Modifier password.cgi

21 réponses

Paul Sellis

11/09/2003 à 13:33

J'utilise le script password.cgi.

Pour faciliter l'administration, je souhaiterais que sur la page où l'on
présente des utilisateurs déjà inscripts (Current Users), en plus de
leur nom on ait aussi leur Password non crypté.

Mais évidemment je n'y connais rien en Perl... comment faire ça ?

#!/usr/bin/perl
# Copyright by Floyd Morrissette Floyd@NewWebSite.com
# Make sure you chmod 755 or make it executable by everybody.
# And of course make sure you rename this file to password.cgi
# Change the following variable to the way your forms should call cgi
scripts on your system. No trailing slash.

$action = "http://www.you-site.com/cgi-bin";

print "Content-type: text/html\n\n";
$pwd = `pwd`;
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/~!/ ~!/g; $FORM{$name} = $value;}
$directory = $FORM{'directory'};
$user = $FORM{'user'};
$path = $FORM{'path'};
$name = $FORM{'name'};
$password = $FORM{'password'};
$newpass = crypt($password, tnnntv);
if ($FORM{'submit'} eq "Add") {
&encrypt
}elsif ($FORM{'submit'} eq "Submit"){
&form2;
}elsif ($FORM{'submit'} eq "Delete"){
&delete;
}else{
&form;
}
sub form{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Password Manager</b></font></td>
</tr>
</table>
<p>Which directory would you like to manage passwords for?</p>
<form method="POST" action="$action/password.cgi">
<p>
The current full directory path for the password.cgi is
<b>$pwd</b><br><br>
Directory: <input type="text" name="directory" size="20"><br>
<input type="submit" value="Submit" name="submit"></p>
</form>
<p> </p>
</body>
</html>
HTML
}
sub form2{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Now
Managing Passwords for:<br> $directory</b></font></td>
</tr>
</table>
<form action ="$action/password.cgi" method="post">
<table>
<tr>
<td>New member:</td><td><input type="text" name="name"></td>
</tr>
<tr>
<td>Password:</td><td><input type="text" name="password"></td>
</tr>
<tr>
<td colspan=2><input type="submit" value="Add" name="submit"></td>
</tr>
</table>
<p>Current Users:<br>
HTML
open (FILE1, "$directory/.htaccess") || print "There does not appear to
be a .htaccess file here yet. <br>Will attempt to create when you add a
new user.\n";
@ht=<FILE1>;
close(FILE1);
foreach $ht(@ht){
chomp($ht);
if ($ht =~ /require/){
@require = split(/ /, $ht);
@require = reverse(@require);
$old = pop(@require);
$old2 = pop(@require);
@require = reverse(@require);
foreach $require(@require){
print "<input type=\"radio\" name=\"user\"
value=\"$require\">$require<br>\n";
}
}
}
print <<HTML;
<p><br>
<input type="submit" value="Delete" name="submit">
<input type="hidden" name="directory" value="$directory">
</form>
<p> 
<p> 
<p> 
<p><br>
</form>
</body>
</html>
HTML
}
sub encrypt{
if (-e "$directory/.htaccess"){
open (PANEL, "$directory/.htaccess") || print "Can't open
$directory/.htaccess\n";
@panel = <PANEL>;
close (PANEL);
open (FILE2, ">$directory/.htaccess");
foreach $panel(@panel){
chomp($panel);
if ($panel =~ /require/){
$panel = $panel.$FORM{name}." ";
}
print FILE2 "$panel\n";
}
close (FILE2);
$newpass = crypt($FORM{password}, tnnntv);
open (PANEL, ">>$directory/.htpasswd") || die print "Can't open
.htpasswd";
print PANEL "$FORM{name}:$newpass\n";
close (PANEL);
}else{
open (FILE, ">$directory/.htaccess") || die print "Can't open
$directory/.htaccess";
print FILE "AuthUserFile $directory/.htpasswd\nAuthName
\"Access\"\nAuthType Basic\n<limit GET>\nrequire user
$FORM{name}\n</limit>\n";
close(FILE);
open (FILE2, ">$directory/.htpasswd") || die print "Can't open
$directory/.htpasswd";
print FILE2 "$FORM{name}:$newpass\n";
close(FILE2);
}
&form2;
}
sub delete{
if ($user ne ""){
open (FILE, "$directory/.htaccess");
@htaccess=<FILE>;
close(FILE);
open (FILE2, ">$directory/.htaccess");
foreach $htaccess(@htaccess){
chomp($htaccess);
$htaccess =~ s/$user\s//;
print FILE2 "$htaccess\n";
}
close(FILE2);
open (FILE3, "$directory/.htpasswd");
@password=<FILE3>;
close(FILE3);
open (FILE4, ">$directory/.htpasswd");
foreach $password(@password){
chomp($password);
print FILE4 "$password\n" unless ($password =~ /\b$user\b/);
}
}
&form2;
}

10 réponses

1 2 3

Paul GABORIT

11/09/2003 à 13:52

À (at) Thu, 11 Sep 2003 13:33:35 +0200,
Paul Sellis écrivait (wrote):

J'utilise le script password.cgi.
[...]

#!/usr/bin/perl
# Copyright by Floyd Morrissette
[...]

Sur quel(s) site(s) utilisez-vous ce script ?

Je cherche des sites facilement piratables et le votre avec ce script est un
vrai gruyère ! :-(

PS: tous les systèmes de stockage de mots de passe bien conçus ne stockent
*jamais* le mot de passe en clair.

--
Paul Gaborit - <http://www.enstimac.fr/~gaborit/>
Perl en français - <http://www.enstimac.fr/Perl/>
Remove '.OOO' from e-mail address - Supprimez '.OOO' de l'adresse e-mail

Mickëy

11/09/2003 à 14:02

remplace <input type="text" name="password">
par <input TYPE="password" name="password">

Le mieu pour que ton script soit plus claire est de faire:

#!/usr/bin/perl
use CGI;
$query=new CGI;
...
print $cgi->start_html(),
$cgi->start_form(),
$cgi->textfield(
-name=>'name',
-size=>25
-maxlength=>25
),
$query->password_field(
-name=>'password',
-size=>25,
-maxlength=>25
);
print $query->submit(
-name=>'submit',
-value=>'Add'
);
...
print $cgi->end_form,
$cgi->end_html;
--
Mickëy

Paul Sellis wrote:

J'utilise le script password.cgi.

Pour faciliter l'administration, je souhaiterais que sur la page où l'on
présente des utilisateurs déjà inscripts (Current Users), en plus de
leur nom on ait aussi leur Password non crypté.

