passwd command added
This commit is contained in:
parent
d4039b93e6
commit
403363ae69
5 changed files with 288 additions and 27 deletions
|
@ -195,6 +195,7 @@
|
|||
"logout",
|
||||
"ls",
|
||||
"man",
|
||||
"passwd",
|
||||
"pwd",
|
||||
"su",
|
||||
"useradd",
|
||||
|
|
|
@ -17,6 +17,17 @@
|
|||
|
||||
shell.user = shell.json.user;
|
||||
document.cookie = '';
|
||||
|
||||
var users_php = window.location.href;
|
||||
users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
|
||||
params = 'action=logout';
|
||||
|
||||
var http = new XMLHttpRequest();
|
||||
http.open ( "POST", users_php, true );
|
||||
http.setRequestHeader( "Content-type", "application/x-www-form-urlencoded" );
|
||||
http.setRequestHeader( "Content-length", params.length );
|
||||
http.setRequestHeader( "Connection", "close" );
|
||||
http.send ( params );
|
||||
return out;
|
||||
},
|
||||
}
|
||||
|
|
185
commands/passwd.json
Normal file
185
commands/passwd.json
Normal file
|
@ -0,0 +1,185 @@
|
|||
{
|
||||
"name" : "passwd",
|
||||
|
||||
"info" : {
|
||||
"syntax" : "passwd",
|
||||
"brief" : "Change the user password",
|
||||
},
|
||||
|
||||
"keyOldPassword" : function ( e )
|
||||
{
|
||||
var evt = ( window.event ) ? window.event : e;
|
||||
var key = ( evt.charCode ) ? evt.charCode : evt.keyCode;
|
||||
var oldpassword = document.getElementsByName ( "oldpassword" )[0];
|
||||
var password = document.getElementsByName ( "password" )[0];
|
||||
var passwordText = document.getElementById ( "passwordText" );
|
||||
|
||||
if ( key == 13 && oldpassword.value.length > 0 )
|
||||
{
|
||||
password.style.visibility = 'visible';
|
||||
passwordText.style.visibility = 'visible';
|
||||
password.focus();
|
||||
}
|
||||
},
|
||||
|
||||
"keyPassword" : function ( e )
|
||||
{
|
||||
var evt = ( window.event ) ? window.event : e;
|
||||
var key = ( evt.charCode ) ? evt.charCode : evt.keyCode;
|
||||
var password = document.getElementsByName ( "password" )[0];
|
||||
var repeatPassword = document.getElementsByName ( "repeatPassword" )[0];
|
||||
var repeatPasswordText = document.getElementById ( "repeatPasswordText" );
|
||||
|
||||
if ( key == 13 && password.value.length > 0 )
|
||||
{
|
||||
repeatPassword.style.visibility = 'visible';
|
||||
repeatPasswordText.style.visibility = 'visible';
|
||||
repeatPassword.focus();
|
||||
}
|
||||
},
|
||||
|
||||
"keyRepeatPassword" : function ( e )
|
||||
{
|
||||
var evt = ( window.event ) ? window.event : e;
|
||||
var key = ( evt.charCode ) ? evt.charCode : evt.keyCode;
|
||||
var oldpassword = document.getElementsByName ( "oldpassword" )[0];
|
||||
var password = document.getElementsByName ( "password" )[0];
|
||||
var repeatPassword = document.getElementsByName ( "repeatPassword" )[0];
|
||||
var repeatPasswordText = document.getElementById ( "repeatPasswordText" );
|
||||
|
||||
if ( key == 13 && password.value.length > 0 )
|
||||
{
|
||||
if ( password.value != repeatPassword.value )
|
||||
{
|
||||
shell.cmdOut.innerHTML = 'The passwords do not match';
|
||||
} else {
|
||||
var users_php = window.location.href;
|
||||
users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
|
||||
params = 'action=changepwd&user=' + escape ( shell.newuser ) + '&newpass=' + md5 ( password.value );
|
||||
|
||||
if ( shell.curUser != 'root' )
|
||||
{
|
||||
params += '&oldpass=' + md5 ( oldpassword.value );
|
||||
}
|
||||
|
||||
var http = new XMLHttpRequest();
|
||||
http.open ( "POST", users_php, true );
|
||||
http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
|
||||
http.setRequestHeader("Content-length", params.length);
|
||||
http.setRequestHeader("Connection", "close");
|
||||
|
||||
http.onreadystatechange = function ()
|
||||
{
|
||||
if ( http.readyState == 4 && http.status == 200 )
