passwd command added

blash.json

@@ -195,6 +195,7 @@
 		"logout",
 		"ls",
 		"man",
+		"passwd",
 		"pwd",
 		"su",
 		"useradd",

commands/logout.json

@@ -17,6 +17,17 @@
 
 		shell.user = shell.json.user;
 		document.cookie = '';
+
+		var users_php = window.location.href;
+		users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
+		params = 'action=logout';
+
+		var http = new XMLHttpRequest();
+		http.open ( "POST", users_php, true );
+		http.setRequestHeader( "Content-type", "application/x-www-form-urlencoded" );
+		http.setRequestHeader( "Content-length", params.length );
+		http.setRequestHeader( "Connection", "close" );
+		http.send ( params );
 		return out;
 	},
 }

commands/passwd.json

@@ -0,0 +1,185 @@
+{
+	"name" : "passwd",
+
+	"info" : {
+		"syntax" : "passwd",
+		"brief" : "Change the user password",
+	},
+
+	"keyOldPassword" : function ( e )
+	{
+		var evt = ( window.event ) ? window.event : e;
+		var key = ( evt.charCode ) ? evt.charCode : evt.keyCode;
+		var oldpassword = document.getElementsByName ( "oldpassword" )[0];
+		var password = document.getElementsByName ( "password" )[0];
+		var passwordText = document.getElementById ( "passwordText" );
+
+		if ( key == 13 && oldpassword.value.length > 0 )
+		{
+			password.style.visibility = 'visible';
+			passwordText.style.visibility = 'visible';
+			password.focus();
+		}
+	},
+
+	"keyPassword" : function ( e )
+	{
+		var evt = ( window.event ) ? window.event : e;
+		var key = ( evt.charCode ) ? evt.charCode : evt.keyCode;
+		var password = document.getElementsByName ( "password" )[0];
+		var repeatPassword = document.getElementsByName ( "repeatPassword" )[0];
+		var repeatPasswordText = document.getElementById ( "repeatPasswordText" );
+
+		if ( key == 13 && password.value.length > 0 )
+		{
+			repeatPassword.style.visibility = 'visible';
+			repeatPasswordText.style.visibility = 'visible';
+			repeatPassword.focus();
+		}
+	},
+
+	"keyRepeatPassword" : function ( e )
+	{
+		var evt = ( window.event ) ? window.event : e;
+		var key = ( evt.charCode ) ? evt.charCode : evt.keyCode;
+		var oldpassword = document.getElementsByName ( "oldpassword" )[0];
+		var password = document.getElementsByName ( "password" )[0];
+		var repeatPassword = document.getElementsByName ( "repeatPassword" )[0];
+		var repeatPasswordText = document.getElementById ( "repeatPasswordText" );
+
+		if ( key == 13 && password.value.length > 0 )
+		{
+			if ( password.value != repeatPassword.value )
+			{
+				shell.cmdOut.innerHTML = 'The passwords do not match';
+			} else {
+				var users_php = window.location.href;
+				users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
+				params = 'action=changepwd&user=' + escape ( shell.newuser ) + '&newpass=' + md5 ( password.value );
+
+				if ( shell.curUser != 'root' )
+				{
+					params += '&oldpass=' + md5 ( oldpassword.value );
+				}
+
+				var http = new XMLHttpRequest();
+				http.open ( "POST", users_php, true );
+				http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+				http.setRequestHeader("Content-length", params.length);
+				http.setRequestHeader("Connection", "close");
+
+				http.onreadystatechange = function ()
+				{
+					if ( http.readyState == 4 && http.status == 200 )
+					{
+						if ( http.responseText.length > 0 )
+						{
+							shell.cmdOut.innerHTML = http.responseText;
+						} else {
+							shell.cmdOut.innerHTML = '';
+						}
+
+						shell.refreshPrompt ( false, false );
+					}
+				}
+
+				http.send ( params );
+				shell.cmdOut.innerHTML = '';
+			}
+
+			shell.auto_prompt_focus = true;
+			shell.auto_prompt_refresh = true;
+			shell.refreshPrompt ( false, false );
+		}
+	},
+
+	"action" : function ( arg )
+	{
+		var out = '';
+
+		shell.auto_prompt_focus = false;
+		shell.auto_prompt_refresh = false;
+		shell.newuser = arg;
+		shell.keyOldPassword = this.keyOldPassword;
+		shell.keyPassword = this.keyPassword;
+		shell.keyRepeatPassword = this.keyRepeatPassword;
+
+		var users_php = window.location.href;
+		users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
+		params = 'action=getuser';
+
+		var http = new XMLHttpRequest();
+		http.open ( "POST", users_php, true );
+		http.setRequestHeader( "Content-type", "application/x-www-form-urlencoded" );
+		http.setRequestHeader( "Content-length", params.length );
+		http.setRequestHeader( "Connection", "close" );
+
+		http.onreadystatechange = function ()
+		{
+			if ( http.readyState == 4 && http.status == 200 )
+			{
+				if ( shell.__first_cmd )
+				{
+					shell.cmdOut.innerHTML = '<br/>';
+					shell.__first_cmd = false;
+				} else {
+					shell.cmdOut.innerHTML = '';
+				}
+
+				shell.curUser = http.responseText;
+
+				if ( !arg || arg.length == 0 )
+				{
+					shell.newuser = http.responseText;
+				}
+
+				if ( http.responseText == 'root' )
+				{
+					shell.cmdOut.innerHTML += 'New password: <input type="password" ' +
+						'name="password" class="password" ' +
+						'onkeyup="shell.keyPassword ( event )"><br/>' +
+						'<span id="repeatPasswordText" style="visibility: hidden">' +
+						'Repeat new password: </span><input type="password" ' +
+						'name="repeatPassword" class="password" style="visibility: hidden" ' +
+						'onkeyup="shell.keyRepeatPassword ( event )"><br/>';
+
+					document.getElementsByName ( 'password' )[0].focus();
+				} else {
+					if ( shell.newuser.length > 0 && shell.newuser != http.responseText )
+					{
+						shell.cmdOut.innerHTML = "You cannot change the password for user '" +
+							shell.newuser + "'";
+
+						shell.refreshPrompt ( false, false );
+						return 1;
+					} else if ( http.responseText == shell.json.user ) {
+						shell.cmdOut.innerHTML = "You cannot change the password for the " +
+							"guest user";
+
+						shell.refreshPrompt ( false, false );
+						return 1;
+					}
+
+					shell.cmdOut.innerHTML += 'Old password: <input type="password" ' +
+						'name="oldpassword" class="password" ' +
+						'onkeyup="shell.keyOldPassword ( event )"><br/>' +
+						'<span id="passwordText" style="visibility: hidden">' +
+						'New password: </span><input type="password" ' +
+						'name="password" class="password" ' +
+						'onkeyup="shell.keyPassword ( event )"><br/>' +
+						'<span id="repeatPasswordText" style="visibility: hidden">' +
+						'Repeat new password: </span><input type="password" ' +
+						'name="repeatPassword" class="password" style="visibility: hidden" ' +
+						'onkeyup="shell.keyRepeatPassword ( event )"><br/>';
+
+					document.getElementsByName ( 'oldpassword' )[0].focus();
+				}
+			}
+		}
+
+		http.send ( params );
+		shell.cmdOut.innerHTML = '';
+		return out;
+	},
+}
+

