############################################################################### # C H A N G E P A S S W O R D # ############################################################################### ##################################################################### # script: db.cgi # # sub main # # # # add lines # # # # Where to add them -- # # after # # elsif ($in{'admin_display'}){ if ($per_admin) { &admin_display; } else { &html_unauth; } } ##################################################################### #### Following two lines added for secure_password_lookup mod elsif ($in{'change_password_form'}) { unless ($db_userid eq "default") { &html_change_password_form; } else { &html_unauth; } } elsif ($in{'change_password'}) { unless ($db_userid eq "default") { &change_password; } else { &html_unauth; } } ##################################################################### # script: db.cgi # # sub change_password # # # # new subroutine # # HTML (below) required # # # # This version does not require the user to enter their original # # password. This simply checks for a match of their username # # and changes the password if the username matches. # # # ##################################################################### sub change_password { # -------------------------------------------------------- my ($sth, $rc, $query); my ($insert_names, $insert_values, $message, $username_q, $update, @lines, $line); # Check to make sure password is ok unless ($in{'password'} eq $in{'pw2'}) { $message = "You must enter the same password twice."; } unless ((length($in{'password'}) >= 3) and (length($in{'password'}) <= 12)) { $message = "Invalid passwor: '$in{'password'}'. Must be less then 12 and greater then 3 characters."; } if ($message) { &html_change_password_form($message); return; } my $username_q = $DBH->quote($in{'username'}); # pulls username from user table # check for username match $query = qq! SELECT * FROM $db_table_user WHERE username = $username_q !; my $sth = $DBH->prepare($query); $sth->execute(); if ($sth->rows) { # if username matches encrypt password and update in user table # there should not be a problem with username not matching since # user has to be logged in to change their password in the first place. my @salt_chars = ('A' .. 'Z', 0 .. 9, 'a' .. 'z', '.', '/'); $in{'pw'} = crypt($in{'password'}, join '', @salt_chars[rand 64, rand 64]); my $password_q = $DBH->quote($in{'pw'}); $query = qq! UPDATE $db_table_user SET password=$password_q WHERE username = $username_q !; $rc = $DBH->do($query); $rc ? ($message = "User: $in{'username'} updated.") : ($message = "Error updating user: $in{'username'}. Reason: $DBI::errstr"); } else { $message = "Error, user $username_q not found!"; } $sth->finish; &html_change_password_success(); } ##################################################################### # script: html.pl # # sub change_password_password_form # # # # new subroutine # # # # This version will display their username in the # # form (highlighted) and does not require their original # # password to be entered (I did not feel that entering # # the original password was needed). # # # ##################################################################### sub html_change_password_form { # -------------------------------------------------------- # This form is displayed when users want to change their password. # my $error = shift; if ($in{'change_password_form'}) { $rec{'username'} = &get_username; } &html_print_headers; print qq| $html_title: Change Password.
$html_title: Change Password

<$font_title>Change Password

<$font>To change your password, simply enter your new password twice in the fields below. You will then be asked to log in again, using your new password.

If your password change fails, please use your browser's back button to return to the original change password form.

If your username is not shown below, the change password will not work.

|; if ($error) { print "$error

"; } print qq|
Your Username: $rec{'username'}
New Password:
Enter it again:

|; } sub html_change_password_success { # -------------------------------------------------------- &html_print_headers; print qq| $html_title: Password Changed
$html_title: Password Changed

<$font_title>Password Changed

<$font>Your password has been changed! Please use your username and new password to log in.

User ID:
Password:

|; }