|
||||
{
|
||||
if ( http.responseText.length > 0 )
|
||||
{
|
||||
shell.cmdOut.innerHTML = http.responseText;
|
||||
} else {
|
||||
shell.cmdOut.innerHTML = '';
|
||||
}
|
||||
|
||||
shell.refreshPrompt ( false, false );
|
||||
}
|
||||
}
|
||||
|
||||
http.send ( params );
|
||||
shell.cmdOut.innerHTML = '';
|
||||
}
|
||||
|
||||
shell.auto_prompt_focus = true;
|
||||
shell.auto_prompt_refresh = true;
|
||||
shell.refreshPrompt ( false, false );
|
||||
}
|
||||
},
|
||||
|
||||
"action" : function ( arg )
|
||||
{
|
||||
var out = '';
|
||||
|
||||
shell.auto_prompt_focus = false;
|
||||
shell.auto_prompt_refresh = false;
|
||||
shell.newuser = arg;
|
||||
shell.keyOldPassword = this.keyOldPassword;
|
||||
shell.keyPassword = this.keyPassword;
|
||||
shell.keyRepeatPassword = this.keyRepeatPassword;
|
||||
|
||||
var users_php = window.location.href;
|
||||
users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
|
||||
params = 'action=getuser';
|
||||
|
||||
var http = new XMLHttpRequest();
|
||||
http.open ( "POST", users_php, true );
|
||||
http.setRequestHeader( "Content-type", "application/x-www-form-urlencoded" );
|
||||
http.setRequestHeader( "Content-length", params.length );
|
||||
http.setRequestHeader( "Connection", "close" );
|
||||
|
||||
http.onreadystatechange = function ()
|
||||
{
|
||||
if ( http.readyState == 4 && http.status == 200 )
|
||||
{
|
||||
if ( shell.__first_cmd )
|
||||
{
|
||||
shell.cmdOut.innerHTML = '<br/>';
|
||||
shell.__first_cmd = false;
|
||||
} else {
|
||||
shell.cmdOut.innerHTML = '';
|
||||
}
|
||||
|
||||
shell.curUser = http.responseText;
|
||||
|
||||
if ( !arg || arg.length == 0 )
|
||||
{
|
||||
shell.newuser = http.responseText;
|
||||
}
|
||||
|
||||
if ( http.responseText == 'root' )
|
||||
{
|
||||
shell.cmdOut.innerHTML += 'New password: <input type="password" ' +
|
||||
'name="password" class="password" ' +
|
||||
'onkeyup="shell.keyPassword ( event )"><br/>' +
|
||||
'<span id="repeatPasswordText" style="visibility: hidden">' +
|
||||
'Repeat new password: </span><input type="password" ' +
|
||||
'name="repeatPassword" class="password" style="visibility: hidden" ' +
|
||||
'onkeyup="shell.keyRepeatPassword ( event )"><br/>';
|
||||
|
||||
document.getElementsByName ( 'password' )[0].focus();
|
||||
} else {
|
||||
if ( shell.newuser.length > 0 && shell.newuser != http.responseText )
|
||||
{
|
||||
shell.cmdOut.innerHTML = "You cannot change the password for user '" +
|
||||
shell.newuser + "'";
|
||||
|
||||
shell.refreshPrompt ( false, false );
|
||||
return 1;
|
||||
} else if ( http.responseText == shell.json.user ) {
|
||||
shell.cmdOut.innerHTML = "You cannot change the password for the " +
|
||||
"guest user";
|
||||
|
||||
shell.refreshPrompt ( false, false );
|
||||
return 1;
|
||||
}
|
||||
|
||||
shell.cmdOut.innerHTML += 'Old password: <input type="password" ' +
|
||||
'name="oldpassword" class="password" ' +
|
||||
'onkeyup="shell.keyOldPassword ( event )"><br/>' +
|
||||
'<span id="passwordText" style="visibility: hidden">' +
|
||||
'New password: </span><input type="password" ' +
|
||||
'name="password" class="password" ' +
|
||||
'onkeyup="shell.keyPassword ( event )"><br/>' +
|
||||
'<span id="repeatPasswordText" style="visibility: hidden">' +
|
||||
'Repeat new password: </span><input type="password" ' +
|
||||
'name="repeatPassword" class="password" style="visibility: hidden" ' +
|
||||
'onkeyup="shell.keyRepeatPassword ( event )"><br/>';
|
||||
|
||||
document.getElementsByName ( 'oldpassword' )[0].focus();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
http.send ( params );
|
||||
shell.cmdOut.innerHTML = '';
|
||||
return out;
|
||||
},
|
||||
}
|
||||
|
Binary file not shown.