modules/users/users.php

@@ -1,6 +1,39 @@
 <?php
 
 include 'userlist.php';
+
+function getUser ()
+{
+	include 'userlist.php';
+
+	if ( isset ( $_COOKIE['username'] ) && isset ( $_COOKIE['auth'] ))
+	{
+		if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
+		{
+			return "Unable to open the users XML file\n";
+		}
+
+		for ( $i = 0; $i < count ( $xml->user ); $i++ )
+		{
+			if ( !strcasecmp ( $xml->user[$i]['name'], $_COOKIE['username'] ))
+			{
+				$auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] );
+
+				if ( !strcasecmp ( $auth, $_COOKIE['auth'] ))
+				{
+					return $xml->user[$i]['name'];
+				} else {
+					return "guest";
+				}
+			}
+		}
+
+		return "guest";
+	}
+
+	return "guest";
+}
+
 $action = $_REQUEST['action'];
 
 if ( $action == null )
@@ -104,40 +137,71 @@ switch ( $action )
 		}
 
 		print "Username not found: '$username'\n";
+		return 1;
 		break;
 
 	case 'getuser':
-		if ( isset ( $_COOKIE['username'] ) && isset ( $_COOKIE['auth'] ))
+		print getUser();
+		return 0;
+		break;
+
+	case 'logout':
+		setcookie ( 'username', '', 0, "/" );
+		setcookie ( 'auth', '', 0, "/" );
+		break;
+
+	case 'changepwd':
+		$old_pass = $_REQUEST['oldpass'];
+		$new_pass = $_REQUEST['newpass'];
+		$user = $_REQUEST['user'];
+		$cur_user = getUser();
+
+		// If the current user is not root and he's trying to change someone else's password, STOP HIM!
+		if ( $cur_user != 'root' && $cur_user != $user )
 		{
-			if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
-			{
-				print "Unable to open the users XML file\n";
-				return 1;
-			}
-
-			for ( $i = 0; $i < count ( $xml->user ) && !$found; $i++ )
-			{
-				if ( !strcasecmp ( $xml->user[$i]['name'], $_COOKIE['username'] ))
-				{
-					$auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] );
-
-					if ( !strcasecmp ( $auth, $_COOKIE['auth'] ))
-					{
-						print $xml->user[$i]['name'];
-						return 0;
-					} else {
-						print "guest";
-						return 1;
-					}
-				}
-			}
-
-			print "guest";
+			print "You cannot change the password for the user '$user'\n";
 			return 1;
 		}
 
-		print "guest";
-		return 1;
+		if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
+		{
+			print "Unable to open the users XML file\n";
+			return 1;
+		}
+
+		for ( $i = 0; $i < count ( $xml->user ); $i++ )
+		{
+			// If we've found the user whose password should be changed...
+			if ( !strcasecmp ( $xml->user[$i]['name'], $user ))
+			{
+				$found = true;
+
+				// If the current user is not root, check his own inserted current password
+				if ( $cur_user != 'root' )
+				{
+					if ( $xml->user[$i]['pass'] != $old_pass )
+					{
+						print "The provided current password is wrong\n";
+						return 1;
+					}
+				}
+
+				$xml->user[$i]['pass'] = $new_pass;
+
+				if ( !( $fp = fopen ( 'userlist.php', 'w' )))
+				{
+					print "Unable to change the password for the specified user, unknown error\n";
+					return 1;
+				}
+
+				fwrite ( $fp, "<?php\n\n\$xmlcontent = <<<XML\n" . $xml->asXML() . "\nXML;\n\n?>\n" );
+				fclose ( $fp );
+
+				print 'Password successfully changed for the user '.$user."\n";
+				return 0;
+			}
+		}
+
 		break;
 }