Re: [LINUX:1721] Re: cgi-shadow passwd

Burak DAYIOGLU (bbm759@eti.cc.hun.edu.tr)
Tue, 14 Apr 1998 09:23:32 +0300 (MEST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Varol Keskin: "Re: [LINUX:1724] wu-ftp"
Previous message: Arslan UNAL: "2 ses karti"
In reply to: Sait Karalar: "Re: [LINUX:1721] Re: cgi-shadow passwd"

On Mon, 13 Apr 1998, Gokhan Moral wrote:
> > linux de Web uzerinden bir CGI ile
> > login/passwd kontrol [ /etc/passwd, /etc/shadow ]
> > nasil yapabilirim!?

Selamlar,
Eger yapmaya calistiginiz web uzerinden "web erisimini denetlemek" ise
Gokhan hocanin soyledigi uygun olabilir. Ama yapmaya calistiginiz, CGI
programi araciligi ile kullanici islemlerini web uzerinden yapmak ise
kucuk bir c programi ile bunu yapabilirsiniz.

C programinin nasil olmasi gerektigi konusunda, daha once yazdigimiz bir
programcigi listede de ilgilenenlerin olabilecegini dusunerek listeye
geciyorum. Tam olarak istedigini yapmasa da biraz kirpinca sadece sizin
istediginizi yapar hale gelir:

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <pwd.h>
#include <string.h>

void parse(char *pattern,char *login,char *passwd,char *newpasswd
,char *confirmpasswd)
{
int i=0,j=0;
while(pattern[i]!='=') i++;
i++;
while(pattern[i]!='&') i++;
i++;

j=0;
while(pattern[i]!='=') i++;
i++;
while(pattern[i]!='&')
{
login[j]=pattern[i];
j++; i++;
}
login[j]=0;

j=0;
while(pattern[i]!='=') i++;
i++;
while(pattern[i]!='&')
{
passwd[j]=pattern[i];
j++; i++;
}
passwd[j]=0;

j=0;
while(pattern[i]!='=') i++;
i++;
while(pattern[i]!='&')
{
newpasswd[j]=pattern[i];
j++; i++;
}
newpasswd[j]=0;

j=0;
while(pattern[i]!='=') i++;
i++;
while(pattern[i])
{
confirmpasswd[j]=pattern[i];
j++; i++;
}
confirmpasswd[j]=0;
}

int addtofile(char *login,char *pass)
{
char str[81],logstr[11];
FILE *f;
int found =0;

f=fopen("/tmp/oldlogin.dat","r");
while (!feof(f)){
fgets(str,80,f);
sscanf(str,"%s",logstr);
if (strcmp(logstr,login)==0)
found = 1;
}
fclose (f);
if (!found){
printf ("1not found 1");
f=fopen("/tmp/login.dat","r+");
while (!feof(f)){
fgets(str,80,f);
sscanf(str,"%s",logstr);
if (strcmp(logstr,login)==0)
found = 1;
}
}
if (!found)
fprintf(f,"%s\t%s\n",login,pass);
else return 0;
fclose(f);
return 1;
}

int validate_pass(char *login,char* pass){
struct passwd *pstruct;
char salt[3];

pstruct = getpwnam (login);
if (pstruct){
strncpy (salt,pstruct->pw_passwd,2);
return (strcmp(pstruct->pw_passwd,crypt(pass,salt))==0);
}
}

void main(void) {
char *buffer;
char login[50],newpasswd[50],confirmpasswd[50],passwd[50];

buffer=getenv("QUERY_STRING");
parse(buffer,login,passwd,newpasswd,confirmpasswd);
/* strncpy (login,login,8);*/
printf("Content-type: text/html\n\n");
printf("<HTML><HEAD><TITLE>Password Changing");
printf("</TITLE></HEAD><BODY>");
if (validate_pass(login,passwd)){
if (newpasswd[0]){
if (strcmp(newpasswd,confirmpasswd)==0){
if (addtofile(login,newpasswd)){
printf("Kullanici adi ve sifreniz kabul edildi.");
printf("Yeni sifreniz kabul edildi.");
}else printf ("Onceden sifre degistirme islemini yaptiginiz icin tekrar degistirilemiyor.");
} else printf("Yeni sifrenizi hatali girdiniz, degisiklik kabul edilmedi.Yeniden deneyin!");
}else{
if (addtofile(login,passwd))
printf("Kullanici adi ve sifreniz kabul edildi.");
else printf ("Onceden sifre degistirme islemini yaptiginiz icin tekrar degistirilemiyor");
}
} else printf("Sifreniz kabul edilmedi.");

printf("<A HREF=http://www.cc.hun.edu.tr/pass.html>Return</A>");
printf("</BODY></HTML>");
}

Next message: Varol Keskin: "Re: [LINUX:1724] wu-ftp"
Previous message: Arslan UNAL: "2 ses karti"
In reply to: Sait Karalar: "Re: [LINUX:1721] Re: cgi-shadow passwd"