Mais évidemment je n'y connais rien en Perl... comment faire ça ?

#!/usr/bin/perl
# Copyright by Floyd Morrissette
# Make sure you chmod 755 or make it executable by everybody.
# And of course make sure you rename this file to password.cgi
# Change the following variable to the way your forms should call cgi
scripts on your system. No trailing slash.

$action = "http://www.you-site.com/cgi-bin";

print "Content-type: text/htmlnn";
$pwd = `pwd`;
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/~!/ ~!/g; $FORM{$name} = $value;}
$directory = $FORM{'directory'};
$user = $FORM{'user'};
$path = $FORM{'path'};
$name = $FORM{'name'};
$password = $FORM{'password'};
$newpass = crypt($password, tnnntv);
if ($FORM{'submit'} eq "Add") {
&encrypt
}elsif ($FORM{'submit'} eq "Submit"){
&form2;
}elsif ($FORM{'submit'} eq "Delete"){
&delete;
}else{
&form;
}
sub form{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Password Manager</b></font></td>
</tr>
</table>
<p>Which directory would you like to manage passwords for?</p>
<form method="POST" action="$action/password.cgi">
<p>
The current full directory path for the password.cgi is
<b>$pwd</b><br><br>
Directory: <input type="text" name="directory" size="20"><br>
<input type="submit" value="Submit" name="submit"></p>
</form>
<p> </p>
</body>
</html>
HTML
}
sub form2{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Now
Managing Passwords for:<br> $directory</b></font></td>
</tr>
</table>
<form action ="$action/password.cgi" method="post">
<table>
<tr>
<td>New member:</td><td><input type="text" name="name"></td>
</tr>
<tr>
<td>Password:</td><td><input type="text" name="password"></td>
</tr>
<tr>
<td colspan=2><input type="submit" value="Add" name="submit"></td>
</tr>
</table>
<p>Current Users:<br>
HTML
open (FILE1, "$directory/.htaccess") || print "There does not appear to
be a .htaccess file here yet. <br>Will attempt to create when you add a
new user.n";
@ht=<FILE1>;
close(FILE1);
foreach $ht(@ht){
chomp($ht);
if ($ht =~ /require/){
@require = split(/ /, $ht);
@require = reverse(@require);
$old = pop(@require);
$old2 = pop(@require);
@require = reverse(@require);
foreach $require(@require){
print "<input type="radio" name="user"
value="$require">$require<br>n";
}
}
}
print <<HTML;
<p><br>
<input type="submit" value="Delete" name="submit">
<input type="hidden" name="directory" value="$directory">
</form>
<p> 
<p> 
<p> 
<p><br>
</form>
</body>
</html>
HTML
}
sub encrypt{
if (-e "$directory/.htaccess"){
open (PANEL, "$directory/.htaccess") || print "Can't open
$directory/.htaccessn";
@panel = <PANEL>;
close (PANEL);
open (FILE2, ">$directory/.htaccess");
foreach $panel(@panel){
chomp($panel);
if ($panel =~ /require/){
$panel = $panel.$FORM{name}." ";
}
print FILE2 "$paneln";
}
close (FILE2);
$newpass = crypt($FORM{password}, tnnntv);
open (PANEL, ">>$directory/.htpasswd") || die print "Can't open
.htpasswd";
print PANEL "$FORM{name}:$newpassn";
close (PANEL);
}else{
open (FILE, ">$directory/.htaccess") || die print "Can't open
$directory/.htaccess";
print FILE "AuthUserFile $directory/.htpasswdnAuthName
"Access"nAuthType Basicn<limit GET>nrequire user
$FORM{name}n</limit>n";
close(FILE);
open (FILE2, ">$directory/.htpasswd") || die print "Can't open
$directory/.htpasswd";
print FILE2 "$FORM{name}:$newpassn";
close(FILE2);
}
&form2;
}
sub delete{
if ($user ne ""){
open (FILE, "$directory/.htaccess");
@htaccess=<FILE>;
close(FILE);
open (FILE2, ">$directory/.htaccess");
foreach $htaccess(@htaccess){
chomp($htaccess);
$htaccess =~ s/$users//;
print FILE2 "$htaccessn";
}
close(FILE2);
open (FILE3, "$directory/.htpasswd");
@password=<FILE3>;
close(FILE3);
open (FILE4, ">$directory/.htpasswd");
foreach $password(@password){
chomp($password);
print FILE4 "$passwordn" unless ($password =~ /b$userb/);
}
}
&form2;
}

J'utilise le script password.cgi.

Pour faciliter l'administration, je souhaiterais que sur la page où l'on
présente des utilisateurs déjà inscripts (Current Users), en plus de
leur nom on ait aussi leur Password non crypté.

Mais évidemment je n'y connais rien en Perl... comment faire ça ?

#!/usr/bin/perl
# Copyright by Floyd Morrissette Floyd@NewWebSite.com
# Make sure you chmod 755 or make it executable by everybody.
# And of course make sure you rename this file to password.cgi
# Change the following variable to the way your forms should call cgi
scripts on your system. No trailing slash.

$action = "http://www.you-site.com/cgi-bin";

