#!/usr/bin/perl -w ## CGI to allow people to change their SVN password ## $Id: passwd.pl 913 2005-02-20 05:54:02Z tvd $ use strict; use CGI qw/:standard/; my $user_auth = '/home/svn/conf/dav_svn.passwd'; my $sudo = '/usr/bin/sudo'; my $htpasswd = '/usr/bin/htpasswd'; my $curuser = $ENV{'REMOTE_USER'}; print header, start_html(-title => 'Subversion Passphrase Changing'); unless (defined $curuser) { print h1("Who are you !?!"),"\n"; print end_html; exit 255; } if (param()) { my $pw = param('passphrase') || ''; my $vpw = param('verify') || ''; my $user = param('user') || ''; if ($user ne $curuser) { print h1("Stop trying to crack me!"),"\n"; } elsif (length($pw) < 6) { print "Sorry, the passphrase needs to be at least 6 characters long\n"; } elsif (length($pw) > 80) { print "Sorry, the passphrase can only be 80 characters maximum\n"; } elsif ($pw ne $vpw) { print "The passphrase and the verification don't match, please go back and try again.\n"; } else { # errors from htpasswd goto stderr, so shunt it to stdout before running htpasswd open STDERR, ">&STDOUT"; # the braces get around a perl warning if (system($sudo, $htpasswd, '-b', '-m', $user_auth, $user, $pw) != 0) { print "\n

Error: Could not change the password!

\n"; exit 255; } else { print "\n

Password Updated!

\n"; } } print end_html; } else { print p("Hello $curuser, please enter your new choice of passphrase below, and then verify it by entering it again."),"\n", start_form, hidden(-name => 'user', -default => $curuser),"\n", strong("Passphrase: "),password_field(-name => 'passphrase', -size => 32, -maxlength => 80), "(6-80 chars)",br,"\n", strong("Verify: "),password_field(-name => 'verify', -size => 32, -maxlength => 80),p,"\n", submit, end_form, "\n", end_html,"\n"; }