Ok, i need help with this one... I got it to the point were i could change a password for a user when they logged in...

I did this the simple way... since dbman has a change password feature BUT its only for admin... I just made a new

method or whatever you want to call it... in db.cgi

BUT my problem is I dont know how to read a users permissions, and then make sure they are placed back after the password change.

this is the code i added to db.cgi I know i need some code for permissions but I dont want it to be selected like the admin_display has it... I just want to read in hte permissions and then place the same ones back... WITHOUT the user seeing them NOR selecting there own



sub change_password {

my ($message, @lines, $line);

CASE: {
# we are updating a user.
($in{'username'} && $in{'password'}) and do {
open (PASS, "<$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1); }
@lines = <PASS>;
close PASS;

open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my $found = 0;
foreach $line (@lines) {
if ($line =~ /^$in{'username'}:/) {
my $password = (split (/:/, $line))[1];
unless ($password eq $in{'password'}) {
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
$password = crypt($in{'password'}, $salt);
}
print PASS "$in{'username'}:$password:$in{'per_view'}:$in{'per_add'}:$in{'per_del'}:$in{'per_mod'}:$in{'per_admin'}\n";
$found = 1;
}
else {
print PASS $line;
}
}
$in{'inquire'} = $in{'username'};
$found ?
($message = "User: $in{'username'} updated."):
($message = "Unable to find user: '$in{'username'}' in the password file.");
last CASE;

};
};


&html_change_password ($message, $username, $password);
}



I dont know what to do with the inquire code really or how to change it so that it reads the current users permissions and write them back... I think it might have to be done before the blue part?

i now that this is the code that writes to the normal admin_display... but it uses checkboxs and stuff.. I would like it to be hmm not viewed by the user...

its either this code...

# Build the permissions list if we haven't inquired in someone.
if (!$perm) {
$perm = qq|
View <input type=checkbox name="per_view" value="1" |; ($auth_default_perm[0] and $perm .= "CHECKED"); $perm .= qq|>
Add <input type=checkbox name="per_add" value="1" |; ($auth_default_perm[1] and $perm .= "CHECKED"); $perm .= qq|>
Delete <input type=checkbox name="per_del" value="1" |; ($auth_default_perm[2] and $perm .= "CHECKED"); $perm .= qq|>
Modify <input type=checkbox name="per_mod" value="1" |; ($auth_default_perm[3] and $perm .= "CHECKED"); $perm .= qq|>
Admin <input type=checkbox name="per_admin" value="1" |; ($auth_default_perm[4] and $perm .= "CHECKED"); $perm .= qq|>|;
}



OR maybe some of this? im not totally sure...

# If we are inquiring, let's look for the specified user.
my (@data, $user_list, $perm, $password);

$user_list = qq~<select name="username"><option> </option>~;
LINE: foreach $line (@lines) {
$line =~ /^#/ and next LINE;
$line =~ /^\s*$/ and next LINE;
chomp $line;
@data = split (/:/, $line);

if ($in{'inquire'} and ($in{'username'} eq $data[0])) {
$user_list .= qq~<option value="$data[0]" SELECTED>$data[0]</option>\n~;
$perm = qq|
View <input type=checkbox name="per_view" value="1" |; ($data[2] and $perm .= "CHECKED"); $perm .= qq|>
Add <input type=checkbox name="per_add" value="1" |; ($data[3] and $perm .= "CHECKED"); $perm .= qq|>
Delete <input type=checkbox name="per_del" value="1" |; ($data[4] and $perm .= "CHECKED"); $perm .= qq|>
Modify <input type=checkbox name="per_mod" value="1" |; ($data[5] and $perm .= "CHECKED"); $perm .= qq|>
Admin <input type=checkbox name="per_admin" value="1" |; ($data[6] and $perm .= "CHECKED"); $perm .= qq|>|;
$password = $data[1];
}
else {
$user_list .= qq~<option value="$data[0]">$data[0]</option>\n~;
}
}
$user_list .= "</select>";



someone help me out here

im sure this would be an easy mod... for people who would like to give there users the chance to change to a new password without the more complex code... and without any email checking and such.