print "Content-type: text/htmlnn";
$pwd = `pwd`;
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/~!/ ~!/g; $FORM{$name} = $value;}
$directory = $FORM{'directory'};
$user = $FORM{'user'};
$path = $FORM{'path'};
$name = $FORM{'name'};
$password = $FORM{'password'};
$newpass = crypt($password, tnnntv);
if ($FORM{'submit'} eq "Add") {
&encrypt
}elsif ($FORM{'submit'} eq "Submit"){
&form2;
}elsif ($FORM{'submit'} eq "Delete"){
&delete;
}else{
&form;
}
sub form{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Password Manager</b></font></td>
</tr>
</table>
<p>Which directory would you like to manage passwords for?</p>
<form method="POST" action="$action/password.cgi">
<p>
The current full directory path for the password.cgi is
<b>$pwd</b><br><br>
Directory: <input type="text" name="directory" size="20"><br>
<input type="submit" value="Submit" name="submit"></p>
</form>
<p> </p>
</body>
</html>
HTML
}
sub form2{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Now
Managing Passwords for:<br> $directory</b></font></td>
</tr>
</table>
<form action ="$action/password.cgi" method="post">
<table>
<tr>
<td>New member:</td><td><input type="text" name="name"></td>
</tr>
<tr>
<td>Password:</td><td><input type="text" name="password"></td>
</tr>
<tr>
<td colspan=2><input type="submit" value="Add" name="submit"></td>
</tr>
</table>
<p>Current Users:<br>
HTML
open (FILE1, "$directory/.htaccess") || print "There does not appear to
be a .htaccess file here yet. <br>Will attempt to create when you add a
new user.n";
@ht=<FILE1>;
close(FILE1);
foreach $ht(@ht){
chomp($ht);
if ($ht =~ /require/){
@require = split(/ /, $ht);
@require = reverse(@require);
$old = pop(@require);
$old2 = pop(@require);
@require = reverse(@require);
foreach $require(@require){
print "<input type="radio" name="user"
value="$require">$require<br>n";
}
}
}
print <<HTML;
<p><br>
<input type="submit" value="Delete" name="submit">
<input type="hidden" name="directory" value="$directory">
</form>
<p> 
<p> 
<p> 
<p><br>
</form>
</body>
</html>
HTML
}
sub encrypt{
if (-e "$directory/.htaccess"){
open (PANEL, "$directory/.htaccess") || print "Can't open
$directory/.htaccessn";
@panel = <PANEL>;
close (PANEL);
open (FILE2, ">$directory/.htaccess");
foreach $panel(@panel){
chomp($panel);
if ($panel =~ /require/){
$panel = $panel.$FORM{name}." ";
}
print FILE2 "$paneln";
}
close (FILE2);
$newpass = crypt($FORM{password}, tnnntv);
open (PANEL, ">>$directory/.htpasswd") || die print "Can't open
.htpasswd";
print PANEL "$FORM{name}:$newpassn";
close (PANEL);
}else{
open (FILE, ">$directory/.htaccess") || die print "Can't open
$directory/.htaccess";
print FILE "AuthUserFile $directory/.htpasswdnAuthName
"Access"nAuthType Basicn<limit GET>nrequire user
$FORM{name}n</limit>n";
close(FILE);
open (FILE2, ">$directory/.htpasswd") || die print "Can't open
$directory/.htpasswd";
print FILE2 "$FORM{name}:$newpassn";
close(FILE2);
}
&form2;
}
sub delete{
if ($user ne ""){
open (FILE, "$directory/.htaccess");
@htaccess=<FILE>;
close(FILE);
open (FILE2, ">$directory/.htaccess");
foreach $htaccess(@htaccess){
chomp($htaccess);
$htaccess =~ s/$users//;
print FILE2 "$htaccessn";
}
close(FILE2);
open (FILE3, "$directory/.htpasswd");
@password=<FILE3>;
close(FILE3);
open (FILE4, ">$directory/.htpasswd");
foreach $password(@password){
chomp($password);
print FILE4 "$passwordn" unless ($password =~ /b$userb/);
}
}
&form2;
}

Vous avez filtré cet utilisateur ! Consultez son message

J'utilise le script password.cgi.

Pour faciliter l'administration, je souhaiterais que sur la page où l'on
présente des utilisateurs déjà inscripts (Current Users), en plus de
leur nom on ait aussi leur Password non crypté.

Mais évidemment je n'y connais rien en Perl... comment faire ça ?

#!/usr/bin/perl
# Copyright by Floyd Morrissette
# Make sure you chmod 755 or make it executable by everybody.
# And of course make sure you rename this file to password.cgi
# Change the following variable to the way your forms should call cgi
scripts on your system. No trailing slash.

$action = "http://www.you-site.com/cgi-bin";

print "Content-type: text/htmlnn";
$pwd = `pwd`;
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/~!/ ~!/g; $FORM{$name} = $value;}
$directory = $FORM{'directory'};
$user = $FORM{'user'};
$path = $FORM{'path'};
$name = $FORM{'name'};
$password = $FORM{'password'};
$newpass = crypt($password, tnnntv);
if ($FORM{'submit'} eq "Add") {
&encrypt
}elsif ($FORM{'submit'} eq "Submit"){
&form2;
}elsif ($FORM{'submit'} eq "Delete"){
&delete;
}else{
&form;
}
sub form{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Password Manager</b></font></td>
</tr>
</table>
<p>Which directory would you like to manage passwords for?</p>
<form method="POST" action="$action/password.cgi">
<p>
The current full directory path for the password.cgi is
<b>$pwd</b><br><br>
Directory: <input type="text" name="directory" size="20"><br>
<input type="submit" value="Submit" name="submit"></p>
</form>
<p> </p>
</body>
</html>
HTML
}
sub form2{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Now
Managing Passwords for:<br> $directory</b></font></td>
</tr>
</table>
<form action ="$action/password.cgi" method="post">
<table>
<tr>
<td>New member:</td><td><input type="text" name="name"></td>
</tr>
<tr>
<td>Password:</td><td><input type="text" name="password"></td>
</tr>
<tr>
<td colspan=2><input type="submit" value="Add" name="submit"></td>
</tr>
</table>
<p>Current Users:<br>
HTML
open (FILE1, "$directory/.htaccess") || print "There does not appear to
be a .htaccess file here yet. <br>Will attempt to create when you add a
new user.n";
@ht=<FILE1>;
close(FILE1);
foreach $ht(@ht){
chomp($ht);
if ($ht =~ /require/){
@require = split(/ /, $ht);
@require = reverse(@require);
$old = pop(@require);
$old2 = pop(@require);
@require = reverse(@require);
foreach $require(@require){
print "<input type="radio" name="user"
value="$require">$require<br>n";
}
}
}
print <<HTML;
<p><br>
<input type="submit" value="Delete" name="submit">
<input type="hidden" name="directory" value="$directory">
</form>
<p> 
<p> 
<p> 
<p><br>
</form>
</body>
</html>
HTML
}
sub encrypt{
if (-e "$directory/.htaccess"){
open (PANEL, "$directory/.htaccess") || print "Can't open
$directory/.htaccessn";
@panel = <PANEL>;
close (PANEL);
open (FILE2, ">$directory/.htaccess");
foreach $panel(@panel){
chomp($panel);
if ($panel =~ /require/){
$panel = $panel.$FORM{name}." ";
}
print FILE2 "$paneln";
}
close (FILE2);
$newpass = crypt($FORM{password}, tnnntv);
open (PANEL, ">>$directory/.htpasswd") || die print "Can't open
.htpasswd";
print PANEL "$FORM{name}:$newpassn";
close (PANEL);
}else{
open (FILE, ">$directory/.htaccess") || die print "Can't open
$directory/.htaccess";
print FILE "AuthUserFile $directory/.htpasswdnAuthName
"Access"nAuthType Basicn<limit GET>nrequire user
$FORM{name}n</limit>n";
close(FILE);
open (FILE2, ">$directory/.htpasswd") || die print "Can't open
$directory/.htpasswd";
print FILE2 "$FORM{name}:$newpassn";
close(FILE2);
}
&form2;
}
sub delete{
if ($user ne ""){
open (FILE, "$directory/.htaccess");
@htaccess=<FILE>;
close(FILE);
open (FILE2, ">$directory/.htaccess");
foreach $htaccess(@htaccess){
chomp($htaccess);
$htaccess =~ s/$users//;
print FILE2 "$htaccessn";
}
close(FILE2);
open (FILE3, "$directory/.htpasswd");
@password=<FILE3>;
close(FILE3);
open (FILE4, ">$directory/.htpasswd");
foreach $password(@password){
chomp($password);
print FILE4 "$passwordn" unless ($password =~ /b$userb/);
}
}
&form2;
}

