From b0ebdc55e4b5592ac528d61d16e28e4adf3435e3 Mon Sep 17 00:00:00 2001 From: Metabox Date: Thu, 30 May 2019 16:08:47 +1000 Subject: [PATCH] Passw change implemented. --- htdocs/cgi-bin/config.cgi | 121 +++++++++++++++++++++++++++++++++--- htdocs/cgi-bin/wsrc/main.js | 26 ++++---- 2 files changed, 124 insertions(+), 23 deletions(-) diff --git a/htdocs/cgi-bin/config.cgi b/htdocs/cgi-bin/config.cgi index fbf007c..06bdcf8 100755 --- a/htdocs/cgi-bin/config.cgi +++ b/htdocs/cgi-bin/config.cgi @@ -32,6 +32,9 @@ our $IMG_W_H = '210x120'; our $AUTO_WRD_LMT= 200; #END OF SETTINGS +#This is the OS developer release key, replace on istallation. As it is not secure. +my $cipher_key = '95d7a85ba891da'; + #15mg data post limit $CGI::POST_MAX = 1024 * 15000; my $LOGOUT = 0; @@ -84,15 +87,55 @@ $rv = $dbs->execute() or die or die "

Error->"& $DBI::errstri &"

"; my $status = "Ready for change!"; +print $cgi->header(-expires=>"+6s", -charset=>"UTF-8"); +print $cgi->start_html(-title => "Personal Log", -BGCOLOR=>"#c8fff8", + -onload => "loadedBody();", + -style => [ + { -type => 'text/css', -src => 'wsrc/main.css' }, + { -type => 'text/css', -src => 'wsrc/jquery-ui.css' }, + { -type => 'text/css', -src => 'wsrc/jquery-ui.theme.css' }, + { + -type => 'text/css', + -src => 'wsrc/jquery-ui-timepicker-addon.css' + }, + { -type => 'text/css', -src => 'wsrc/tip-skyblue/tip-skyblue.css' }, + { + -type => 'text/css', + -src => 'wsrc/tip-yellowsimple/tip-yellowsimple.css' + }, + ], + -script => [ + { -type => 'text/javascript', -src => 'wsrc/main.js' }, + { -type => 'text/javascript', -src => 'wsrc/jquery.js' }, + { -type => 'text/javascript', -src => 'wsrc/jquery-ui.js' }, + { + -type => 'text/javascript', + -src => 'wsrc/jquery-ui-timepicker-addon.js' + }, + { + -type => 'text/javascript', + -src => 'wsrc/jquery-ui-sliderAccess.js' + }, + { -type => 'text/javascript', -src => 'wsrc/jquery.poshytip.js' } + ], + ); + ############### &processSubmit; ############### -print $cgi->header(-expires=>"+6s", -charset=>"UTF-8"); -print $cgi->start_html(-title => "Personal Log", -BGCOLOR=>"#c8fff8", - -script=>{-type => 'text/javascript', -src => 'wsrc/main.js'}, - -style =>{-type => 'text/css', -src => 'wsrc/main.css'}, - ); +print qq(
+
+  + + +
+
+Stats
+Log
+
+LOGOUT +
); my $tbl = ' @@ -123,8 +166,8 @@ my $frm = qq( @@ -210,6 +253,20 @@ my $frmDB = qq(
* CATEGORIES CONFIGURATION *
WARNING! Removing or changing categories is permanent! Each category one must have an unique ID. - Blank a category name to remove it. LOG records will change to the Unspecified (id 1) category!
- The category Unspecified, can't be removed! + Blank a category name to remove it. LOG records will change to the + Unspecified (id 1) category! And the category Unspecified, can't be removed!

); +$tbl = qq( + + ); +my $frmPASS = qq( + $tbl + + + + + + + +
* CHANGE PASSWORD *
Existing:
New:
Confirmation:
Password change for -> $userid 

+ ); # #Page printout from here! @@ -220,6 +277,7 @@ my $prc_hdr = $PRC_WIDTH-2;
$frm
$frmVars
$frmDB
+
$frmPASS
 Configuration status -> $status 

@@ -314,14 +372,31 @@ sub processSubmit { my $change = $cgi->param("cchg"); my $chgsys = $cgi->param("sys"); my $chgdb = $cgi->param("db_fix"); +my $passch = $cgi->param("pass_change"); my $s; my $d; try{ - -if ($change == 1){ +if($passch){ + my ($ex,$ne,$cf) = ($cgi->param("existing"),$cgi->param("new"),$cgi->param("confirm")); + if($ne ne $cf){ + $status = "New password must match confirmation!"; + print "

Client Error: $status

"; + } + else{ + if(&confirmExistingPassword($ex)){ + &changePassword($ne); + $status = "Password Has Been Changed"; + } + else{ + $status = "Wrong existing password was entered, are you user by alias: $userid ?"; + print "

Client Error: $status

"; + } + } +} +elsif ($change == 1){ while(my @row = $dbs->fetchrow_array()) { @@ -416,10 +491,36 @@ catch{ "SERVER ERROR:".$_. "

"; } +} +sub confirmExistingPassword { + my $pass = $_[0]; + my $crypt = encryptPassw($pass); + my $sql = "SELECT ALIAS, PASSW from AUTH WHERE ALIAS='$userid' AND PASSW='$crypt';"; + # print "

DEBUG:[$pass]
$sql

"; + $dbs = $db->prepare($sql); + $dbs->execute(); + if($dbs->fetchrow_array()){ + return 1; + } + return 0; +} +sub changePassword { + my $pass = encryptPassw($_[0]); + $dbs = $db->prepare("UPDATE AUTH SET PASSW='$pass' WHERE ALIAS='$userid';"); + $dbs->execute(); + if($dbs->fetchrow_array()){ + return 1; + } + return 0; } +sub encryptPassw { + return uc crypt $_[0], hex $cipher_key; +} + + -sub processDBFix{ +sub processDBFix { my $rs_syst = $cgi->param("reset_syst"); my $rs_cats = $cgi->param("reset_cats"); diff --git a/htdocs/cgi-bin/wsrc/main.js b/htdocs/cgi-bin/wsrc/main.js index 12a398b..5740e09 100644 --- a/htdocs/cgi-bin/wsrc/main.js +++ b/htdocs/cgi-bin/wsrc/main.js @@ -67,19 +67,6 @@ function loadedBody(toggle) { $("input[type=submit], input[type=reset], .ui-widget-content, button, .a_").button(); - document.getElementById("log_submit").addEventListener("click", encodeText); - - var lst = document.getElementById("cat_lst"); - var children = lst.childNodes; - - for (var i = 0; i < children.length; i++) { - _MAP.set(children[i].id, children[i].innerHTML); - } - // $('#ec').hide(); - // helpSelCategory($('#ec')); - $('#ec').show(); - - $(window).scroll(function() { if (!MNU_SCROLLING) { $('#floating_menu').fadeOut(2000, function() { @@ -103,6 +90,19 @@ function loadedBody(toggle) { }) // }) }); + + + document.getElementById("log_submit").addEventListener("click", encodeText); + + var lst = document.getElementById("cat_lst"); + var children = lst.childNodes; + + for (var i = 0; i < children.length; i++) { + _MAP.set(children[i].id, children[i].innerHTML); + } + + $('#ec').show(); + } function showFloatingMenu() { -- 2.34.1