$/ ) {
 44                     chdir $1;
 45                 }
 46                 # Set library paths in @INC at compile time
 47                 unshift @INC, '.';
 48                 require 'setlib.cfg';
 49             }
 50             
 51             use CGI::Carp qw(fatalsToBrowser);
 52             use CGI;
 53             use TWiki;
 54             use TWiki::User;
 55             use TWiki::User::HtPasswdUser;
 56              
 57             $query= new CGI;
 58              
 59             &main();
 60              
 61             sub main
 62             {
 63                 my $wikiName = $query->param( 'username' );
 64 rizwank 1.1 
 65                 #initialize
 66                 my $topicName = $query->param( 'TopicName' );
 67                 my $thePathInfo = $query->path_info();
 68                 my $theUrl = $query->url;
 69             
 70                 ( $topic, $webName ) =
 71                     &TWiki::initialize( $thePathInfo, $wikiName, $topicName, $theUrl, $query );
 72              
 73                 my $text = "";
 74                 my $url = "";
 75             
 76                 my $theRemoteUser = $query->remote_user();
 77                 my ( $dummy1, $dummy2, $dummy3, $userName ) = 
 78             	&TWiki::initialize( $thePathInfo, $theRemoteUser, $topicName, $theUrl, $query );
 79             
 80                 my $action = $query->param("installPasswd");
 81             
 82             if ( $action eq "requestReset" ) {
 83                     showEncryptedPasswd ($webName, $topic);
 84                 } else {
 85 rizwank 1.1        $url = &TWiki::getOopsUrl( $webName, $topic, "oopsmanage");
 86                    TWiki::redirect( $query, $url );
 87                 }
 88             }
 89             
 90             #==============================================
 91             # ($webName, $topic)
 92             sub showEncryptedPasswd
 93             {
 94                 my  ($webName, $topic) = @_;
 95             
 96                 # get all parameters from the form
 97                 my $wikiName = $query->param( 'username' );
 98                 my $passwordA = $query->param( 'password' );
 99                 my $passwordB = $query->param( 'passwordA' );
100             
101                 my $url = "";
102             
103                 # check if required fields are filled in
104                 if( ! $wikiName || ! $passwordA ) {
105                     $url = &TWiki::getOopsUrl( $webName, $topic, "oopsregrequ", );
106 rizwank 1.1         TWiki::redirect( $query, $url );
107                     return;
108                 }
109              
110                 # check if user entry exists
111                 if(  ( $wikiName )  && (! TWiki::User::UserPasswordExists( $wikiName ) ) ) {
112                     # PTh 20 Jun 2000: changed to getOopsUrl
113                     $url = &TWiki::getOopsUrl( $webName, $topic, "oopsnotwikiuser", $wikiName );
114                     TWiki::redirect( $query, $url );
115                     return;
116                 }
117             
118                 # check if passwords are identical
119                 if( $passwordA ne $passwordB ) {
120                     $url = &TWiki::getOopsUrl( $webName, $topic, "oopsregpasswd" );
121                     TWiki::redirect( $query, $url );
122                     return;
123                 }
124             
125                 my $theCryptPassword = &TWiki::User::HtPasswdUser::_htpasswdGeneratePasswd( $wikiName,  $passwordA );
126             
127 rizwank 1.1     # and finally display the reset password page
128                 $url = &TWiki::getOopsUrl( $webName, $wikiName, "oopsresetpasswd", $wikiName.":".$theCryptPassword );
129                 TWiki::redirect( $query, $url );
130             }