[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [seul-edu] Users Changing their Passwords over web?

To: seul-edu@seul.org
To: Undisclosed recipients: ;
Subject: Re: [seul-edu] Users Changing their Passwords over web?
From: Daniel Dent <ddent@vc.bc.ca>
Date: Wed, 10 Nov 1999 20:42:44 +0000 (GMT)
Delivery-Date: Wed, 10 Nov 1999 15:43:11 -0500
In-Reply-To: <199911031110.MAA23371@mail.tasis.ch>
Reply-To: seul-edu@seul.org
Sender: owner-seul-edu@seul.org

On Wed, 3 Nov 1999, Bill Tihen -- TECHNOLOGY wrote:

> Does anyone know a good way to allow users to change
> their passwords and possibly other things related to
> their account?  I looked at LinuxConf, but it allows way

Sorry to take so long to reply Bill, but here is a potential solution.

I've been lurking around on this list for while now, but haven't actually
written anything to it yet.  Anyway, someone else at my school and I have
just written something to change passwords through the web, as part of a larger interface called webvc.  It uses an expect script, and a special compile of yppasswd - a compile that I have done, having commented out the parts that want you to be root.  It
 dosen't care who you are: it just wants the password of the user you are trying to change.

WebVC is also a mail reader/writer (cgi), a calendar generator
(html/printable from a data file), a user list generator (with email
address, and grade), and a quizzer/markbook/material presenter.  The
quizzer/markbook/material presenter is still highly in development, but
it has completed a few successful trial runs.  All data stored for
the quiz... is stored in XML.  We are constantly writing new parts, whenever we get a new idea that sounds good... ;)

Very close to completion is an ftp cgi - to allow you to upload and download from an ftp, presumably your home directory, using html forms.  This is a workaround for all those many broswers that can't do ftp upload, or proper ftp download.

A cgi called lanlord (by David Stokes) has been integrated into webvc.  Lanlord takes a DHCP lease file and generates a report (IP, name, mac address, etc).

WebVC is entirely GPL, and has been written in perl, except for the expect script.  It uses a common library, and attempts to cut down on redundancy in code whenever possible.

Take a look @ http://vc.bc.ca/webvc/ to see it in action.

Attached is the password change portion, and the special yppasswd compile.

Daniel Dent

#!/usr/bin/expect -f
#
# pwchange.cgi 0.5 by Alexander Bradley
# Expect script to change passwords via the web.
#

# Output the necessary HTML header
puts "Content-type: text/html\n\n"

# Set all the CGI input variables to null to avoid
# Tcl errors
set input ""
set q_username ""
set q_oldpass ""
set q_newpass ""
set q_confpass ""

# Read CGI POST variables from stdin
catch {set input [read stdin]}

# Output the WebVC headers to make things look nice
puts [exec /home/webvc/bin/header "Changing Password"]

# Put the WebVC footers into a variable to save me typing :)
set footer [exec /home/webvc/bin/footer]

# This is for nosy people trying to invoke the script without arguments.
if {$input == ""} {
 puts "<P>This script was invoked incorrectly.\n$footer"
 exit
}

# Parse the CGI input into variables we can work with
set queries [split $input &]

foreach query $queries {
 set first 1
 set name ""
 set contents ""
 foreach side [split $query =] {
  if {$first == 1} { 
   set name $side
  } else {
   set contents $side
  }
  set first 0
 }
 # Punctutation substitution... a little longwinded...
 regsub \\+ $contents " " contents
 regsub -nocase %7E $contents ~ contents
 regsub -nocase %21 $contents ! contents
 regsub -nocase %40 $contents @  contents
 regsub -nocase %23 $contents # contents
 regsub -nocase %24 $contents $ contents
 regsub -nocase %25 $contents % contents
 regsub -nocase %5E $contents ^ contents
 regsub -nocase %26 $contents \\& contents
 regsub -nocase %28 $contents ( contents
 regsub -nocase %29 $contents ) contents
 regsub -nocase %2B $contents + contents
 regsub -nocase %7B $contents \{ contents
 regsub -nocase %7D $contents \} contents
 regsub -nocase %7C $contents | contents
 regsub -nocase %3A $contents : contents
 regsub -nocase %22 $contents \" contents
 regsub -nocase %3C $contents < contents
 regsub -nocase %3E $contents > contents
 regsub -nocase %3F $contents ? contents
 regsub -nocase %60 $contents ` contents
 regsub -nocase %3D $contents = contents
 regsub -nocase %5B $contents \[ contents
 regsub -nocase %5D $contents \] contents
 regsub -nocase %5C $contents \\ contents
 regsub -nocase %3B $contents \; contents
 regsub -nocase %27 $contents ' contents
 regsub -nocase %2C $contents , contents
 regsub -nocase %2F $contents / contents
  
