#!/usr/bin/perl
use DBI;
use strict;
use CGI;
use Fcntl;
my $authtype = 0;
my $sessionfile = './radsess';
my $cookiedomain = '.telko.ba';
my $cookieexpire = '+3m';
my $sessexpire = 180;
my $tmpdir = '/tmp';
my $radhost = 'localhost';
my $radsecret = '';
my $allow_changepass = 1;
my $dbhost = 'localhost';
require '/etc/cgi-cfg/rad.cfg';
my $dbusername = $config::dbusername;
my $dbpassword = $config::dbpassword;
my $body = "
";
my ($sth);
my $dsn="DBI:mysql:radius"; #;mysql_socket=/var/lib/mysql/mysql.sock";
my $dbh = DBI->connect($dsn, $dbusername, $dbpassword);
my $buffer='';
my @pairs;
my $pair;
my $value='';
my $name='';
my %FORM;
# parse the form data.
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
my $username = $FORM{'username'};
my $password = $FORM{'pass'};
my $foradd = $FORM{'foradress'};
my $gumb= $FORM{'mod'};
if (!chk_referer()) {
logiraj($username,'nedozvoljen url');
error('url');
}
if (!chk_ip()) {
logiraj($username,$ENV{'REMOTE_ADDR'});
error('ip');
}
error('losuser') if ( (length($username) < 3) || (length($username) > 9) );
error('userznak') if ( (($username =~ tr/%//)+ ($username=~ tr/*//) + ($username=~ tr/?//) + ($username=~ tr/ //)) > 0 );
# error('forward') if ( (($foradd =~ tr/%//)+ ($foradd=~ tr/*//) + ($foradd=~ tr/?//) + ($foradd=~ tr/ //) + ($foradd=~ tr/|/
/)) > 0 );
error('lospass') if ( (length($password) < 5) && (length($password) > 9) );
# error('losnew') if ( (length($foradd) < 5) && (length($foradd) > 9) );
# error('losnew2') if ( $new ne $new2);
# error('samenew') if ( $password eq $new);
if (!checkuserpass($username, $password)) {
logiraj($username,'pogrešni username ili password');
error('kombinacija');
}
my $prvoslovo = substr($username,0,1);
#my $drugoslovo = substr($username,1,1);
my $forfile="/usr/users/" . $prvoslovo . "/" . $username . "/.forward";
#my $forfile="/usr/users/" . $username . "/.forward";
if ($gumb eq '1'){
my $sadrzaj="";
my $rez="";
sysopen(FH, $forfile, O_RDONLY) || noforward();
$sadrzaj=;
printheader();
print("
&
nbsp; Imate preusmjeravanje na: $sadrzaj | |
\n");
# print("\n");
logiraj($username,"Uspjesno citanje");
exit;
}
if ($gumb eq '2'){
error('forward') if ( (($foradd =~ tr/%//)+ ($foradd=~ tr/*//) + ($foradd=~ tr/?//) + ($foradd=~ tr/ //) + ($foradd=~
tr/|//)) > 0 );
sysopen(FH, $forfile, O_WRONLY|O_TRUNC|O_CREAT) || die $!;
print FH $foradd . "\n" ;
close(FH);
printheader();
print("
&
nbsp; Uspješno ste zadali preusmjeravanja na: $foradd | |
\n");
# print("$foradd");
logiraj($username,"OK preusmj: " . $foradd);
exit;
}
if ($gumb eq '3'){
sysopen(FH, $forfile, O_WRONLY) || noforward();
close(FH);
sysopen(FH, $forfile, O_WRONLY|O_TRUNC) || die $!;
printheader();
print("
&
nbsp; Uspješno ste obrisali preusmjeravanje! | |
table>\n");
logiraj($username,"Uspjesno brisanje");
exit;
}
# my $kript = crypt($new,"..");
# my $passcrypt=crypt($password,".." );
# if(!tacacs($username,$passcrypt,$kript)){
# logiraj($username,'problem s tacacs-om');
# error('kombinacija');
# }
# my $sth = $dbh->do("UPDATE radcheck SET Value = \"".$kript."\" WHERE Attribute = \"Password\" and UserName = \"".$username
."\"");
# my $sth = $dbh->do("UPDATE popper SET Password = \"".$kript."\" WHERE UserName = \"".$username."\"");
# if(!tacacs($username,$kript)){
# my $sth = $dbh->do("UPDATE radcheck SET Value = \"". $passcrypt ."\" WHERE Attribute = \"Password\" and UserN
ame = \"".$username."\"");
# my $sth = $dbh->do("UPDATE mail SET password = \"". $passcrypt ."\" WHERE user = \"".$username."\"");
# logiraj($username,'problem s tacacs-om');
# error('tacacs');
# };
#logiraj($username,'uspješna promjena');
# $sth->execute || print "error was ".$dbh->errstr;;
# my $result = $authsth->fetchrow_array;
# print "Content-type:text/html\n\n";
# print "";
# print "HPTNet Promjena lozinke$body\n";
# print "
HPTNet Promjena lozinke
\n";
# print " Uspješno ste promjenili lozinku.
";
# print "Back to Main Page\n";
# print "";
# exit;
sub checkuserpass {
my $username = shift;
my $password = shift;
my $passcrypt=crypt($password,".." );
if ($authtype eq 0) {
# LOCAL Auth
$sth = $dbh->prepare("SELECT id FROM radcheck WHERE UserName = \"$username\" AND Attribute = \"Password\" AND Value =
\"$passcrypt\"");
$sth->execute;
my $authed = $sth->fetchrow_array;
return 1 if $authed;
}
return 0;
}
sub tacacs {
my $kor=shift;
my $passcrypt=shift;
my $loz=shift;
my $kateg='';
my $staraloz='';
my $prvoslovo = substr($kor,0,1);
my $intfile = "/usr/users/" . $prvoslovo . "/" . $kor;
open(F, "+< $intfile") or return 0;
my $polje=;
$staraloz=substr($polje,0,13);
if ($staraloz ne $passcrypt){ return 0;}
substr($polje,0,13)=$loz;
seek(F,0,0);
print F $polje;
truncate(F,tell(F));
close(F);
return 1;
}
sub chk_referer {
my $url = $ENV{'HTTP_REFERER'};
#$url=substr($url,0,21);
print "$url";
if ($url ne 'http://www.telko.ba'){
return 1;
} else {
return 1;
}
}
sub chk_ip {
my $ip = substr($ENV{'REMOTE_ADDR'},0,10);
if (($ip eq '212.39.111')||($ip eq '212.39.154')){
return 1;
} else {
return 0;
}
}
sub error {
my $error = shift;
if ($error eq 'userznak'){
printheader();
print "
 
