#!/usr/bin/perl -w # # @(#) WebPass.cgi 1.02 (beta) 99/12/15 # (Modified from WebPass.cgi 1.01 (beta) 97/10/2...) # # @(#) WebPass.cgi 1.01 (beta) 97/10/2 # (Modified from HrMaintenance.cgi 3.0 (alpha) 97/07/22...) # # Copyright (C) 1997 William C. Jones, FCCJ Webmaster; All Rights Reserved... # # The information in this file is provided for the exclusive use of the # I/S Staff of Florida Community College at Jacksonville. Such users have # the right to use, modify, and incorporate this code into other products # for purposes authorized by the license agreement provided they include this # notice and the associated copyright notice with any such product. The # information in this file is provided "AS IS" without warranty. # Public Domain Notice - # Copyright Addendum: This code is not in the Public Domain. You are # granted a free license to use, modify, and/or incorporate this software # into your own projects, provided that the above copyright remains # intact and is included in any further software distributions. # If you redistribute this software - please send an e-mail to # webmaster@fccj.cc.fl.us outlining who you are, what version you # have, where you obtained your version, and where/how you are # distributing this version. Also, if you have modified the version # you plan on redistributing, include the changes as well... # Thx, # Bill :) # Purpose: Allow account holders to modify their own password... # # Provides an easy to use interface so that Students, Faculty, & # Staff would not be required to learn how to Telnet, etc... # # Usage: Executed whenever a User wishes to change their E-Mail 'passwd'. # # Input: UserID, Current Password, New Password... # # Calls: WebPass.expect (included) with validated data, as obtained above... # # Output: Processed HTML/JavaScript (Netscape ready; would need IE 3.02a or # better to utilize correctly; runs OK under Lynx or PROFS 'Charlotte.') # The output reports whether it was successful, or what type of error # was detected (Bad Password, Wrong Acct, etc...) # #============================================================================= # (Unless otherwise noted, all code changes made by WCJ, FCCJ Webmaster...) # Project started Oct 1997 using Modified HrMaintenance.cgi... # Note: Perl was created by Larry Wall. Larry will not provide support # for this software... Perl, however, can be obtained at your Local CPAN, or # on the Solaris Platform - at sunsite.unc.edu via http or ftp... # # This package (WebPass.cgi, WebPass.expect, et al.) was designed, developed, # written, tested, and used every day on a Solaris 2.5.x Ultra 1 Server and a # SUN Enterprise 3000 UltraSparc Server... # #============================================================================= use CGI qw(:all); # CGI.pm (written by Lincoln Stein.) use strict; # In conjunction with the -w option, make sure there no errors! my $usrID = param('usrID'); my $passwd = param('passwd'); my $passNew = param('passNew'); my $passAgain = param('passAgain'); my $acct = ''; # This area holds account info... my $pswd = ''; my $uid = ''; # There are several reasons why this area is blank. my $gid = ''; # A primary one is future expandibility. The variables my $quota = ''; # outlined here cover what is called the GECOS in the my $cmt = ''; # Unix OpSys. They represent about all relevant User & my $gcos = ''; # Group data available in most Unix systems... my $home = ''; my $shell = ''; # Most are not used here... # my $root = 'root'; my $prog ='/cgi-bin/WebPass.perl'; my $command ='/httpd/cgi-bin/WebPass.expect'; my $host = 'http://www.adi.net.tw'; my $company = '誠安電腦'; my $company_e = 'ADI Corp'; # Prepare to check security issues... Setup Globally Required variables... my($ercType) = ''; # The Error Type which occurred... my($ercCode) = ''; # The Error Code which occurred... my($buffer) = ''; # General buffer used to hold things... my $erc = ''; # My general flags, etc... my $z = ''; my $flag = 0; #............................................................................ sub errorReturned { # Was there an error? &fccjHeader(); print <<_erc_EOF_;


$ercType
$buffer

$ercCode

_erc_EOF_ exit(); # We're outta here! } if (param('usrID') || param('passwd') || param('passNew') || param('passAgain')) { # Check to make sure we have all parameters... $buffer = ''; if (param('usrID') && length($usrID) < 3) { $buffer = $buffer."帳號太短了
";} # if (param('passwd') && length($passwd) < 3) { $buffer = $buffer."目前的密碼太短了
";} if (param('passNew') && length($passNew) < 3) { $buffer = $buffer."密碼太短了
";} if (param('passAgain') && length($passAgain) < 3) { $buffer = $buffer."密碼太短了
";} if (!param('usrID')) { $buffer = $buffer."忘了輸入帳號?!
";} if (!param('passwd')) { $buffer = $buffer."沒有輸入目前的密碼!
";} if (!param('passNew')) { $buffer = $buffer."沒有輸入新密碼!
";} if (!param('passAgain')) { $buffer = $buffer."沒有輸入確認密碼!
";} if ($passAgain ne $passNew) { $buffer = $buffer."輸入的新密碼和確認密碼不符合
";} if (param('usrID') eq $root) { $buffer = $buffer."不可以修改主控員帳號
";} $z = $usrID . $passwd . $passNew . $passAgain; # Check for Invalid Data Stream... $buffer = $buffer."不可以有特殊字元
" unless $z=~/^-?[a-zA-Z0-9]+$/; # The valid characters I allow in the either the UserID and/or Password are # Upper/Lowercase Alpha (A-Z) or Numeric (0-9) Only... So, I can concatenate # the input stream and check all of it at one time, as shown above... if ($buffer) { $ercType = "輸入資料有誤:
"; $ercCode = "

請重新輸入帳號資料"; &errorReturned($ercType, $buffer, $ercCode); } # Get the Unix GECOS Info about the requesting UserID... while (($acct, $pswd, $uid, $gid, $quota, $cmt, $gcos, $home, $shell) = getpwent()) { next if $acct ne $usrID; # Keep looking if not found... $flag = 1; print "

輸入帳號符合! "; print "

正在修改帳號 $usrID 的密碼中,請稍候....."; # Prepare for a system call... $z = "$command $usrID $passwd $passNew $passAgain"; $erc = system($z) / 256; if ($erc) { print "

發生錯誤! 系統無法執行修改密碼動作! 錯誤訊息: $erc! "; print ""; # WARNING: The above line of code is provided at an example. Replace the address with your own... # Please remember to change all e-mail address references to your own... # No, I will not answer your end-user's questions... # If they bug me a lot, I will not answer yours anymore, either :-) exit $erc; } else { print "

- 密碼修改完成 -
"; print ""; } } if ($flag) { # If the 'flag' is set, then we are done... print ""; } else { # Otherwise we did not find the requesting UserID... $buffer = $buffer." 使用者帳號不存在
"; if ($buffer) { $ercType = "

輸入資料有誤:
"; $ercCode = "

請重新輸入帳號資料"; &errorReturned($ercType, $buffer, $ercCode); } } exit; # We're Outta Here... } # Subroutines follow... #............................................................................ sub fccjHeader { # FCCJ Header/Title Routine... print <<_erc_header_; Content-type: text/html $company_e _erc_header_ } #............................................................................ #............................................................................ sub fccjUserLogon { print <<_erc_LOGON_; Content-type: text/html $company_e

$company 線上密碼修改

= 需要 SSL 連線 =


帳號名稱: 
目前的密碼: 
輸入新密碼: 
確認新密碼: 


_erc_LOGON_ exit(); # We're outta here! } &fccjUserLogon();