CGI and Perl

Changing User Passwords with password.change

Passwords for the database are managed with the password.change script, shown in Listing 11.5. Passwords are managed by modifying the .htpasswd file on the server. In order for password.change script to work, permissions on the .htpasswd file must be set so that the owner of the HyperCal files can read and write to it. The password.change script looks in the variables file to locate the .htpasswd file on the server. The crypt() function is used to encrypt the user specified password before it is saved in the .htpasswd file.

Listing 11.5. password.change.

#!/www/bin/perl
 #Allows a user to change their password from the web
 require `variables';
 require `httools.pl';
 &header;
 # Determine which part is being called
 if ($ENV{`QUERY_STRING'} eq "change")    {&change}
 else {&part_1};
 sub part_1    {
 #Prints the html form and collects the information
 &title("Change password");
 print "To change your password, please fill in the information below:<hr>\n";
 print "<form method=post action=change.password?change>\n";
 print "<b>User name</b><br>\n";
 print "<input name=\"user\" size=15><br>\n";
 print "<hr>";
 print "<b>Your old password</b><br>\n";
 print "<input type=\"password\" name=\"old_pass\" size=15><br>\n";
 print "<hr>";
 print "<b>Your new password</b><br>\n";
 print "<input type=\"password\" name=\"new_pass_1\" size=15><br>\n";
 print "<hr>";
 print "<b>Your new password again to ensure that you
        did not make any typing errors</b><br>\n";
 print "<input type=\"password\" name=\"new_pass_2\" size=15><br>\n";
 print "<hr>";
 print "<input type=\"submit\" value=\"Change the password\">";
 print "</form>";
 print "<hr>";
 }
 sub change    {
 #    Change the password, if everything checks out
 &form_parse;
 #    Read in the password file and build an assoc. array of it
 open (PASS, "$htpass");
 @pass=<PASS>;
 foreach $pass (@pass)    {
 chop ($pass);
 ($name,$password)=split(/:/,$pass);
 $PASS{$name} = $password;    }
 #    Do some checking
 if ($FORM{`new_pass_1'} ne $FORM{`new_pass_2'})
                 {$error=1};
 if (crypt($FORM{`old_pass'},$PASS{"$FORM{`user'}"}) ne $PASS{"$FORM{`user'}"})
                 {$error=2};
 if ($PASS{$FORM{`user'}} eq "")
                 {$error=3};
 if ($error) {&error}
 else    {    # Change it
 open (PASS, ">$htpass");
 $new_pass=crypt($FORM{`new_pass_2'},$FORM{`new_pass_2'});
 $PASS{"$FORM{`user'}"}=$new_pass;
 foreach $key (keys %PASS)    {
 print PASS "$key:$PASS{$key}\n";    }
 &title(`Password changed');
 print "Your password has been changed.  You will need to
        re-authorize when you go back to the calendar.<br>";
 print "<center>";
 print "[ <a href=$base_url$hypercal>Hypercal</a> ]";
 &footer;
     }
 sub error{
 if ($error==1) {
 print "Your entries for new password did not match.
        Please <a href=change.password>try again</a><br>";}
 elsif ($error==2) {
 print "The password you entered is incorrect.  Please check
        your password and <a href=change.password>try again</a><br>\n";}
 elsif ($error==3) {
 print "I could not find an entry for you in the password file.
        Please have your webmaster add an entry for you.<br>";}
 &footer;
 }
 }    # End of change