; Za korisničko ime nisu dozvoljeni znakovi %, *, ? i razmaknica! | |
\n";
printfoot();
} elsif ($error eq 'kombinacija') {
printheader();
print "
 
; Unijeli ste pogrešnu kombinaciju korisničkog imena i lozinke. |
|
\n";
printfoot();
} elsif ($error eq 'lospass') {
printheader();
print "
 
; Greška! Lozinka mora biti dugačka između 6 i 8 znakova. | | <
/tr>
\n";
printfoot();
} elsif ($error eq 'losuser') {
printheader();
print "
 
; Greška! Korisnićko ime mora biti dugačka između 3 i 8 znakova. | |
\n";
printfoot();
} elsif ($error eq 'ip') {
printheader();
print "
 
; Greška! Nedozvoljena ip adresa. | |
\n";
} elsif ($error eq 'url') {
printheader();
print "
 
; Greška! Morate pozivati skriptu preko http://www.tel.net.ba stranice | |
\n";
my $url= $ENV{'HTTP_REFERER'};
print "$url\n";
} elsif ($error eq 'forward') {
printheader();
print "
 
; Adresa preusmjeravanja nije dobra! | |
\n
";
printfoot();
} elsif ($error eq 'losnew2') {
printheader();
print "
 
; Greška! Move lozinke moraju biti iste. | |
\n";
printfoot();
} elsif ($error eq 'samenew') {
printheader();
print "Greška! Nova i stara lozinka su iste!\n";
printfoot();
} elsif ($error eq 'tacacs') {
printheader();
print "
 
; Nastala je sistemska greška. Obratite se helpdesku. | |
\n";
}
exit;
}
sub logiraj {
my $user=shift;
my $opis=shift;
my $ipadr=$ENV{'REMOTE_ADDR'};
my $logfile='/var/log/forward.log';
my $minuta=(localtime)[1] .':'. (localtime)[0];
my $sat=(localtime)[2] . ':' . $minuta;
my $dan=(localtime)[3];
my $mjesec=(localtime)[4]+1;
my $godina=(localtime)[5]+1900;
my $logzapis=$dan . '.' . $mjesec .'.' . $godina . ' ' . $sat .' '. $ipadr .' '. $user . ' ' . $opis . " \n";
open(FL, ">> $logfile") or die error("tacacs");
print FL $logzapis;
close(FL);
}
sub printheader {
# print "Content-Type: text/html\n\n"; # if $printheader;
# print "";
# print "";
# print "HPTNet Promjena lozinke$body\n";
print "Content-type:text/html\n\n";
print "";
print "HTnet promjena lozinke\n";
print "\n";
print "\n";
print "\n";
print "\n";
}
sub printfoot {
# print "Content-Type: text/html\n\n"; # if $printheader;
# print "";
# print "";
# print "HPTNet Promjena lozinke$body\n";
# print "
";
# print "Pokušajte ponovo.";
}
sub noforward {
printheader();
print("
&
nbsp; Nemate preusmjeravanja! | |
\n");
logiraj($username,"no forward");
exit;
}