diff --git a/blash.json b/blash.json
index d4e4909..a3accad 100644
--- a/blash.json
+++ b/blash.json
@@ -195,6 +195,7 @@
"logout",
"ls",
"man",
+ "passwd",
"pwd",
"su",
"useradd",
diff --git a/commands/logout.json b/commands/logout.json
index ba3fb45..116ee78 100644
--- a/commands/logout.json
+++ b/commands/logout.json
@@ -17,6 +17,17 @@
shell.user = shell.json.user;
document.cookie = '';
+
+ var users_php = window.location.href;
+ users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
+ params = 'action=logout';
+
+ var http = new XMLHttpRequest();
+ http.open ( "POST", users_php, true );
+ http.setRequestHeader( "Content-type", "application/x-www-form-urlencoded" );
+ http.setRequestHeader( "Content-length", params.length );
+ http.setRequestHeader( "Connection", "close" );
+ http.send ( params );
return out;
},
}
diff --git a/commands/passwd.json b/commands/passwd.json
new file mode 100644
index 0000000..84f400b
--- /dev/null
+++ b/commands/passwd.json
@@ -0,0 +1,185 @@
+{
+ "name" : "passwd",
+
+ "info" : {
+ "syntax" : "passwd",
+ "brief" : "Change the user password",
+ },
+
+ "keyOldPassword" : function ( e )
+ {
+ var evt = ( window.event ) ? window.event : e;
+ var key = ( evt.charCode ) ? evt.charCode : evt.keyCode;
+ var oldpassword = document.getElementsByName ( "oldpassword" )[0];
+ var password = document.getElementsByName ( "password" )[0];
+ var passwordText = document.getElementById ( "passwordText" );
+
+ if ( key == 13 && oldpassword.value.length > 0 )
+ {
+ password.style.visibility = 'visible';
+ passwordText.style.visibility = 'visible';
+ password.focus();
+ }
+ },
+
+ "keyPassword" : function ( e )
+ {
+ var evt = ( window.event ) ? window.event : e;
+ var key = ( evt.charCode ) ? evt.charCode : evt.keyCode;
+ var password = document.getElementsByName ( "password" )[0];
+ var repeatPassword = document.getElementsByName ( "repeatPassword" )[0];
+ var repeatPasswordText = document.getElementById ( "repeatPasswordText" );
+
+ if ( key == 13 && password.value.length > 0 )
+ {
+ repeatPassword.style.visibility = 'visible';
+ repeatPasswordText.style.visibility = 'visible';
+ repeatPassword.focus();
+ }
+ },
+
+ "keyRepeatPassword" : function ( e )
+ {
+ var evt = ( window.event ) ? window.event : e;
+ var key = ( evt.charCode ) ? evt.charCode : evt.keyCode;
+ var oldpassword = document.getElementsByName ( "oldpassword" )[0];
+ var password = document.getElementsByName ( "password" )[0];
+ var repeatPassword = document.getElementsByName ( "repeatPassword" )[0];
+ var repeatPasswordText = document.getElementById ( "repeatPasswordText" );
+
+ if ( key == 13 && password.value.length > 0 )
+ {
+ if ( password.value != repeatPassword.value )
+ {
+ shell.cmdOut.innerHTML = 'The passwords do not match';
+ } else {
+ var users_php = window.location.href;
+ users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
+ params = 'action=changepwd&user=' + escape ( shell.newuser ) + '&newpass=' + md5 ( password.value );
+
+ if ( shell.curUser != 'root' )
+ {
+ params += '&oldpass=' + md5 ( oldpassword.value );
+ }
+
+ var http = new XMLHttpRequest();
+ http.open ( "POST", users_php, true );
+ http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+ http.setRequestHeader("Content-length", params.length);
+ http.setRequestHeader("Connection", "close");
+
+ http.onreadystatechange = function ()
+ {
+ if ( http.readyState == 4 && http.status == 200 )
+ {
+ if ( http.responseText.length > 0 )
+ {
+ shell.cmdOut.innerHTML = http.responseText;
+ } else {
+ shell.cmdOut.innerHTML = '';
+ }
+
+ shell.refreshPrompt ( false, false );
+ }
+ }
+
+ http.send ( params );
+ shell.cmdOut.innerHTML = '';
+ }
+
+ shell.auto_prompt_focus = true;
+ shell.auto_prompt_refresh = true;
+ shell.refreshPrompt ( false, false );
+ }
+ },
+
+ "action" : function ( arg )
+ {
+ var out = '';
+
+ shell.auto_prompt_focus = false;
+ shell.auto_prompt_refresh = false;
+ shell.newuser = arg;
+ shell.keyOldPassword = this.keyOldPassword;
+ shell.keyPassword = this.keyPassword;
+ shell.keyRepeatPassword = this.keyRepeatPassword;
+
+ var users_php = window.location.href;
+ users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
+ params = 'action=getuser';
+
+ var http = new XMLHttpRequest();
+ http.open ( "POST", users_php, true );
+ http.setRequestHeader( "Content-type", "application/x-www-form-urlencoded" );
+ http.setRequestHeader( "Content-length", params.length );
+ http.setRequestHeader( "Connection", "close" );
+
+ http.onreadystatechange = function ()
+ {
+ if ( http.readyState == 4 && http.status == 200 )
+ {
+ if ( shell.__first_cmd )
+ {
+ shell.cmdOut.innerHTML = '
';
+ shell.__first_cmd = false;
+ } else {
+ shell.cmdOut.innerHTML = '';
+ }
+
+ shell.curUser = http.responseText;
+
+ if ( !arg || arg.length == 0 )
+ {
+ shell.newuser = http.responseText;
+ }
+
+ if ( http.responseText == 'root' )
+ {
+ shell.cmdOut.innerHTML += 'New password:
' +
+ '' +
+ 'Repeat new password:
';
+
+ document.getElementsByName ( 'password' )[0].focus();
+ } else {
+ if ( shell.newuser.length > 0 && shell.newuser != http.responseText )
+ {
+ shell.cmdOut.innerHTML = "You cannot change the password for user '" +
+ shell.newuser + "'";
+
+ shell.refreshPrompt ( false, false );
+ return 1;
+ } else if ( http.responseText == shell.json.user ) {
+ shell.cmdOut.innerHTML = "You cannot change the password for the " +
+ "guest user";
+
+ shell.refreshPrompt ( false, false );
+ return 1;
+ }
+
+ shell.cmdOut.innerHTML += 'Old password:
' +
+ '' +
+ 'New password:
' +
+ '' +
+ 'Repeat new password:
';
+
+ document.getElementsByName ( 'oldpassword' )[0].focus();
+ }
+ }
+ }
+
+ http.send ( params );
+ shell.cmdOut.innerHTML = '';
+ return out;
+ },
+}
+
diff --git a/modules/users/.users.php.swp b/modules/users/.users.php.swp
index 74c3fa5..df69205 100644
Binary files a/modules/users/.users.php.swp and b/modules/users/.users.php.swp differ
diff --git a/modules/users/users.php b/modules/users/users.php
index 971346a..e3d7b26 100644
--- a/modules/users/users.php
+++ b/modules/users/users.php
@@ -1,6 +1,39 @@
user ); $i++ )
+ {
+ if ( !strcasecmp ( $xml->user[$i]['name'], $_COOKIE['username'] ))
+ {
+ $auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] );
+
+ if ( !strcasecmp ( $auth, $_COOKIE['auth'] ))
+ {
+ return $xml->user[$i]['name'];
+ } else {
+ return "guest";
+ }
+ }
+ }
+
+ return "guest";
+ }
+
+ return "guest";
+}
+
$action = $_REQUEST['action'];
if ( $action == null )
@@ -104,40 +137,71 @@ switch ( $action )
}
print "Username not found: '$username'\n";
+ return 1;
break;
case 'getuser':
- if ( isset ( $_COOKIE['username'] ) && isset ( $_COOKIE['auth'] ))
+ print getUser();
+ return 0;
+ break;
+
+ case 'logout':
+ setcookie ( 'username', '', 0, "/" );
+ setcookie ( 'auth', '', 0, "/" );
+ break;
+
+ case 'changepwd':
+ $old_pass = $_REQUEST['oldpass'];
+ $new_pass = $_REQUEST['newpass'];
+ $user = $_REQUEST['user'];
+ $cur_user = getUser();
+
+ // If the current user is not root and he's trying to change someone else's password, STOP HIM!
+ if ( $cur_user != 'root' && $cur_user != $user )
{
- if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
- {
- print "Unable to open the users XML file\n";
- return 1;
- }
-
- for ( $i = 0; $i < count ( $xml->user ) && !$found; $i++ )
- {
- if ( !strcasecmp ( $xml->user[$i]['name'], $_COOKIE['username'] ))
- {
- $auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] );
-
- if ( !strcasecmp ( $auth, $_COOKIE['auth'] ))
- {
- print $xml->user[$i]['name'];
- return 0;
- } else {
- print "guest";
- return 1;
- }
- }
- }
-
- print "guest";
+ print "You cannot change the password for the user '$user'\n";
return 1;
}
- print "guest";
- return 1;
+ if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
+ {
+ print "Unable to open the users XML file\n";
+ return 1;
+ }
+
+ for ( $i = 0; $i < count ( $xml->user ); $i++ )
+ {
+ // If we've found the user whose password should be changed...
+ if ( !strcasecmp ( $xml->user[$i]['name'], $user ))
+ {
+ $found = true;
+
+ // If the current user is not root, check his own inserted current password
+ if ( $cur_user != 'root' )
+ {
+ if ( $xml->user[$i]['pass'] != $old_pass )
+ {
+ print "The provided current password is wrong\n";
+ return 1;
+ }
+ }
+
+ $xml->user[$i]['pass'] = $new_pass;
+
+ if ( !( $fp = fopen ( 'userlist.php', 'w' )))
+ {
+ print "Unable to change the password for the specified user, unknown error\n";
+ return 1;
+ }
+
+ fwrite ( $fp, "asXML() . "\nXML;\n\n?>\n" );
+ fclose ( $fp );
+
+ print 'Password successfully changed for the user '.$user."\n";
+ return 0;
+ }
+ }
+
break;
}