well... I got the code to some what work... it does work... but I had lots of problems before... like when trying to user a unless inside were after opend the pass, and then calling a message and a last class... after this code:
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
I wanted to have the user even enter the old pass but i guess if your logged in then you should already know it? right? Insead at the end i have the password show at the top when you changed it...
this is added in the db.cgi
at the top there is something like this...
....
elsif ($in{'modify_form_record'}) { if ($per_mod) { &html_modify_form_record; } else { &html_unauth; } }
elsif ($in{'modify_record'}) { if ($per_mod) { &modify_record; } else { &html_unauth; } }
...
add this some place inside:
elsif ($in{'change_password'}) { if ($db_uid ne "default") {&change_password; } else { &html_unauth; } }
sub change_password {
my (@data, $message, @lines, $line);
CASE: {
# we are updating a users password.
($in{'username'} && $in{'password'}) and do {
unless ((length($in{'password'}) >= 3) and (length($in{'password'}) <= 12)) {
$message = "Invalid password: $in{'password'} . Must be less then 12 and greater then 3 characters.";
last CASE;
}
unless ($in{'password'} eq $in{'password2'}) {
$message = "New passwords don't match. Renter correct passwords.";
last CASE;
}
open (PASS, "<$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1); }
@lines = <PASS>;
close PASS;
open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my $found = 0;
foreach $line (@lines) {
if ($line =~ /^$in{'username'}:/) {
my $password = (split (/:/, $line))[1];
@data[0] = (split (/:/, $line))[2];
@data[1] = (split (/:/, $line))[3];
@data[2] = (split (/:/, $line))[4];
@data[3] = (split (/:/, $line))[5];
@data[4] = (split (/:/, $line))[6];
unless ($password eq $in{'password'}) {
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
$password = crypt($in{'password'}, $salt);
}
print PASS "$in{'username'}:$password:@data[0]:@data[1]:@data[2]:@data[3]:@data[4]\n";
$found = 1;
}
else {
print PASS $line;
}
}
$found ?
($message = "User: $in{'username'} password changed to: '$in{'password'}' ."):
($message = "Unable to find user: '$in{'username'}' in the password file.");
last CASE;
};
};
&html_change_password ($message, $username, $db_userid, $password);
}
Then you will need in your html.pl file 3 fields.. 1 hidden and that you should this...
<input type="hidden" name="username" value="$userid">
the other are text feilds password and password2
also you will want to have a change password in the sub html_footer.
something like this... you dont want the defualt user to see this... and you dont need it for the users with admin so here it is:
print qq!| <A HREF="$db_script_link_url&change_password=1">Change
Pass</A> ! if(($db_uid ne "default") and !$per_admin);
I am sure someone else can write something much better but for now this works for me and its simple. I like it because i create accounts and give a temp pass.. the user then has to go and change there pass, simple eh?
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
I wanted to have the user even enter the old pass but i guess if your logged in then you should already know it? right? Insead at the end i have the password show at the top when you changed it...
this is added in the db.cgi
at the top there is something like this...
....
elsif ($in{'modify_form_record'}) { if ($per_mod) { &html_modify_form_record; } else { &html_unauth; } }
elsif ($in{'modify_record'}) { if ($per_mod) { &modify_record; } else { &html_unauth; } }
...
add this some place inside:
elsif ($in{'change_password'}) { if ($db_uid ne "default") {&change_password; } else { &html_unauth; } }
sub change_password {
my (@data, $message, @lines, $line);
CASE: {
# we are updating a users password.
($in{'username'} && $in{'password'}) and do {
unless ((length($in{'password'}) >= 3) and (length($in{'password'}) <= 12)) {
$message = "Invalid password: $in{'password'} . Must be less then 12 and greater then 3 characters.";
last CASE;
}
unless ($in{'password'} eq $in{'password2'}) {
$message = "New passwords don't match. Renter correct passwords.";
last CASE;
}
open (PASS, "<$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1); }
@lines = <PASS>;
close PASS;
open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my $found = 0;
foreach $line (@lines) {
if ($line =~ /^$in{'username'}:/) {
my $password = (split (/:/, $line))[1];
@data[0] = (split (/:/, $line))[2];
@data[1] = (split (/:/, $line))[3];
@data[2] = (split (/:/, $line))[4];
@data[3] = (split (/:/, $line))[5];
@data[4] = (split (/:/, $line))[6];
unless ($password eq $in{'password'}) {
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
$password = crypt($in{'password'}, $salt);
}
print PASS "$in{'username'}:$password:@data[0]:@data[1]:@data[2]:@data[3]:@data[4]\n";
$found = 1;
}
else {
print PASS $line;
}
}
$found ?
($message = "User: $in{'username'} password changed to: '$in{'password'}' ."):
($message = "Unable to find user: '$in{'username'}' in the password file.");
last CASE;
};
};
&html_change_password ($message, $username, $db_userid, $password);
}
Then you will need in your html.pl file 3 fields.. 1 hidden and that you should this...
<input type="hidden" name="username" value="$userid">
the other are text feilds password and password2
also you will want to have a change password in the sub html_footer.
something like this... you dont want the defualt user to see this... and you dont need it for the users with admin so here it is:
print qq!| <A HREF="$db_script_link_url&change_password=1">Change
Pass</A> ! if(($db_uid ne "default") and !$per_admin);
I am sure someone else can write something much better but for now this works for me and its simple. I like it because i create accounts and give a temp pass.. the user then has to go and change there pass, simple eh?