Paul Sellis

11/09/2003 à 18:37

In article ,
Paul GABORIT wrote:

# Copyright by Floyd Morrissette
[...]

oui. J'ai contacté l'auteur. J'attends sa réponse.

Sur quel(s) site(s) utilisez-vous ce script ?
Je cherche des sites facilement piratables et le votre avec ce script est un
vrai gruyère ! :-(

hum... c'est très possible que ce soit du gruyère.

Vous auriez un script à me recommander qui soit sécurisé et qui permette
une administration simple des mots de passe et des répertoires à
protéger ?
Et bien sûr si possible gratuit...

Paul Sellis

11/09/2003 à 18:38

In article <3f6063f4$0$2799$,
Mickëy wrote:

remplace <input type="text" name="password">
par <input TYPE="password" name="password">

ça n'a pas fonctionné (sauf erreur de manip très possible à mon
niveau...).

Le mieu pour que ton script soit plus claire est de faire:
#!/usr/bin/perl
use CGI;
$query=new CGI;
...
print $cgi->start_html(),
$cgi->start_form(),
$cgi->textfield(
-name=>'name',
-size=>25
-maxlength=>25
),
$query->password_field(
-name=>'password',
-size=>25,
-maxlength=>25
);
print $query->submit(
-name=>'submit',
-value=>'Add'
);
...
print $cgi->end_form,
$cgi->end_html;

Là, je ne vois pas bien où je dois faire les copier/coller...
si ce n'est pas trop demander, tu peux préciser ?
Merci

--
Mickëy

Paul Sellis wrote:
J'utilise le script password.cgi.

Pour faciliter l'administration, je souhaiterais que sur la page où l'on
présente des utilisateurs déjà inscripts (Current Users), en plus de
leur nom on ait aussi leur Password non crypté.

Mais évidemment je n'y connais rien en Perl... comment faire ça ?

#!/usr/bin/perl
# Copyright by Floyd Morrissette
# Make sure you chmod 755 or make it executable by everybody.
# And of course make sure you rename this file to password.cgi
# Change the following variable to the way your forms should call cgi
scripts on your system. No trailing slash.

$action = "http://www.you-site.com/cgi-bin";

print "Content-type: text/htmlnn";
$pwd = `pwd`;
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/~!/ ~!/g; $FORM{$name} = $value;}
$directory = $FORM{'directory'};
$user = $FORM{'user'};
$path = $FORM{'path'};
$name = $FORM{'name'};
$password = $FORM{'password'};
$newpass = crypt($password, tnnntv);
if ($FORM{'submit'} eq "Add") {
&encrypt
}elsif ($FORM{'submit'} eq "Submit"){
&form2;
}elsif ($FORM{'submit'} eq "Delete"){
&delete;
}else{
&form;
}
sub form{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Password Manager</b></font></td>
</tr>
</table>
<p>Which directory would you like to manage passwords for?</p>
<form method="POST" action="$action/password.cgi">
<p>
The current full directory path for the password.cgi is
<b>$pwd</b><br><br>
Directory: <input type="text" name="directory" size="20"><br>
<input type="submit" value="Submit" name="submit"></p>
</form>
<p> </p>
</body>
</html>
HTML
}
sub form2{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Now
Managing Passwords for:<br> $directory</b></font></td>
</tr>
</table>
<form action ="$action/password.cgi" method="post">
<table>
<tr>
<td>New member:</td><td><input type="text" name="name"></td>
</tr>
<tr>
<td>Password:</td><td><input type="text" name="password"></td>
</tr>
<tr>
<td colspan=2><input type="submit" value="Add" name="submit"></td>
</tr>
</table>
<p>Current Users:<br>
HTML
open (FILE1, "$directory/.htaccess") || print "There does not appear to
be a .htaccess file here yet. <br>Will attempt to create when you add a
new user.n";
@ht=<FILE1>;
close(FILE1);
foreach $ht(@ht){
chomp($ht);
if ($ht =~ /require/){
@require = split(/ /, $ht);
@require = reverse(@require);
$old = pop(@require);
$old2 = pop(@require);
@require = reverse(@require);
foreach $require(@require){
print "<input type="radio" name="user"
value="$require">$require<br>n";
}
}
}
print <<HTML;
<p><br>
<input type="submit" value="Delete" name="submit">
<input type="hidden" name="directory" value="$directory">
</form>
<p> 
<p> 
<p> 
<p><br>
</form>
</body>
</html>
HTML
}
sub encrypt{
if (-e "$directory/.htaccess"){
open (PANEL, "$directory/.htaccess") || print "Can't open
$directory/.htaccessn";
@panel = <PANEL>;
close (PANEL);
open (FILE2, ">$directory/.htaccess");
foreach $panel(@panel){
chomp($panel);
if ($panel =~ /require/){
$panel = $panel.$FORM{name}." ";
}
print FILE2 "$paneln";
}
close (FILE2);
$newpass = crypt($FORM{password}, tnnntv);
open (PANEL, ">>$directory/.htpasswd") || die print "Can't open
.htpasswd";
print PANEL "$FORM{name}:$newpassn";
close (PANEL);
}else{
open (FILE, ">$directory/.htaccess") || die print "Can't open
$directory/.htaccess";
print FILE "AuthUserFile $directory/.htpasswdnAuthName
"Access"nAuthType Basicn<limit GET>nrequire user
$FORM{name}n</limit>n";
close(FILE);
open (FILE2, ">$directory/.htpasswd") || die print "Can't open
$directory/.htpasswd";
print FILE2 "$FORM{name}:$newpassn";
close(FILE2);
}
&form2;
}
sub delete{
if ($user ne ""){
open (FILE, "$directory/.htaccess");
@htaccess=<FILE>;
close(FILE);
open (FILE2, ">$directory/.htaccess");
foreach $htaccess(@htaccess){
chomp($htaccess);
$htaccess =~ s/$users//;
print FILE2 "$htaccessn";
}
close(FILE2);
open (FILE3, "$directory/.htpasswd");
@password=<FILE3>;
close(FILE3);
open (FILE4, ">$directory/.htpasswd");
foreach $password(@password){
chomp($password);
print FILE4 "$passwordn" unless ($password =~ /b$userb/);
}
}
&form2;
}