|
@ -1,6 +1,39 @@
|
|||
<?php
|
||||
|
||||
include 'userlist.php';
|
||||
|
||||
function getUser ()
|
||||
{
|
||||
include 'userlist.php';
|
||||
|
||||
if ( isset ( $_COOKIE['username'] ) && isset ( $_COOKIE['auth'] ))
|
||||
{
|
||||
if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
|
||||
{
|
||||
return "Unable to open the users XML file\n";
|
||||
}
|
||||
|
||||
for ( $i = 0; $i < count ( $xml->user ); $i++ )
|
||||
{
|
||||
if ( !strcasecmp ( $xml->user[$i]['name'], $_COOKIE['username'] ))
|
||||
{
|
||||
$auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] );
|
||||
|
||||
if ( !strcasecmp ( $auth, $_COOKIE['auth'] ))
|
||||
{
|
||||
return $xml->user[$i]['name'];
|
||||
} else {
|
||||
return "guest";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return "guest";
|
||||
}
|
||||
|
||||
return "guest";
|
||||
}
|
||||
|
||||
$action = $_REQUEST['action'];
|
||||
|
||||
if ( $action == null )
|
||||
|
@ -104,40 +137,71 @@ switch ( $action )
|
|||
}
|
||||
|
||||
print "Username not found: '$username'\n";
|
||||
return 1;
|
||||
break;
|
||||
|
||||
case 'getuser':
|
||||
if ( isset ( $_COOKIE['username'] ) && isset ( $_COOKIE['auth'] ))
|
||||
print getUser();
|
||||
return 0;
|
||||
break;
|
||||
|
||||
case 'logout':
|
||||
setcookie ( 'username', '', 0, "/" );
|
||||
setcookie ( 'auth', '', 0, "/" );
|
||||
break;
|
||||
|
||||
case 'changepwd':
|
||||
$old_pass = $_REQUEST['oldpass'];
|
||||
$new_pass = $_REQUEST['newpass'];
|
||||
$user = $_REQUEST['user'];
|
||||
$cur_user = getUser();
|
||||
|
||||
// If the current user is not root and he's trying to change someone else's password, STOP HIM!
|
||||
if ( $cur_user != 'root' && $cur_user != $user )
|
||||
{
|
||||
print "You cannot change the password for the user '$user'\n";
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
|
||||
{
|
||||
print "Unable to open the users XML file\n";
|
||||
return 1;
|
||||
}
|
||||
|
||||
for ( $i = 0; $i < count ( $xml->user ) && !$found; $i++ )
|
||||
for ( $i = 0; $i < count ( $xml->user ); $i++ )
|
||||
{
|
||||
if ( !strcasecmp ( $xml->user[$i]['name'], $_COOKIE['username'] ))
|
||||
// If we've found the user whose password should be changed...
|
||||
if ( !strcasecmp ( $xml->user[$i]['name'], $user ))
|
||||
{
|
||||
$auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] );
|
||||
$found = true;
|
||||
|
||||
if ( !strcasecmp ( $auth, $_COOKIE['auth'] ))
|
||||
// If the current user is not root, check his own inserted current password
|
||||
if ( $cur_user != 'root' )
|
||||
{
|
||||
print $xml->user[$i]['name'];
|
||||
if ( $xml->user[$i]['pass'] != $old_pass )
|
||||
{
|
||||
print "The provided current password is wrong\n";
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
$xml->user[$i]['pass'] = $new_pass;
|
||||
|
||||
if ( !( $fp = fopen ( 'userlist.php', 'w' )))
|
||||
{
|
||||
print "Unable to change the password for the specified user, unknown error\n";
|
||||
return 1;
|
||||
}
|
||||
|
||||
fwrite ( $fp, "<?php\n\n\$xmlcontent = <<<XML\n" . $xml->asXML() . "\nXML;\n\n?>\n" );
|
||||
fclose ( $fp );
|
||||
|
||||
print 'Password successfully changed for the user '.$user."\n";
|
||||
return 0;
|
||||
} else {
|
||||
print "guest";
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
print "guest";
|
||||
return 1;
|
||||
}
|
||||
|
||||
print "guest";
|
||||
return 1;
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue