diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword --- e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword 1970-01-01 04:00:00.000000000 +0400 +++ e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword 2008-08-21 01:17:24.000000000 +0400 @@ -0,0 +1,19 @@ + + + + DESCRIPTION + + To change your account password, please fill out the following + form. You will need to provide the name of your account, your + old password, and your desired new password. (You must type the new + password twice.)

+ +

If you cannot change your password because you have forgotten the + old one, your local system administrator can reset your password using + the server manager.

+ ]]> + + + + diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword --- e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword 2008-08-21 01:17:24.000000000 +0400 +++ e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword 1970-01-01 04:00:00.000000000 +0400 @@ -1,19 +0,0 @@ - - - - DESCRIPTION - - To change your account password, please fill out the following - form. You will need to provide the name of your account, your - old password, and your desired new password. (You must type the new - password twice.)

- -

If you cannot change your password because you have forgotten the - old one, your local system administrator can reset your password using - the server manager.

- ]]> - - - - diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/web/functions/userpassword e-smith-base-5.8.0/root/etc/e-smith/web/functions/userpassword --- e-smith-base-5.8.0.old/root/etc/e-smith/web/functions/userpassword 1970-01-01 04:00:00.000000000 +0400 +++ e-smith-base-5.8.0/root/etc/e-smith/web/functions/userpassword 2008-08-21 01:17:24.000000000 +0400 @@ -0,0 +1,151 @@ +#!/usr/bin/perl -wT + +#---------------------------------------------------------------------- +# e-smith manager functions: userpassword +# copyright (C) 1999, 2000, 2001 e-smith, inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from e-smith, inc. +# Please visit our web site www.e-smith.com for details. +#---------------------------------------------------------------------- + +use strict; +use esmith::FormMagick; +use esmith::util; +use esmith::ConfigDB; + +our $configdb = esmith::ConfigDB->open(); +my $fm = new esmith::FormMagick; +$fm->display(); + +sub change_password { + my ($fm) = @_; + + my $q = $fm->{cgi}; + + $q->param( -name => 'wherenext', -value => 'Done' ); + + my $oldPass = $q->param('oldPass'); + my $pass = $q->param('pass'); + my $acctName = $q->param('account'); + + unless (($oldPass) = ($oldPass =~ /^(\S+)$/ )) + { + $q->param(-name => 'status_message', -value => 'TAINTED_OLDPASS'); + return; + } + + unless (($pass) = ($pass =~ /^([ -~]+)$/ )) + { + $q->param(-name => 'status_message', -value => 'TAINTED_PASS'); + return; + } + + unless (($acctName) = ($acctName =~ /^([a-z][\-\_\.a-z0-9]*)$/ )) + { + $q->param(-name => 'status_message', -value => 'TAINTED_ACCOUNT'); + return; + } + + use esmith::AccountsDB; + my $accountdb = esmith::AccountsDB->open(); + + my $acct; + unless ($acct = $accountdb->get($acctName)) + { + $q->param(-name => 'status_message', -value => 'YOUR_ACCOUNT_INVALID'); + return; + } + + unless ($acct->prop('type') eq 'user') + { + $q->param(-name=>'status_message', -value=>"YOUR_ACCOUNT_INVALID"); + return; + } + + unless (esmith::util::setUserPasswordRequirePrevious( + $acctName, + $oldPass, + $pass)) + { + $q->param(-name => 'status_message', + -value => 'ERROR_PASSWORD_CHANGE'); + return; + } + $acct->set_prop("PasswordSet", "yes"); + undef $accountdb; + + system("/sbin/e-smith/signal-event", "password-modify", $acctName) == 0 + or die ("Error occurred while modifying password for $acctName.