In article <3f6063f4$0$2799$626a54ce@news.free.fr>,
Mickëy <michael.bruneau@tiscali.fr> wrote:

remplace <input type="text" name="password">
par <input TYPE="password" name="password">

ça n'a pas fonctionné (sauf erreur de manip très possible à mon
niveau...).

Le mieu pour que ton script soit plus claire est de faire:
#!/usr/bin/perl
use CGI;
$query=new CGI;
...
print $cgi->start_html(),
$cgi->start_form(),
$cgi->textfield(
-name=>'name',
-size=>25
-maxlength=>25
),
$query->password_field(
-name=>'password',
-size=>25,
-maxlength=>25
);
print $query->submit(
-name=>'submit',
-value=>'Add'
);
...
print $cgi->end_form,
$cgi->end_html;

Là, je ne vois pas bien où je dois faire les copier/coller...
si ce n'est pas trop demander, tu peux préciser ?
Merci

--
Mickëy

Paul Sellis wrote:

J'utilise le script password.cgi.

Pour faciliter l'administration, je souhaiterais que sur la page où l'on
présente des utilisateurs déjà inscripts (Current Users), en plus de
leur nom on ait aussi leur Password non crypté.

Mais évidemment je n'y connais rien en Perl... comment faire ça ?

#!/usr/bin/perl
# Copyright by Floyd Morrissette Floyd@NewWebSite.com
# Make sure you chmod 755 or make it executable by everybody.
# And of course make sure you rename this file to password.cgi
# Change the following variable to the way your forms should call cgi
scripts on your system. No trailing slash.

$action = "http://www.you-site.com/cgi-bin";

print "Content-type: text/htmlnn";
$pwd = `pwd`;
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/~!/ ~!/g; $FORM{$name} = $value;}
$directory = $FORM{'directory'};
$user = $FORM{'user'};
$path = $FORM{'path'};
$name = $FORM{'name'};
$password = $FORM{'password'};
$newpass = crypt($password, tnnntv);
if ($FORM{'submit'} eq "Add") {
&encrypt
}elsif ($FORM{'submit'} eq "Submit"){
&form2;
}elsif ($FORM{'submit'} eq "Delete"){
&delete;
}else{
&form;
}
sub form{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Password Manager</b></font></td>
</tr>
</table>
<p>Which directory would you like to manage passwords for?</p>
<form method="POST" action="$action/password.cgi">
<p>
The current full directory path for the password.cgi is
<b>$pwd</b><br><br>
Directory: <input type="text" name="directory" size="20"><br>
<input type="submit" value="Submit" name="submit"></p>
</form>
<p> </p>
</body>
</html>
HTML
}
sub form2{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Now
Managing Passwords for:<br> $directory</b></font></td>
</tr>
</table>
<form action ="$action/password.cgi" method="post">
<table>
<tr>
<td>New member:</td><td><input type="text" name="name"></td>
</tr>
<tr>
<td>Password:</td><td><input type="text" name="password"></td>
</tr>
<tr>
<td colspan=2><input type="submit" value="Add" name="submit"></td>
</tr>
</table>
<p>Current Users:<br>
HTML
open (FILE1, "$directory/.htaccess") || print "There does not appear to
be a .htaccess file here yet. <br>Will attempt to create when you add a
new user.n";
@ht=<FILE1>;
close(FILE1);
foreach $ht(@ht){
chomp($ht);
if ($ht =~ /require/){
@require = split(/ /, $ht);
@require = reverse(@require);
$old = pop(@require);
$old2 = pop(@require);
@require = reverse(@require);
foreach $require(@require){
print "<input type="radio" name="user"
value="$require">$require<br>n";
}
}
}
print <<HTML;
<p><br>
<input type="submit" value="Delete" name="submit">
<input type="hidden" name="directory" value="$directory">
</form>
<p> 
<p> 
<p> 
<p><br>
</form>
</body>
</html>
HTML
}
sub encrypt{
if (-e "$directory/.htaccess"){
open (PANEL, "$directory/.htaccess") || print "Can't open
$directory/.htaccessn";
@panel = <PANEL>;
close (PANEL);
open (FILE2, ">$directory/.htaccess");
foreach $panel(@panel){
chomp($panel);
if ($panel =~ /require/){
$panel = $panel.$FORM{name}." ";
}
print FILE2 "$paneln";
}
close (FILE2);
$newpass = crypt($FORM{password}, tnnntv);
open (PANEL, ">>$directory/.htpasswd") || die print "Can't open
.htpasswd";
print PANEL "$FORM{name}:$newpassn";
close (PANEL);
}else{
open (FILE, ">$directory/.htaccess") || die print "Can't open
$directory/.htaccess";
print FILE "AuthUserFile $directory/.htpasswdnAuthName
"Access"nAuthType Basicn<limit GET>nrequire user
$FORM{name}n</limit>n";
close(FILE);
open (FILE2, ">$directory/.htpasswd") || die print "Can't open
$directory/.htpasswd";
print FILE2 "$FORM{name}:$newpassn";
close(FILE2);
}
&form2;
}
sub delete{
if ($user ne ""){
open (FILE, "$directory/.htaccess");
@htaccess=<FILE>;
close(FILE);
open (FILE2, ">$directory/.htaccess");
foreach $htaccess(@htaccess){
chomp($htaccess);
$htaccess =~ s/$users//;
print FILE2 "$htaccessn";
}
close(FILE2);
open (FILE3, "$directory/.htpasswd");
@password=<FILE3>;
close(FILE3);
open (FILE4, ">$directory/.htpasswd");
foreach $password(@password){
chomp($password);
print FILE4 "$passwordn" unless ($password =~ /b$userb/);
}
}
&form2;
}

Vous avez filtré cet utilisateur ! Consultez son message

In article <3f6063f4$0$2799$,
Mickëy wrote:

remplace <input type="text" name="password">
par <input TYPE="password" name="password">

ça n'a pas fonctionné (sauf erreur de manip très possible à mon
niveau...).

Le mieu pour que ton script soit plus claire est de faire:
#!/usr/bin/perl
use CGI;
$query=new CGI;
...
print $cgi->start_html(),
$cgi->start_form(),
$cgi->textfield(
-name=>'name',
-size=>25
-maxlength=>25
),
$query->password_field(
-name=>'password',
-size=>25,
-maxlength=>25
);
print $query->submit(
-name=>'submit',
-value=>'Add'
);
...
print $cgi->end_form,
$cgi->end_html;

Là, je ne vois pas bien où je dois faire les copier/coller...
si ce n'est pas trop demander, tu peux préciser ?
Merci

--
Mickëy

Paul Sellis wrote:
J'utilise le script password.cgi.

Pour faciliter l'administration, je souhaiterais que sur la page où l'on
présente des utilisateurs déjà inscripts (Current Users), en plus de
leur nom on ait aussi leur Password non crypté.

Mais évidemment je n'y connais rien en Perl... comment faire ça ?

#!/usr/bin/perl
# Copyright by Floyd Morrissette
# Make sure you chmod 755 or make it executable by everybody.
# And of course make sure you rename this file to password.cgi
# Change the following variable to the way your forms should call cgi
scripts on your system. No trailing slash.

$action = "http://www.you-site.com/cgi-bin";

print "Content-type: text/htmlnn";
$pwd = `pwd`;
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/~!/ ~!/g; $FORM{$name} = $value;}
$directory = $FORM{'directory'};
$user = $FORM{'user'};
$path = $FORM{'path'};
$name = $FORM{'name'};
$password = $FORM{'password'};
$newpass = crypt($password, tnnntv);
if ($FORM{'submit'} eq "Add") {
&encrypt
}elsif ($FORM{'submit'} eq "Submit"){
&form2;
}elsif ($FORM{'submit'} eq "Delete"){
&delete;
}else{
&form;
}
sub form{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Password Manager</b></font></td>
</tr>
</table>
<p>Which directory would you like to manage passwords for?</p>
<form method="POST" action="$action/password.cgi">
<p>
The current full directory path for the password.cgi is
<b>$pwd</b><br><br>
Directory: <input type="text" name="directory" size="20"><br>
<input type="submit" value="Submit" name="submit"></p>
</form>
<p> </p>
</body>
</html>
HTML
}
sub form2{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Now
Managing Passwords for:<br> $directory</b></font></td>
</tr>
</table>
<form action ="$action/password.cgi" method="post">
<table>
<tr>
<td>New member:</td><td><input type="text" name="name"></td>
</tr>
<tr>
<td>Password:</td><td><input type="text" name="password"></td>
</tr>
<tr>
<td colspan=2><input type="submit" value="Add" name="submit"></td>
</tr>
</table>
<p>Current Users:<br>
HTML
open (FILE1, "$directory/.htaccess") || print "There does not appear to
be a .htaccess file here yet. <br>Will attempt to create when you add a
new user.n";
@ht=<FILE1>;
close(FILE1);
foreach $ht(@ht){
chomp($ht);
if ($ht =~ /require/){
@require = split(/ /, $ht);
@require = reverse(@require);
$old = pop(@require);
$old2 = pop(@require);
@require = reverse(@require);
foreach $require(@require){
print "<input type="radio" name="user"
value="$require">$require<br>n";
}
}
}
print <<HTML;
<p><br>
<input type="submit" value="Delete" name="submit">
<input type="hidden" name="directory" value="$directory">
</form>
<p> 
<p> 
<p> 
<p><br>
</form>
</body>
</html>
HTML
}
sub encrypt{
if (-e "$directory/.htaccess"){
open (PANEL, "$directory/.htaccess") || print "Can't open
$directory/.htaccessn";
@panel = <PANEL>;
close (PANEL);
open (FILE2, ">$directory/.htaccess");
foreach $panel(@panel){
chomp($panel);
if ($panel =~ /require/){
$panel = $panel.$FORM{name}." ";
}
print FILE2 "$paneln";
}
close (FILE2);
$newpass = crypt($FORM{password}, tnnntv);
open (PANEL, ">>$directory/.htpasswd") || die print "Can't open
.htpasswd";
print PANEL "$FORM{name}:$newpassn";
close (PANEL);
}else{
open (FILE, ">$directory/.htaccess") || die print "Can't open
$directory/.htaccess";
print FILE "AuthUserFile $directory/.htpasswdnAuthName
"Access"nAuthType Basicn<limit GET>nrequire user
$FORM{name}n</limit>n";
close(FILE);
open (FILE2, ">$directory/.htpasswd") || die print "Can't open
$directory/.htpasswd";
print FILE2 "$FORM{name}:$newpassn";
close(FILE2);
}
&form2;
}
sub delete{
if ($user ne ""){
open (FILE, "$directory/.htaccess");
@htaccess=<FILE>;
close(FILE);
open (FILE2, ">$directory/.htaccess");
foreach $htaccess(@htaccess){
chomp($htaccess);
$htaccess =~ s/$users//;
print FILE2 "$htaccessn";
}
close(FILE2);
open (FILE3, "$directory/.htpasswd");
@password=<FILE3>;
close(FILE3);
open (FILE4, ">$directory/.htpasswd");
foreach $password(@password){
chomp($password);
print FILE4 "$passwordn" unless ($password =~ /b$userb/);
}
}
&form2;
}

Paul GABORIT

11/09/2003 à 18:56

In article ,
Paul GABORIT wrote:
Je cherche des sites facilement piratables et le votre avec ce script est
un vrai gruyère ! :-(

À (at) Thu, 11 Sep 2003 18:37:50 +0200,
Paul Sellis écrivait (wrote):

hum... c'est très possible que ce soit du gruyère.

C'est sûr !!! On peut exécuter, grâce à ce script, n'importe quelle commande !

Vous auriez un script à me recommander qui soit sécurisé et qui permette une
administration simple des mots de passe et des répertoires à protéger ?

Et bien sûr si possible gratuit...

De mon point de vue, l'administration de mots de passe (et donc de la
sécurité) ne peut pas être simple par définition ! ;-)

Demandez donc sur les forums de développements de sites web. Ils ont peut-être
cela sous le coude...

