1 |
diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword |
2 |
--- e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword 1970-01-01 04:00:00.000000000 +0400 |
3 |
+++ e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/userpassword 2008-08-21 01:17:24.000000000 +0400 |
4 |
@@ -0,0 +1,19 @@ |
5 |
+<lexicon lang="en-us"> |
6 |
+ |
7 |
+ <entry> |
8 |
+ <base>DESCRIPTION</base> |
9 |
+ <trans> |
10 |
+ <![CDATA[ |
11 |
+ <P>To change your account password, please fill out the following |
12 |
+ form. You will need to provide the name of your account, your |
13 |
+ old password, and your desired new password. (You must type the new |
14 |
+ password twice.)</P> |
15 |
+ |
16 |
+ <P>If you cannot change your password because you have forgotten the |
17 |
+ old one, your local system administrator can reset your password using |
18 |
+ the <EM>server manager</EM>.</P> |
19 |
+ ]]> |
20 |
+ </trans> |
21 |
+ </entry> |
22 |
+ |
23 |
+</lexicon> |
24 |
diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword |
25 |
--- e-smith-base-5.8.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword 2008-08-21 01:17:24.000000000 +0400 |
26 |
+++ e-smith-base-5.8.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/panels/password/cgi-bin/userpassword 1970-01-01 04:00:00.000000000 +0400 |
27 |
@@ -1,19 +0,0 @@ |
28 |
-<lexicon lang="en-us"> |
29 |
- |
30 |
- <entry> |
31 |
- <base>DESCRIPTION</base> |
32 |
- <trans> |
33 |
- <![CDATA[ |
34 |
- <P>To change your account password, please fill out the following |
35 |
- form. You will need to provide the name of your account, your |
36 |
- old password, and your desired new password. (You must type the new |
37 |
- password twice.)</P> |
38 |
- |
39 |
- <P>If you cannot change your password because you have forgotten the |
40 |
- old one, your local system administrator can reset your password using |
41 |
- the <EM>server manager</EM>.</P> |
42 |
- ]]> |
43 |
- </trans> |
44 |
- </entry> |
45 |
- |
46 |
-</lexicon> |
47 |
diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/web/functions/userpassword e-smith-base-5.8.0/root/etc/e-smith/web/functions/userpassword |
48 |
--- e-smith-base-5.8.0.old/root/etc/e-smith/web/functions/userpassword 1970-01-01 04:00:00.000000000 +0400 |
49 |
+++ e-smith-base-5.8.0/root/etc/e-smith/web/functions/userpassword 2008-08-21 01:17:24.000000000 +0400 |
50 |
@@ -0,0 +1,151 @@ |
51 |
+#!/usr/bin/perl -wT |
52 |
+ |
53 |
+#---------------------------------------------------------------------- |
54 |
+# e-smith manager functions: userpassword |
55 |
+# copyright (C) 1999, 2000, 2001 e-smith, inc. |
56 |
+# |
57 |
+# This program is free software; you can redistribute it and/or modify |
58 |
+# it under the terms of the GNU General Public License as published by |
59 |
+# the Free Software Foundation; either version 2 of the License, or |
60 |
+# (at your option) any later version. |
61 |
+# |
62 |
+# This program is distributed in the hope that it will be useful, |
63 |
+# but WITHOUT ANY WARRANTY; without even the implied warranty of |
64 |
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
65 |
+# GNU General Public License for more details. |
66 |
+# |
67 |
+# You should have received a copy of the GNU General Public License |
68 |
+# along with this program; if not, write to the Free Software |
69 |
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
70 |
+# |
71 |
+# Technical support for this program is available from e-smith, inc. |
72 |
+# Please visit our web site www.e-smith.com for details. |
73 |
+#---------------------------------------------------------------------- |
74 |
+ |
75 |
+use strict; |
76 |
+use esmith::FormMagick; |
77 |
+use esmith::util; |
78 |
+use esmith::ConfigDB; |
79 |
+ |
80 |
+our $configdb = esmith::ConfigDB->open(); |
81 |
+my $fm = new esmith::FormMagick; |
82 |
+$fm->display(); |
83 |
+ |
84 |
+sub change_password { |
85 |
+ my ($fm) = @_; |
86 |
+ |
87 |
+ my $q = $fm->{cgi}; |
88 |
+ |
89 |
+ $q->param( -name => 'wherenext', -value => 'Done' ); |
90 |
+ |
91 |
+ my $oldPass = $q->param('oldPass'); |
92 |
+ my $pass = $q->param('pass'); |
93 |
+ my $acctName = $q->param('account'); |
94 |
+ |
95 |
+ unless (($oldPass) = ($oldPass =~ /^(\S+)$/ )) |
96 |
+ { |
97 |
+ $q->param(-name => 'status_message', -value => 'TAINTED_OLDPASS'); |
98 |
+ return; |
99 |
+ } |
100 |
+ |
101 |
+ unless (($pass) = ($pass =~ /^([ -~]+)$/ )) |
102 |
+ { |
103 |
+ $q->param(-name => 'status_message', -value => 'TAINTED_PASS'); |
104 |
+ return; |
105 |
+ } |
106 |
+ |
107 |
+ unless (($acctName) = ($acctName =~ /^([a-z][\-\_\.a-z0-9]*)$/ )) |
108 |
+ { |
109 |
+ $q->param(-name => 'status_message', -value => 'TAINTED_ACCOUNT'); |
110 |
+ return; |
111 |
+ } |
112 |
+ |
113 |
+ use esmith::AccountsDB; |
114 |
+ my $accountdb = esmith::AccountsDB->open(); |
115 |
+ |
116 |
+ my $acct; |
117 |
+ unless ($acct = $accountdb->get($acctName)) |
118 |
+ { |
119 |
+ $q->param(-name => 'status_message', -value => 'YOUR_ACCOUNT_INVALID'); |
120 |
+ return; |
121 |
+ } |
122 |
+ |
123 |
+ unless ($acct->prop('type') eq 'user') |
124 |
+ { |
125 |
+ $q->param(-name=>'status_message', -value=>"YOUR_ACCOUNT_INVALID"); |
126 |
+ return; |
127 |
+ } |
128 |
+ |
129 |
+ unless (esmith::util::setUserPasswordRequirePrevious( |
130 |
+ $acctName, |
131 |
+ $oldPass, |
132 |
+ $pass)) |
133 |
+ { |
134 |
+ $q->param(-name => 'status_message', |
135 |
+ -value => 'ERROR_PASSWORD_CHANGE'); |
136 |
+ return; |
137 |
+ } |
138 |
+ $acct->set_prop("PasswordSet", "yes"); |
139 |
+ undef $accountdb; |
140 |
+ |
141 |
+ system("/sbin/e-smith/signal-event", "password-modify", $acctName) == 0 |
142 |
+ or die ("Error occurred while modifying password for $acctName.\n"); |
143 |
+ $accountdb = esmith::AccountsDB->open(); |
144 |
+ |
145 |
+ $q->param(-name => 'status_message', -value => 'PASSWORD_CHANGE_SUCCESS'); |
146 |
+ return; |
147 |
+} |
148 |
+ |
149 |
+sub password_compare { |
150 |
+ my $fm = shift; |
151 |
+ my $pass2 = shift; |
152 |
+ |
153 |
+ my $pass1 = $fm->{cgi}->param('pass'); |
154 |
+ unless ($pass1 eq $pass2) { |
155 |
+ $fm->{cgi}->param( -name => 'wherenext', -value => 'Password' ); |
156 |
+ return "PASSWORD_VERIFY_ERROR"; |
157 |
+ } |
158 |
+ return "OK"; |
159 |
+} |
160 |
+ |
161 |
+=pod |
162 |
+ |
163 |
+=head2 check_password |
164 |
+ |
165 |
+Validates the password using the desired strength |
166 |
+ |
167 |
+=cut |
168 |
+ |
169 |
+sub check_password { |
170 |
+ my $fm = shift; |
171 |
+ my $pass1 = shift; |
172 |
+ |
173 |
+ my $check_type; |
174 |
+ my $rec = $configdb->get('passwordstrength'); |
175 |
+ $check_type = ($rec ? ($rec->prop('Users') || 'none') : 'none'); |
176 |
+ |
177 |
+ return $fm->validate_password($check_type,$pass1); |
178 |
+} |
179 |
+ |
180 |
+__DATA__ |
181 |
+<form title="ACCOUNT_PASSWORD_CHANGE" header="/etc/e-smith/web/common/userpassword_head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl"> |
182 |
+ <page name="Password" post-event="change_password" pre-event="turn_off_buttons()" header="/etc/e-smith/web/common/head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl"> |
183 |
+ <description>DESCRIPTION</description> |
184 |
+ |
185 |
+ <field type="text" id="account" validation="nonblank" value=""> |
186 |
+ <label>YOUR_ACCOUNT</label> |
187 |
+ </field> |
188 |
+ <field type="password" id="oldPass" validation="nonblank" value=""> |
189 |
+ <label>PASSWORD_OLD</label> |
190 |
+ </field> |
191 |
+ <field type="password" id="pass" validation="nonblank, check_password" value=""> |
192 |
+ <label>PASSWORD_NEW</label> |
193 |
+ </field> |
194 |
+ <field type="password" id="passVerify" validation="password_compare" value=""> |
195 |
+ <label>PASSWORD_VERIFY_NEW</label> |
196 |
+ </field> |
197 |
+ <subroutine src="print_button('PASSWORD_CHANGE')" /> |
198 |
+ </page> |
199 |
+ <page name="Done" pre-event="print_status_message()"> |
200 |
+ </page> |
201 |
+</form> |
202 |
diff -urN e-smith-base-5.8.0.old/root/etc/e-smith/web/panels/password/cgi-bin/userpassword e-smith-base-5.8.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword |
203 |
--- e-smith-base-5.8.0.old/root/etc/e-smith/web/panels/password/cgi-bin/userpassword 2008-08-21 01:17:24.000000000 +0400 |
204 |
+++ e-smith-base-5.8.0/root/etc/e-smith/web/panels/password/cgi-bin/userpassword 1970-01-01 04:00:00.000000000 +0400 |
205 |
@@ -1,151 +0,0 @@ |
206 |
-#!/usr/bin/perl -wT |
207 |
- |
208 |
-#---------------------------------------------------------------------- |
209 |
-# e-smith manager functions: userpassword |
210 |
-# copyright (C) 1999, 2000, 2001 e-smith, inc. |
211 |
-# |
212 |
-# This program is free software; you can redistribute it and/or modify |
213 |
-# it under the terms of the GNU General Public License as published by |
214 |
-# the Free Software Foundation; either version 2 of the License, or |
215 |
-# (at your option) any later version. |
216 |
-# |
217 |
-# This program is distributed in the hope that it will be useful, |
218 |
-# but WITHOUT ANY WARRANTY; without even the implied warranty of |
219 |
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
220 |
-# GNU General Public License for more details. |
221 |
-# |
222 |
-# You should have received a copy of the GNU General Public License |
223 |
-# along with this program; if not, write to the Free Software |
224 |
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
225 |
-# |
226 |
-# Technical support for this program is available from e-smith, inc. |
227 |
-# Please visit our web site www.e-smith.com for details. |
228 |
-#---------------------------------------------------------------------- |
229 |
- |
230 |
-use strict; |
231 |
-use esmith::FormMagick; |
232 |
-use esmith::util; |
233 |
-use esmith::ConfigDB; |
234 |
- |
235 |
-our $configdb = esmith::ConfigDB->open(); |
236 |
-my $fm = new esmith::FormMagick; |
237 |
-$fm->display(); |
238 |
- |
239 |
-sub change_password { |
240 |
- my ($fm) = @_; |
241 |
- |
242 |
- my $q = $fm->{cgi}; |
243 |
- |
244 |
- $q->param( -name => 'wherenext', -value => 'Done' ); |
245 |
- |
246 |
- my $oldPass = $q->param('oldPass'); |
247 |
- my $pass = $q->param('pass'); |
248 |
- my $acctName = $q->param('account'); |
249 |
- |
250 |
- unless (($oldPass) = ($oldPass =~ /^(\S+)$/ )) |
251 |
- { |
252 |
- $q->param(-name => 'status_message', -value => 'TAINTED_OLDPASS'); |
253 |
- return; |
254 |
- } |
255 |
- |
256 |
- unless (($pass) = ($pass =~ /^([ -~]+)$/ )) |
257 |
- { |
258 |
- $q->param(-name => 'status_message', -value => 'TAINTED_PASS'); |
259 |
- return; |
260 |
- } |
261 |
- |
262 |
- unless (($acctName) = ($acctName =~ /^([a-z][\-\_\.a-z0-9]*)$/ )) |
263 |
- { |
264 |
- $q->param(-name => 'status_message', -value => 'TAINTED_ACCOUNT'); |
265 |
- return; |
266 |
- } |
267 |
- |
268 |
- use esmith::AccountsDB; |
269 |
- my $accountdb = esmith::AccountsDB->open(); |
270 |
- |
271 |
- my $acct; |
272 |
- unless ($acct = $accountdb->get($acctName)) |
273 |
- { |
274 |
- $q->param(-name => 'status_message', -value => 'YOUR_ACCOUNT_INVALID'); |
275 |
- return; |
276 |
- } |
277 |
- |
278 |
- unless ($acct->prop('type') eq 'user') |
279 |
- { |
280 |
- $q->param(-name=>'status_message', -value=>"YOUR_ACCOUNT_INVALID"); |
281 |
- return; |
282 |
- } |
283 |
- |
284 |
- unless (esmith::util::setUserPasswordRequirePrevious( |
285 |
- $acctName, |
286 |
- $oldPass, |
287 |
- $pass)) |
288 |
- { |
289 |
- $q->param(-name => 'status_message', |
290 |
- -value => 'ERROR_PASSWORD_CHANGE'); |
291 |
- return; |
292 |
- } |
293 |
- $acct->set_prop("PasswordSet", "yes"); |
294 |
- undef $accountdb; |
295 |
- |
296 |
- system("/sbin/e-smith/signal-event", "password-modify", $acctName) == 0 |
297 |
- or die ("Error occurred while modifying password for $acctName.\n"); |
298 |
- $accountdb = esmith::AccountsDB->open(); |
299 |
- |
300 |
- $q->param(-name => 'status_message', -value => 'PASSWORD_CHANGE_SUCCESS'); |
301 |
- return; |
302 |
-} |
303 |
- |
304 |
-sub password_compare { |
305 |
- my $fm = shift; |
306 |
- my $pass2 = shift; |
307 |
- |
308 |
- my $pass1 = $fm->{cgi}->param('pass'); |
309 |
- unless ($pass1 eq $pass2) { |
310 |
- $fm->{cgi}->param( -name => 'wherenext', -value => 'Password' ); |
311 |
- return "PASSWORD_VERIFY_ERROR"; |
312 |
- } |
313 |
- return "OK"; |
314 |
-} |
315 |
- |
316 |
-=pod |
317 |
- |
318 |
-=head2 check_password |
319 |
- |
320 |
-Validates the password using the desired strength |
321 |
- |
322 |
-=cut |
323 |
- |
324 |
-sub check_password { |
325 |
- my $fm = shift; |
326 |
- my $pass1 = shift; |
327 |
- |
328 |
- my $check_type; |
329 |
- my $rec = $configdb->get('passwordstrength'); |
330 |
- $check_type = ($rec ? ($rec->prop('Users') || 'none') : 'none'); |
331 |
- |
332 |
- return $fm->validate_password($check_type,$pass1); |
333 |
-} |
334 |
- |
335 |
-__DATA__ |
336 |
-<form title="ACCOUNT_PASSWORD_CHANGE" header="/etc/e-smith/web/common/userpassword_head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl"> |
337 |
- <page name="Password" post-event="change_password" pre-event="turn_off_buttons()" header="/etc/e-smith/web/common/head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl"> |
338 |
- <description>DESCRIPTION</description> |
339 |
- |
340 |
- <field type="text" id="account" validation="nonblank" value=""> |
341 |
- <label>YOUR_ACCOUNT</label> |
342 |
- </field> |
343 |
- <field type="password" id="oldPass" validation="nonblank" value=""> |
344 |
- <label>PASSWORD_OLD</label> |
345 |
- </field> |
346 |
- <field type="password" id="pass" validation="nonblank, check_password" value=""> |
347 |
- <label>PASSWORD_NEW</label> |
348 |
- </field> |
349 |
- <field type="password" id="passVerify" validation="password_compare" value=""> |
350 |
- <label>PASSWORD_VERIFY_NEW</label> |
351 |
- </field> |
352 |
- <subroutine src="print_button('PASSWORD_CHANGE')" /> |
353 |
- </page> |
354 |
- <page name="Done" pre-event="print_status_message()"> |
355 |
- </page> |
356 |
-</form> |