HPTNet Promjena lozinke

#!/usr/bin/perl use DBI; use strict; use CGI; use Fcntl; my $authtype = 0; my $sessionfile = './radsess'; my $cookiedomain = '.telko.ba'; my $cookieexpire = '+3m'; my $sessexpire = 180; my $tmpdir = '/tmp'; my $radhost = 'localhost'; my $radsecret = ''; my $allow_changepass = 1; my $dbhost = 'localhost'; require '/etc/cgi-cfg/rad.cfg'; my $dbusername = $config::dbusername; my $dbpassword = $config::dbpassword; my $body = ""; my ($sth); my $dsn="DBI:mysql:radius"; #;mysql_socket=/var/lib/mysql/mysql.sock"; my $dbh = DBI->connect($dsn, $dbusername, $dbpassword); my $buffer=''; my @pairs; my $pair; my $value=''; my $name=''; my %FORM; # parse the form data. read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $FORM{$name} = $value; } my $username = $FORM{'username'}; my $password = $FORM{'pass'}; my $foradd = $FORM{'foradress'}; my $gumb= $FORM{'mod'}; if (!chk_referer()) { logiraj($username,'nedozvoljen url'); error('url'); } if (!chk_ip()) { logiraj($username,$ENV{'REMOTE_ADDR'}); error('ip'); } error('losuser') if ( (length($username) < 3) || (length($username) > 9) ); error('userznak') if ( (($username =~ tr/%//)+ ($username=~ tr/*//) + ($username=~ tr/?//) + ($username=~ tr/ //)) > 0 ); # error('forward') if ( (($foradd =~ tr/%//)+ ($foradd=~ tr/*//) + ($foradd=~ tr/?//) + ($foradd=~ tr/ //) + ($foradd=~ tr/|/ /)) > 0 ); error('lospass') if ( (length($password) < 5) && (length($password) > 9) ); # error('losnew') if ( (length($foradd) < 5) && (length($foradd) > 9) ); # error('losnew2') if ( $new ne $new2); # error('samenew') if ( $password eq $new); if (!checkuserpass($username, $password)) { logiraj($username,'pogrešni username ili password'); error('kombinacija'); } my $prvoslovo = substr($username,0,1); #my $drugoslovo = substr($username,1,1); my $forfile="/usr/users/" . $prvoslovo . "/" . $username . "/.forward"; #my $forfile="/usr/users/" . $username . "/.forward"; if ($gumb eq '1'){ my $sadrzaj=""; my $rez=""; sysopen(FH, $forfile, O_RDONLY) || noforward(); $sadrzaj=; printheader(); print("

& nbsp; Imate preusmjeravanje na: $sadrzaj

\n"); # print("

$sadrzaj

\n"); logiraj($username,"Uspjesno citanje"); exit; } if ($gumb eq '2'){ error('forward') if ( (($foradd =~ tr/%//)+ ($foradd=~ tr/*//) + ($foradd=~ tr/?//) + ($foradd=~ tr/ //) + ($foradd=~ tr/|//)) > 0 ); sysopen(FH, $forfile, O_WRONLY|O_TRUNC|O_CREAT) || die $!; print FH $foradd . "\n" ; close(FH); printheader(); print("

& nbsp; Uspješno ste zadali preusmjeravanja na: $foradd

\n"); # print("$foradd"); logiraj($username,"OK preusmj: " . $foradd); exit; } if ($gumb eq '3'){ sysopen(FH, $forfile, O_WRONLY) || noforward(); close(FH); sysopen(FH, $forfile, O_WRONLY|O_TRUNC) || die $!; printheader(); print("\n"); logiraj($username,"Uspjesno brisanje"); exit; } # my $kript = crypt($new,".."); # my $passcrypt=crypt($password,".." ); # if(!tacacs($username,$passcrypt,$kript)){ # logiraj($username,'problem s tacacs-om'); # error('kombinacija'); # } # my $sth = $dbh->do("UPDATE radcheck SET Value = \"".$kript."\" WHERE Attribute = \"Password\" and UserName = \"".$username ."\""); # my $sth = $dbh->do("UPDATE popper SET Password = \"".$kript."\" WHERE UserName = \"".$username."\""); # if(!tacacs($username,$kript)){ # my $sth = $dbh->do("UPDATE radcheck SET Value = \"". $passcrypt ."\" WHERE Attribute = \"Password\" and UserN ame = \"".$username."\""); # my $sth = $dbh->do("UPDATE mail SET password = \"". $passcrypt ."\" WHERE user = \"".$username."\""); # logiraj($username,'problem s tacacs-om'); # error('tacacs'); # }; #logiraj($username,'uspješna promjena'); # $sth->execute || print "error was ".$dbh->errstr;; # my $result = $authsth->fetchrow_array; # print "Content-type:text/html\n\n"; # print ""; # print "HPTNet Promjena lozinke$body\n"; # print "

HPTNet Promjena lozinke

\n"; # print "

Uspješno ste promjenili lozinku.