--
Paul Gaborit - <http://www.enstimac.fr/~gaborit/>
Perl en français - <http://www.enstimac.fr/Perl/>
Remove '.OOO' from e-mail address - Supprimez '.OOO' de l'adresse e-mail

Mickëy

11/09/2003 à 18:57

Bonjour,
si tu as une bas de données ca te simplifirais la vie, si non utilise
la librerie MD5 ou et RC4, pour crypter les mots de passes.

--
Mickëy

Paul Sellis wrote:

In article ,
Paul GABORIT wrote:

# Copyright by Floyd Morrissette

[...]

oui. J'ai contacté l'auteur. J'attends sa réponse.

Sur quel(s) site(s) utilisez-vous ce script ?
Je cherche des sites facilement piratables et le votre avec ce script est un
vrai gruyère ! :-(

hum... c'est très possible que ce soit du gruyère.

Vous auriez un script à me recommander qui soit sécurisé et qui permette
une administration simple des mots de passe et des répertoires à
protéger ?
Et bien sûr si possible gratuit...

Mickëy

11/09/2003 à 19:13

a la place de tous ton html
a chaque fois que tu a "print CODE HTML"
tu utilise la librerie CGI

man CGI ou http://search.cpan.org/author/JHI/perl-5.8.0/lib/CGI.pm

--
Mickëy

Paul Sellis wrote:

In article <3f6063f4$0$2799$,
Mickëy wrote:

remplace <input type="text" name="password">
par <input TYPE="password" name="password">

ça n'a pas fonctionné (sauf erreur de manip très possible à mon
niveau...).

Le mieu pour que ton script soit plus claire est de faire:
#!/usr/bin/perl
use CGI;
$query=new CGI;
...
print $cgi->start_html(),
$cgi->start_form(),
$cgi->textfield(
-name=>'name',
-size=>25
-maxlength=>25
),
$query->password_field(
-name=>'password',
-size=>25,
-maxlength=>25
);
print $query->submit(
-name=>'submit',
-value=>'Add'
);
...
print $cgi->end_form,
$cgi->end_html;

Là, je ne vois pas bien où je dois faire les copier/coller...
si ce n'est pas trop demander, tu peux préciser ?
Merci

--
Mickëy

Paul Sellis wrote:

J'utilise le script password.cgi.

Pour faciliter l'administration, je souhaiterais que sur la page où l'on
présente des utilisateurs déjà inscripts (Current Users), en plus de
leur nom on ait aussi leur Password non crypté.

Mais évidemment je n'y connais rien en Perl... comment faire ça ?

#!/usr/bin/perl
# Copyright by Floyd Morrissette
# Make sure you chmod 755 or make it executable by everybody.
# And of course make sure you rename this file to password.cgi
# Change the following variable to the way your forms should call cgi
scripts on your system. No trailing slash.

$action = "http://www.you-site.com/cgi-bin";

print "Content-type: text/htmlnn";
$pwd = `pwd`;
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/~!/ ~!/g; $FORM{$name} = $value;}
$directory = $FORM{'directory'};
$user = $FORM{'user'};
$path = $FORM{'path'};
$name = $FORM{'name'};
$password = $FORM{'password'};
$newpass = crypt($password, tnnntv);
if ($FORM{'submit'} eq "Add") {
&encrypt
}elsif ($FORM{'submit'} eq "Submit"){
&form2;
}elsif ($FORM{'submit'} eq "Delete"){
&delete;
}else{
&form;
}
sub form{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Password Manager</b></font></td>
</tr>
</table>
<p>Which directory would you like to manage passwords for?</p>
<form method="POST" action="$action/password.cgi">
<p>
The current full directory path for the password.cgi is
<b>$pwd</b><br><br>
Directory: <input type="text" name="directory" size="20"><br>
<input type="submit" value="Submit" name="submit"></p>
</form>
<p> </p>
</body>
</html>
HTML
}
sub form2{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Now
Managing Passwords for:<br> $directory</b></font></td>
</tr>
</table>
<form action ="$action/password.cgi" method="post">
<table>
<tr>
<td>New member:</td><td><input type="text" name="name"></td>
</tr>
<tr>
<td>Password:</td><td><input type="text" name="password"></td>
</tr>
<tr>
<td colspan=2><input type="submit" value="Add" name="submit"></td>
</tr>
</table>
<p>Current Users:<br>
HTML
open (FILE1, "$directory/.htaccess") || print "There does not appear to
be a .htaccess file here yet. <br>Will attempt to create when you add a
new user.n";
@ht=<FILE1>;
close(FILE1);
foreach $ht(@ht){
chomp($ht);
if ($ht =~ /require/){
@require = split(/ /, $ht);
@require = reverse(@require);
$old = pop(@require);
$old2 = pop(@require);
@require = reverse(@require);
foreach $require(@require){
print "<input type="radio" name="user"
value="$require">$require<br>n";
}
}
}
print <<HTML;
<p><br>
<input type="submit" value="Delete" name="submit">
<input type="hidden" name="directory" value="$directory">
</form>
<p> 
<p> 
<p> 
<p><br>
</form>
</body>
</html>
HTML
}
sub encrypt{
if (-e "$directory/.htaccess"){
open (PANEL, "$directory/.htaccess") || print "Can't open
$directory/.htaccessn";
@panel = <PANEL>;
close (PANEL);
open (FILE2, ">$directory/.htaccess");
foreach $panel(@panel){
chomp($panel);
if ($panel =~ /require/){
$panel = $panel.$FORM{name}." ";
}
print FILE2 "$paneln";
}
close (FILE2);
$newpass = crypt($FORM{password}, tnnntv);
open (PANEL, ">>$directory/.htpasswd") || die print "Can't open
.htpasswd";
print PANEL "$FORM{name}:$newpassn";
close (PANEL);
}else{
open (FILE, ">$directory/.htaccess") || die print "Can't open
$directory/.htaccess";
print FILE "AuthUserFile $directory/.htpasswdnAuthName
"Access"nAuthType Basicn<limit GET>nrequire user
$FORM{name}n</limit>n";
close(FILE);
open (FILE2, ">$directory/.htpasswd") || die print "Can't open
$directory/.htpasswd";
print FILE2 "$FORM{name}:$newpassn";
close(FILE2);
}
&form2;
}
sub delete{
if ($user ne ""){
open (FILE, "$directory/.htaccess");
@htaccess=<FILE>;
close(FILE);
open (FILE2, ">$directory/.htaccess");
foreach $htaccess(@htaccess){
chomp($htaccess);
$htaccess =~ s/$users//;
print FILE2 "$htaccessn";
}
close(FILE2);
open (FILE3, "$directory/.htpasswd");
@password=<FILE3>;
close(FILE3);
open (FILE4, ">$directory/.htpasswd");
foreach $password(@password){
chomp($password);
print FILE4 "$passwordn" unless ($password =~ /b$userb/);
}
}
&form2;
}

a la place de tous ton html
a chaque fois que tu a "print CODE HTML"
tu utilise la librerie CGI

man CGI ou http://search.cpan.org/author/JHI/perl-5.8.0/lib/CGI.pm

--
Mickëy

Paul Sellis wrote:

In article <3f6063f4$0$2799$626a54ce@news.free.fr>,
Mickëy <michael.bruneau@tiscali.fr> wrote:

remplace <input type="text" name="password">
par <input TYPE="password" name="password">

ça n'a pas fonctionné (sauf erreur de manip très possible à mon
niveau...).