\n"); + $accountdb = esmith::AccountsDB->open(); + + $q->param(-name => 'status_message', -value => 'PASSWORD_CHANGE_SUCCESS'); + return; +} + +sub password_compare { + my $fm = shift; + my $pass2 = shift; + + my $pass1 = $fm->{cgi}->param('pass'); + unless ($pass1 eq $pass2) { + $fm->{cgi}->param( -name => 'wherenext', -value => 'Password' ); + return "PASSWORD_VERIFY_ERROR"; + } + return "OK"; +} + +=pod + +=head2 check_password + +Validates the password using the desired strength + +=cut + +sub check_password { + my $fm = shift; + my $pass1 = shift; + + my $check_type; + my $rec = $configdb->get('passwordstrength'); + $check_type = ($rec ? ($rec->prop('Users') || 'none') : 'none'); + + return $fm->validate_password($check_type,$pass1); +} + +__DATA__ +
+ + DESCRIPTION + + + + + + + + + + + + + + + + + +
diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/web/panels/password/cgi-bin/userpassword e-smith-base-5.8.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword --- e-smith-base-5.8.0.old/root/etc/e-smith/web/panels/password/cgi-bin/userpassword 2008-08-21 01:17:24.000000000 +0400 +++ e-smith-base-5.8.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword 1970-01-01 04:00:00.000000000 +0400 @@ -1,151 +0,0 @@ -#!/usr/bin/perl -wT - -#---------------------------------------------------------------------- -# e-smith manager functions: userpassword -# copyright (C) 1999, 2000, 2001 e-smith, inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -# Technical support for this program is available from e-smith, inc. -# Please visit our web site www.e-smith.com for details. -#---------------------------------------------------------------------- - -use strict; -use esmith::FormMagick; -use esmith::util; -use esmith::ConfigDB; - -our $configdb = esmith::ConfigDB->open(); -my $fm = new esmith::FormMagick; -$fm->display(); - -sub change_password { - my ($fm) = @_; - - my $q = $fm->{cgi}; - - $q->param( -name => 'wherenext', -value => 'Done' ); - - my $oldPass = $q->param('oldPass'); - my $pass = $q->param('pass'); - my $acctName = $q->param('account'); - - unless (($oldPass) = ($oldPass =~ /^(\S+)$/ )) - { - $q->param(-name => 'status_message', -value => 'TAINTED_OLDPASS'); - return; - } - - unless (($pass) = ($pass =~ /^([ -~]+)$/ )) - { - $q->param(-name => 'status_message', -value => 'TAINTED_PASS'); - return; - } - - unless (($acctName) = ($acctName =~ /^([a-z][\-\_\.a-z0-9]*)$/ )) - { - $q->param(-name => 'status_message', -value => 'TAINTED_ACCOUNT'); - return; - } - - use esmith::AccountsDB; - my $accountdb = esmith::AccountsDB->open(); - - my $acct; - unless ($acct = $accountdb->get($acctName)) - { - $q->param(-name => 'status_message', -value => 'YOUR_ACCOUNT_INVALID'); - return; - } - - unless ($acct->prop('type') eq 'user') - { - $q->param(-name=>'status_message', -value=>"YOUR_ACCOUNT_INVALID"); - return; - } - - unless (esmith::util::setUserPasswordRequirePrevious( - $acctName, - $oldPass, - $pass)) - { - $q->param(-name => 'status_message', - -value => 'ERROR_PASSWORD_CHANGE'); - return; - } - $acct->set_prop("PasswordSet", "yes"); - undef $accountdb; - - system("/sbin/e-smith/signal-event", "password-modify", $acctName) == 0 - or die ("Error occurred while modifying password for $acctName.\n"); - $accountdb = esmith::AccountsDB->open(); - - $q->param(-name => 'status_message', -value => 'PASSWORD_CHANGE_SUCCESS'); - return; -} - -sub password_compare { - my $fm = shift; - my $pass2 = shift; - - my $pass1 = $fm->{cgi}->param('pass'); - unless ($pass1 eq $pass2) { - $fm->{cgi}->param( -name => 'wherenext', -value => 'Password' ); - return "PASSWORD_VERIFY_ERROR"; - } - return "OK"; -} - -=pod - -=head2 check_password - -Validates the password using the desired strength - -=cut - -sub check_password { - my $fm = shift; - my $pass1 = shift; - - my $check_type; - my $rec = $configdb->get('passwordstrength'); - $check_type = ($rec ? ($rec->prop('Users') || 'none') : 'none'); - - return $fm->validate_password($check_type,$pass1); -} - -__DATA__ -
- - DESCRIPTION - - - - - - - - - - - - - - - - - -