"; # print "Back to Main Page\n"; # print ""; # exit; sub checkuserpass { my $username = shift; my $password = shift; my $passcrypt=crypt($password,".." ); if ($authtype eq 0) { # LOCAL Auth $sth = $dbh->prepare("SELECT id FROM radcheck WHERE UserName = \"$username\" AND Attribute = \"Password\" AND Value = \"$passcrypt\""); $sth->execute; my $authed = $sth->fetchrow_array; return 1 if $authed; } return 0; } sub tacacs { my $kor=shift; my $passcrypt=shift; my $loz=shift; my $kateg=''; my $staraloz=''; my $prvoslovo = substr($kor,0,1); my $intfile = "/usr/users/" . $prvoslovo . "/" . $kor; open(F, "+< $intfile") or return 0; my $polje=; $staraloz=substr($polje,0,13); if ($staraloz ne $passcrypt){ return 0;} substr($polje,0,13)=$loz; seek(F,0,0); print F $polje; truncate(F,tell(F)); close(F); return 1; } sub chk_referer { my $url = $ENV{'HTTP_REFERER'}; #$url=substr($url,0,21); print "$url"; if ($url ne 'http://www.telko.ba'){ return 1; } else { return 1; } } sub chk_ip { my $ip = substr($ENV{'REMOTE_ADDR'},0,10); if (($ip eq '212.39.111')||($ip eq '212.39.154')){ return 1; } else { return 0; } } sub error { my $error = shift; if ($error eq 'userznak'){ printheader(); print "

& nbsp; Uspješno ste obrisali preusmjeravanje!

; Za korisničko ime nisu dozvoljeni znakovi %, *, ? i razmaknica!

\n"; printfoot(); } elsif ($error eq 'kombinacija') { printheader(); print "

; Unijeli ste pogrešnu kombinaciju korisničkog imena i lozinke.

\n"; printfoot(); } elsif ($error eq 'lospass') { printheader(); print "< /tr>

; Greška! Lozinka mora biti dugačka između 6 i 8 znakova.

\n"; printfoot(); } elsif ($error eq 'losuser') { printheader(); print "

; Greška! Korisnićko ime mora biti dugačka između 3 i 8 znakova.

\n"; printfoot(); } elsif ($error eq 'ip') { printheader(); print "

; Greška! Nedozvoljena ip adresa.

\n"; } elsif ($error eq 'url') { printheader(); print "

; Greška! Morate pozivati skriptu preko http://www.tel.net.ba stranice

\n"; my $url= $ENV{'HTTP_REFERER'}; print "$url\n"; } elsif ($error eq 'forward') { printheader(); print "

; Adresa preusmjeravanja nije dobra!

\n "; printfoot(); } elsif ($error eq 'losnew2') { printheader(); print "\n"; printfoot(); } elsif ($error eq 'samenew') { printheader(); print "Greška! Nova i stara lozinka su iste!\n"; printfoot(); } elsif ($error eq 'tacacs') { printheader(); print "

; Greška! Move lozinke moraju biti iste.

; Nastala je sistemska greška. Obratite se helpdesku.

\n"; } exit; } sub logiraj { my $user=shift; my $opis=shift; my $ipadr=$ENV{'REMOTE_ADDR'}; my $logfile='/var/log/forward.log'; my $minuta=(localtime)[1] .':'. (localtime)[0]; my $sat=(localtime)[2] . ':' . $minuta; my $dan=(localtime)[3]; my $mjesec=(localtime)[4]+1; my $godina=(localtime)[5]+1900; my $logzapis=$dan . '.' . $mjesec .'.' . $godina . ' ' . $sat .' '. $ipadr .' '. $user . ' ' . $opis . " \n"; open(FL, ">> $logfile") or die error("tacacs"); print FL $logzapis; close(FL); } sub printheader { # print "Content-Type: text/html\n\n"; # if $printheader; # print ""; # print ""; # print "HPTNet Promjena lozinke$body\n"; print "Content-type:text/html\n\n"; print ""; print "HTnet promjena lozinke\n"; print "\n"; print "\n"; print "\n"; print ""; print ""; print "

Preusmjeravanje pošte< /font>

\n"; } sub printfoot { # print "Content-Type: text/html\n\n"; # if $printheader; # print ""; # print ""; # print "HPTNet Promjena lozinke$body\n"; # print "
"; # print "Pokušajte ponovo."; } sub noforward { printheader(); print("

& nbsp; Nemate preusmjeravanja!

\n"); logiraj($username,"no forward"); exit; }