/*************************************************************************** * change-p.c sample script to change password * * original: Rob McCool, NCSA HTTPD V. 1.3 * OS/2 port: Frankie Fan 7/11/94 * * $Header$ * * $Log$ **************************************************************************/ #include #include #include #include #include #include #include "util.h" #define USER_FILE "/os2httpd/conf/htpasswd" #define WIZARD "wizpas" char *makeword(char *line, char stop); char *fmakeword(FILE * f, char stop, int *len); char x2c(char *what); void unescape_url(char *url); void plustospace(char *str); #if !defined(__OS2__) char *crypt(char *pw, char *salt); /* why aren't these prototyped in include */ #else /* OS2 */ #define crypt(a,b) (a) #endif /* OS2 */ char *tn; /* From local_passwd.c (C) Regents of Univ. of California blah blah */ static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; void to64(char *s, long v, int n) { while (--n >= 0) { *s++ = itoa64[v & 0x3f]; v >>= 6; } } void change_password(char *user, char *pw, FILE * f) { char *cpw, salt[3]; (void) srand((int) time((time_t *) NULL)); to64(&salt[0], rand(), 2); cpw = crypt(pw, salt); free(pw); fprintf(f, "%s:%s\n", user, cpw); } void putline(FILE * f, char *l) { int x; for (x = 0; l[x]; x++) fputc(l[x], f); fputc('\n', f); } void main(void) { register int x; int cl, found, create; char *u, *t1, *t2, *p1, *p2, *user, command[256], line[256], l[256], w[256]; FILE *tfp, *f; tn = NULL; printf("Content-type: text/html%c%c", 10, 10); if (strcmp(getenv("REQUEST_METHOD"), "POST")) { printf("This script should be referenced with a METHOD of POST.\n"); printf("If you don't understand this, see this "); printf("forms overview.%c", 10); exit(1); } if (strcmp(getenv("CONTENT_TYPE"), "application/x-www-form-urlencoded")) { printf("This script can only be used to decode form results. \n"); exit(1); } cl = atoi(getenv("CONTENT_LENGTH")); user = NULL; p1 = NULL; p2 = NULL; create = 0; for (x = 0; cl && (!feof(stdin)); x++) { t1 = fmakeword(stdin, '&', &cl); t2 = makeword(t1, '='); unescape_url(t1); unescape_url(t2); if (!strcmp(t2, "user")) { if (!user) user = t1; else { printf("This script was accessed from the wrong form.\n"); exit(1); } } else if (!strcmp(t2, "newpasswd1")) { if (!p1) p1 = t1; else { printf("This script was accessed from the wrong form.\n"); exit(1); } } else if (!strcmp(t2, "newpasswd2")) { if (!p2) p2 = t1; else { printf("This script was accessed from the wrong form.\n"); exit(1); } } else { printf("This script was accessed from the wrong form.\n"); printf("Unrecognized directive %s.\n", t2); exit(1); } free(t2); } u = getenv("REMOTE_USER"); if ((strcmp(u, WIZARD)) && (strcmp(user, u))) { printf("User Mismatch"); printf("

User Mismatch

"); printf("The username you gave does not correspond with the "); printf("user you authenticated as.\n"); exit(1); } if (strcmp(p1, p2)) { printf("Password Mismatch"); printf("

Password Mismatch

"); printf("The two copies of your the password do not match. Please"); printf(" try again."); exit(1); } tn = tmpnam(NULL); tfp = fopen(tn, "w"); if (!tfp) { fprintf(stderr, "Could not open temp file.\n"); exit(1); } f = fopen(USER_FILE, "r"); if (!f) { fprintf(stderr, "Could not open passwd file for reading.\n", USER_FILE); exit(1); } found = 0; while (!(getline(line, 256, f))) { if (found || (line[0] == '#') || (!line[0])) { putline(tfp, line); continue; } strcpy(l, line); getword(w, l, ':'); if (strcmp(user, w)) { putline(tfp, line); continue; } else { change_password(user, p1, tfp); found = 1; } } if ((!found) && (create)) change_password(user, p1, tfp); fclose(f); fclose(tfp); sprintf(command, "cp %s %s", tn, USER_FILE); system(command); unlink(tn); printf("Successful Change"); printf("

Successful Change

"); printf("Your password has been successfully changed.

"); exit(0); }