passwd command added

2010-12-26 18:08:43 +01:00 · 2010-12-26 18:08:43 +01:00 · 403363ae69
commit 403363ae69
parent d4039b93e6
5 changed files with 288 additions and 27 deletions
--- a/blash.json
+++ b/blash.json
@ -195,6 +195,7 @@
 		"logout",
 		"ls",
 		"man",
 		"passwd",
 		"pwd",
 		"su",
 		"useradd",
--- a/commands/logout.json
+++ b/commands/logout.json
@ -17,6 +17,17 @@
 		shell.user = shell.json.user;
 		document.cookie = '';
 		var users_php = window.location.href;
 		users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
 		params = 'action=logout';
 		var http = new XMLHttpRequest();
 		http.open ( "POST", users_php, true );
 		http.setRequestHeader( "Content-type", "application/x-www-form-urlencoded" );
 		http.setRequestHeader( "Content-length", params.length );
 		http.setRequestHeader( "Connection", "close" );
 		http.send ( params );
 		return out;
 	},
 }
--- a/commands/passwd.json
+++ b/commands/passwd.json
@ -0,0 +1,185 @@
 {
 	"name" : "passwd",
 	"info" : {
 		"syntax" : "passwd",
 		"brief" : "Change the user password",
 	},
 	"keyOldPassword" : function ( e )
 	{
 		var evt = ( window.event ) ? window.event : e;
 		var key = ( evt.charCode ) ? evt.charCode : evt.keyCode;
 		var oldpassword = document.getElementsByName ( "oldpassword" )[0];
 		var password = document.getElementsByName ( "password" )[0];
 		var passwordText = document.getElementById ( "passwordText" );
 		if ( key == 13 && oldpassword.value.length > 0 )
 		{
 			password.style.visibility = 'visible';
 			passwordText.style.visibility = 'visible';
 			password.focus();
 		}
 	},
 	"keyPassword" : function ( e )
 	{
 		var evt = ( window.event ) ? window.event : e;
 		var key = ( evt.charCode ) ? evt.charCode : evt.keyCode;
 		var password = document.getElementsByName ( "password" )[0];
 		var repeatPassword = document.getElementsByName ( "repeatPassword" )[0];
 		var repeatPasswordText = document.getElementById ( "repeatPasswordText" );
 		if ( key == 13 && password.value.length > 0 )
 		{
 			repeatPassword.style.visibility = 'visible';
 			repeatPasswordText.style.visibility = 'visible';
 			repeatPassword.focus();
 		}
 	},
 	"keyRepeatPassword" : function ( e )
 	{
 		var evt = ( window.event ) ? window.event : e;
 		var key = ( evt.charCode ) ? evt.charCode : evt.keyCode;
 		var oldpassword = document.getElementsByName ( "oldpassword" )[0];
 		var password = document.getElementsByName ( "password" )[0];
 		var repeatPassword = document.getElementsByName ( "repeatPassword" )[0];
 		var repeatPasswordText = document.getElementById ( "repeatPasswordText" );
 		if ( key == 13 && password.value.length > 0 )
 		{
 			if ( password.value != repeatPassword.value )
 			{
 				shell.cmdOut.innerHTML = 'The passwords do not match';
 			} else {
 				var users_php = window.location.href;
 				users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
 				params = 'action=changepwd&user=' + escape ( shell.newuser ) + '&newpass=' + md5 ( password.value );
 				if ( shell.curUser != 'root' )
 				{
 					params += '&oldpass=' + md5 ( oldpassword.value );
 				}
 				var http = new XMLHttpRequest();
 				http.open ( "POST", users_php, true );
 				http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
 				http.setRequestHeader("Content-length", params.length);
 				http.setRequestHeader("Connection", "close");
 				http.onreadystatechange = function ()
 				{
 					if ( http.readyState == 4 && http.status == 200 )
 					{
 						if ( http.responseText.length > 0 )
 						{
 							shell.cmdOut.innerHTML = http.responseText;
 						} else {
 							shell.cmdOut.innerHTML = '';
 						}
 						shell.refreshPrompt ( false, false );
 					}
 				}
 				http.send ( params );
 				shell.cmdOut.innerHTML = '';
 			}
 			shell.auto_prompt_focus = true;
 			shell.auto_prompt_refresh = true;
 			shell.refreshPrompt ( false, false );
 		}
 	},
 	"action" : function ( arg )
 	{
 		var out = '';
 		shell.auto_prompt_focus = false;
 		shell.auto_prompt_refresh = false;
 		shell.newuser = arg;
 		shell.keyOldPassword = this.keyOldPassword;
 		shell.keyPassword = this.keyPassword;
 		shell.keyRepeatPassword = this.keyRepeatPassword;
 		var users_php = window.location.href;
 		users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
 		params = 'action=getuser';
 		var http = new XMLHttpRequest();
 		http.open ( "POST", users_php, true );
 		http.setRequestHeader( "Content-type", "application/x-www-form-urlencoded" );
 		http.setRequestHeader( "Content-length", params.length );
 		http.setRequestHeader( "Connection", "close" );
 		http.onreadystatechange = function ()
 		{
 			if ( http.readyState == 4 && http.status == 200 )
 			{
 				if ( shell.__first_cmd )
 				{
 					shell.cmdOut.innerHTML = '<br/>';
 					shell.__first_cmd = false;
 				} else {
 					shell.cmdOut.innerHTML = '';
 				}
 				shell.curUser = http.responseText;
 				if ( !arg || arg.length == 0 )
 				{
 					shell.newuser = http.responseText;