can someone help?

well... I got the code to some what work... it does work... but I had lots of problems before... like when trying to user a unless inside were after opend the pass, and then calling a message and a last class... after this code:

if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}


I wanted to have the user even enter the old pass but i guess if your logged in then you should already know it? right? Insead at the end i have the password show at the top when you changed it...

this is added in the db.cgi

at the top there is something like this...
....
elsif ($in{'modify_form_record'}) { if ($per_mod) { &html_modify_form_record; } else { &html_unauth; } }
elsif ($in{'modify_record'}) { if ($per_mod) { &modify_record; } else { &html_unauth; } }
...

add this some place inside:

elsif ($in{'change_password'}) { if ($db_uid ne "default") {&change_password; } else { &html_unauth; } }

sub change_password {

my (@data, $message, @lines, $line);

CASE: {
# we are updating a users password.
($in{'username'} && $in{'password'}) and do {


unless ((length($in{'password'}) >= 3) and (length($in{'password'}) <= 12)) {
$message = "Invalid password: $in{'password'} . Must be less then 12 and greater then 3 characters.";
last CASE;
}

unless ($in{'password'} eq $in{'password2'}) {
$message = "New passwords don't match. Renter correct passwords.";
last CASE;
}
open (PASS, "<$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) { flock(PASS, 1); }
@lines = <PASS>;
close PASS;

open (PASS, ">$auth_pw_file") or &cgierr ("unable to open: $auth_pw_file.\nReason: $!");
if ($db_use_flock) {
flock(PASS, 2) or &cgierr("unable to get exclusive lock on $auth_pw_file.\nReason: $!");
}
my $found = 0;
foreach $line (@lines) {
if ($line =~ /^$in{'username'}:/) {
my $password = (split (/:/, $line))[1];
@data[0] = (split (/:/, $line))[2];
@data[1] = (split (/:/, $line))[3];
@data[2] = (split (/:/, $line))[4];
@data[3] = (split (/:/, $line))[5];
@data[4] = (split (/:/, $line))[6];
unless ($password eq $in{'password'}) {
my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/');
my $salt = join '', @salt_chars[rand 64, rand 64];
$password = crypt($in{'password'}, $salt);
}

print PASS "$in{'username'}:$password:@data[0]:@data[1]:@data[2]:@data[3]:@data[4]\n";
$found = 1;
}
else {
print PASS $line;

}
}
$found ?
($message = "User: $in{'username'} password changed to: '$in{'password'}' ."):
($message = "Unable to find user: '$in{'username'}' in the password file.");
last CASE;

};
};



&html_change_password ($message, $username, $db_userid, $password);
}


Then you will need in your html.pl file 3 fields.. 1 hidden and that you should this...

<input type="hidden" name="username" value="$userid">

the other are text feilds password and password2

also you will want to have a change password in the sub html_footer.

something like this... you dont want the defualt user to see this... and you dont need it for the users with admin so here it is:

print qq!| <A HREF="$db_script_link_url&change_password=1">Change
Pass</A> ! if(($db_uid ne "default") and !$per_admin);



I am sure someone else can write something much better but for now this works for me and its simple. I like it because i create accounts and give a temp pass.. the user then has to go and change there pass, simple eh?

Have you tried the secure password mod? It has that feature in it. Not only can a user "look up a lost password", but you can also "change your email, as well as "change your password."

http://www.jpdeni.com/...s/secure_lookup.html


Diana Rae

yes i know about it... but it requires the "sendemail" not ever server supports that esp the free hosting doesn't. how do i tell the user the password if it has to be sent by email and if i cant do that then what?

I wish i could use it but i can't.

this is about the only solution then.

Why are you not just letting people choose their own username and password? This makes it much easier and doesn't require the use of sendmail.

Then you could just add the change password mod to allow people to change your predefined password.

Unoffical DBMan FAQ

http://creativecomputingweb.com/dbman/index.shtml/