 set q_$name $contents
}

# Some error handling...
if {$q_username == ""} {
 # This also gets outputted if the script was simply fed garbage.
 puts "<P>You did not specify a username.\n$footer"
 exit
}
if {$q_newpass != $q_confpass} {
 # User made a mistake.
 puts "<P>The new password you specified and the confirmation password do not \
match.  Password unchanged.\n$footer"
 exit
}
if {$q_oldpass == $q_newpass} {
 # Why invoke the script if you don't want to change your password?
 puts "<P>Your new password cannot be the same as your old one.  Password \
unchanged.\n$footer"
 exit
}
if {$q_newpass == ""} {
 # Try to avoid REALLY stupid passwords...
 puts "<P>You new password cannot be the null string.  Password \
unchanged.\n$footer"
 exit
}
if {$q_username == "root"} {
 # Nobody should be trying this anyway...
 puts "<P>You cannot change the password for root.\n$footer"
 exit
}
if {[string length $q_newpass] < 6} {
 # Password's too short; yppasswd would reject it
 puts "<P>Your password is too short.  Passwords must be 6 or more \
characters.\n$footer"
 exit
}

# Comment out yppasswd's output
puts "<!-- Output from yppasswd follows:\n\n"

# Now we've got through all the checks, spawn yppasswd.
spawn -noecho /home/webvc/bin/yppasswd $q_username

expect {
	"old password:" {
	send "$q_oldpass\n"
        } "unknown user" {
	puts "-->\n\n<P>The user $q_username does not exist.\n$footer"
	exit
	} timeout {
	puts "-->\n\n<P>An error occurred while changing the password. \
Check the source of this document for messages.\n$footer"
        exit
        }
}       

expect {
        "new password:" {
	send "$q_newpass\n"
        } "Sorry." {
	puts "-->\n\n<P>The password you specified for $q_username is incorrect.\n$footer"
	exit
	} timeout {
	puts "-->\n\n<P>An error occurred while changing the password. \
Check the source of this document for messages.\n$footer"
        exit
	}
}	
expect {
	"The password" {
	puts "-->\n\n<P>The password you wanted to change to was rejected, \
probably because it did not follow the guidelines for a secure password (6 \
or more characters and a mixture of uppercase, lowercase, numbers and \
punctuation.  Check the source of this document for messages.\n$footer"
	exit
	} "retype new password:" {
	send "$q_newpass\n"
	} timeout {
	puts "-->\n\n<P>An error occurred while changing the password. \
Check the source of this document for messages.\n$footer"
        exit
        }
}	
expect { 
        "password has been changed" { 
	puts "-->\n\n<P>Your password has been successfully changed.\n$footer"
	} timeout {
	puts "-->\n\n<P>An error occurred while changing the password. \
Check the source of this document for messages.\n$footer"
        }
}

<!--#exec cmd="/home/webvc/bin/header 'Change your Password'"-->

<!--#if expr="\"$SERVER_PORT\" = \"443\""-->
<P>To change your password, type in your username, your password and the 
password you want
it to be changed to.  Your password will be encrypted so it cannot be
observed in transit.</P>
<!--#else -->
<P>To change your password, type in your username, your password and the
password you want it to be changed to.  <STRONG class="wrong">Your password will not be
encrypted and it could be observed in transit.  It would be better to use
the <A href="https://vc.bc.ca/webvc/cgi-bin/pwchange/">SSL version of this
page.</A></STRONG>
<!--#endif -->

<!--fixed
<P><STRONG>WARNING:</STRONG> At the present time, the password changer does
not handle punctuation correctly, so passwords containing punctuation may
become garbled.  If you want to put punctuation in your password (a good
idea) login through the <A href="/webvc/ssh/">SSH applet</A> instead and use
the <TT>yppasswd</TT> command.
-->

<HR>

<FORM action="pwchange.cgi" method="post" name="pwchange">
<P>Username: <INPUT type="text" name="username">
<P>Old password: <INPUT type="password" name="oldpass">
<P>New password: <INPUT type="password" name="newpass">
<P>Confirm new password: <INPUT type="password" name="confpass">

<P><INPUT type="submit" value="Change your password"> <INPUT type="reset">
</FORM>

<!--#exec cmd="/home/webvc/bin/footer"-->

Follow-Ups:
- Re: [seul-edu] Users Changing their Passwords over web?
  - From: Bill Tihen -- TECHNOLOGY <bill@mail.tasis.ch>

References:
- [seul-edu] Users Changing their Passwords over web?
  - From: Bill Tihen -- TECHNOLOGY <bill@mail.tasis.ch>

Prev by Date: [seul-edu] Results of subscriber survey
Next by Date: Re: [seul-edu] Users Changing their Passwords over web?
Prev by thread: Re: [seul-edu] Users Changing their Passwords over web?
Next by thread: Re: [seul-edu] Users Changing their Passwords over web?
Index(es):
- Date
- Thread