 				}
 				if ( http.responseText == 'root' )
 				{
 					shell.cmdOut.innerHTML += 'New password: <input type="password" ' +
 						'name="password" class="password" ' +
 						'onkeyup="shell.keyPassword ( event )"><br/>' +
 						'<span id="repeatPasswordText" style="visibility: hidden">' +
 						'Repeat new password: </span><input type="password" ' +
 						'name="repeatPassword" class="password" style="visibility: hidden" ' +
 						'onkeyup="shell.keyRepeatPassword ( event )"><br/>';
 					document.getElementsByName ( 'password' )[0].focus();
 				} else {
 					if ( shell.newuser.length > 0 && shell.newuser != http.responseText )
 					{
 						shell.cmdOut.innerHTML = "You cannot change the password for user '" +
 							shell.newuser + "'";
 						shell.refreshPrompt ( false, false );
 						return 1;
 					} else if ( http.responseText == shell.json.user ) {
 						shell.cmdOut.innerHTML = "You cannot change the password for the " +
 							"guest user";
 						shell.refreshPrompt ( false, false );
 						return 1;
 					}
 					shell.cmdOut.innerHTML += 'Old password: <input type="password" ' +
 						'name="oldpassword" class="password" ' +
 						'onkeyup="shell.keyOldPassword ( event )"><br/>' +
 						'<span id="passwordText" style="visibility: hidden">' +
 						'New password: </span><input type="password" ' +
 						'name="password" class="password" ' +
 						'onkeyup="shell.keyPassword ( event )"><br/>' +
 						'<span id="repeatPasswordText" style="visibility: hidden">' +
 						'Repeat new password: </span><input type="password" ' +
 						'name="repeatPassword" class="password" style="visibility: hidden" ' +
 						'onkeyup="shell.keyRepeatPassword ( event )"><br/>';
 					document.getElementsByName ( 'oldpassword' )[0].focus();
 				}
 			}
 		}
 		http.send ( params );
 		shell.cmdOut.innerHTML = '';
 		return out;
 	},
 }
--- a/modules/users/.users.php.swp
+++ b/modules/users/.users.php.swp
--- a/modules/users/users.php
+++ b/modules/users/users.php
@ -1,6 +1,39 @@
 <?php
 include 'userlist.php';
 function getUser ()
 {
 	include 'userlist.php';
 	if ( isset ( $_COOKIE['username'] ) && isset ( $_COOKIE['auth'] ))
 	{
 		if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
 		{
 			return "Unable to open the users XML file\n";
 		}
 		for ( $i = 0; $i < count ( $xml->user ); $i++ )
 		{
 			if ( !strcasecmp ( $xml->user[$i]['name'], $_COOKIE['username'] ))
 			{
 				$auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] );
 				if ( !strcasecmp ( $auth, $_COOKIE['auth'] ))
 				{
 					return $xml->user[$i]['name'];
 				} else {
 					return "guest";
 				}
 			}
 		}
 		return "guest";
 	}
 	return "guest";
 }
 $action = $_REQUEST['action'];
 if ( $action == null )
@ -104,40 +137,71 @@ switch ( $action )
 		}
 		print "Username not found: '$username'\n";
 		return 1;
 		break;
 	case 'getuser':
-		if ( isset ( $_COOKIE['username'] ) && isset ( $_COOKIE['auth'] ))
+		print getUser();
 		return 0;
 		break;
 	case 'logout':
 		setcookie ( 'username', '', 0, "/" );
 		setcookie ( 'auth', '', 0, "/" );
 		break;
 	case 'changepwd':
 		$old_pass = $_REQUEST['oldpass'];
 		$new_pass = $_REQUEST['newpass'];
 		$user = $_REQUEST['user'];
 		$cur_user = getUser();
 		// If the current user is not root and he's trying to change someone else's password, STOP HIM!
 		if ( $cur_user != 'root' && $cur_user != $user )
 		{
 			print "You cannot change the password for the user '$user'\n";
 			return 1;
 		}
 		if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
 		{
 			print "Unable to open the users XML file\n";
 			return 1;
 		}
-			for ( $i = 0; $i < count ( $xml->user ) && !$found; $i++ )
+		for ( $i = 0; $i < count ( $xml->user ); $i++ )
 		{
-				if ( !strcasecmp ( $xml->user[$i]['name'], $_COOKIE['username'] ))
+			// If we've found the user whose password should be changed...
 			if ( !strcasecmp ( $xml->user[$i]['name'], $user ))
 			{
-					$auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] );
+				$found = true;
-					if ( !strcasecmp ( $auth, $_COOKIE['auth'] ))
+				// If the current user is not root, check his own inserted current password
 				if ( $cur_user != 'root' )
 				{
-						print $xml->user[$i]['name'];
+					if ( $xml->user[$i]['pass'] != $old_pass )
 					{
 						print "The provided current password is wrong\n";
 						return 1;
 					}
 				}
 				$xml->user[$i]['pass'] = $new_pass;
 				if ( !( $fp = fopen ( 'userlist.php', 'w' )))
 				{
 					print "Unable to change the password for the specified user, unknown error\n";
 					return 1;
 				}
 				fwrite ( $fp, "<?php\n\n\$xmlcontent = <<<XML\n" . $xml->asXML() . "\nXML;\n\n?>\n" );
 				fclose ( $fp );
 				print 'Password successfully changed for the user '.$user."\n";
 				return 0;
 					} else {
 						print "guest";
 						return 1;
 					}
 			}
 		}
 			print "guest";
 			return 1;
 		}
 		print "guest";
 		return 1;
 		break;
 }