Le mieu pour que ton script soit plus claire est de faire:
#!/usr/bin/perl
use CGI;
$query=new CGI;
...
print $cgi->start_html(),
$cgi->start_form(),
$cgi->textfield(
-name=>'name',
-size=>25
-maxlength=>25
),
$query->password_field(
-name=>'password',
-size=>25,
-maxlength=>25
);
print $query->submit(
-name=>'submit',
-value=>'Add'
);
...
print $cgi->end_form,
$cgi->end_html;

Là, je ne vois pas bien où je dois faire les copier/coller...
si ce n'est pas trop demander, tu peux préciser ?
Merci

--
Mickëy

Paul Sellis wrote:

J'utilise le script password.cgi.

Pour faciliter l'administration, je souhaiterais que sur la page où l'on
présente des utilisateurs déjà inscripts (Current Users), en plus de
leur nom on ait aussi leur Password non crypté.

Mais évidemment je n'y connais rien en Perl... comment faire ça ?

#!/usr/bin/perl
# Copyright by Floyd Morrissette Floyd@NewWebSite.com
# Make sure you chmod 755 or make it executable by everybody.
# And of course make sure you rename this file to password.cgi
# Change the following variable to the way your forms should call cgi
scripts on your system. No trailing slash.

$action = "http://www.you-site.com/cgi-bin";

print "Content-type: text/htmlnn";
$pwd = `pwd`;
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/~!/ ~!/g; $FORM{$name} = $value;}
$directory = $FORM{'directory'};
$user = $FORM{'user'};
$path = $FORM{'path'};
$name = $FORM{'name'};
$password = $FORM{'password'};
$newpass = crypt($password, tnnntv);
if ($FORM{'submit'} eq "Add") {
&encrypt
}elsif ($FORM{'submit'} eq "Submit"){
&form2;
}elsif ($FORM{'submit'} eq "Delete"){
&delete;
}else{
&form;
}
sub form{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Password Manager</b></font></td>
</tr>
</table>
<p>Which directory would you like to manage passwords for?</p>
<form method="POST" action="$action/password.cgi">
<p>
The current full directory path for the password.cgi is
<b>$pwd</b><br><br>
Directory: <input type="text" name="directory" size="20"><br>
<input type="submit" value="Submit" name="submit"></p>
</form>
<p> </p>
</body>
</html>
HTML
}
sub form2{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Now
Managing Passwords for:<br> $directory</b></font></td>
</tr>
</table>
<form action ="$action/password.cgi" method="post">
<table>
<tr>
<td>New member:</td><td><input type="text" name="name"></td>
</tr>
<tr>
<td>Password:</td><td><input type="text" name="password"></td>
</tr>
<tr>
<td colspan=2><input type="submit" value="Add" name="submit"></td>
</tr>
</table>
<p>Current Users:<br>
HTML
open (FILE1, "$directory/.htaccess") || print "There does not appear to
be a .htaccess file here yet. <br>Will attempt to create when you add a
new user.n";
@ht=<FILE1>;
close(FILE1);
foreach $ht(@ht){
chomp($ht);
if ($ht =~ /require/){
@require = split(/ /, $ht);
@require = reverse(@require);
$old = pop(@require);
$old2 = pop(@require);
@require = reverse(@require);
foreach $require(@require){
print "<input type="radio" name="user"
value="$require">$require<br>n";
}
}
}
print <<HTML;
<p><br>
<input type="submit" value="Delete" name="submit">
<input type="hidden" name="directory" value="$directory">
</form>
<p> 
<p> 
<p> 
<p><br>
</form>
</body>
</html>
HTML
}
sub encrypt{
if (-e "$directory/.htaccess"){
open (PANEL, "$directory/.htaccess") || print "Can't open
$directory/.htaccessn";
@panel = <PANEL>;
close (PANEL);
open (FILE2, ">$directory/.htaccess");
foreach $panel(@panel){
chomp($panel);
if ($panel =~ /require/){
$panel = $panel.$FORM{name}." ";
}
print FILE2 "$paneln";
}
close (FILE2);
$newpass = crypt($FORM{password}, tnnntv);
open (PANEL, ">>$directory/.htpasswd") || die print "Can't open
.htpasswd";
print PANEL "$FORM{name}:$newpassn";
close (PANEL);
}else{
open (FILE, ">$directory/.htaccess") || die print "Can't open
$directory/.htaccess";
print FILE "AuthUserFile $directory/.htpasswdnAuthName
"Access"nAuthType Basicn<limit GET>nrequire user
$FORM{name}n</limit>n";
close(FILE);
open (FILE2, ">$directory/.htpasswd") || die print "Can't open
$directory/.htpasswd";
print FILE2 "$FORM{name}:$newpassn";
close(FILE2);
}
&form2;
}
sub delete{
if ($user ne ""){
open (FILE, "$directory/.htaccess");
@htaccess=<FILE>;
close(FILE);
open (FILE2, ">$directory/.htaccess");
foreach $htaccess(@htaccess){
chomp($htaccess);
$htaccess =~ s/$users//;
print FILE2 "$htaccessn";
}
close(FILE2);
open (FILE3, "$directory/.htpasswd");
@password=<FILE3>;
close(FILE3);
open (FILE4, ">$directory/.htpasswd");
foreach $password(@password){
chomp($password);
print FILE4 "$passwordn" unless ($password =~ /b$userb/);
}
}
&form2;
}

Vous avez filtré cet utilisateur ! Consultez son message

a la place de tous ton html
a chaque fois que tu a "print CODE HTML"
tu utilise la librerie CGI

man CGI ou http://search.cpan.org/author/JHI/perl-5.8.0/lib/CGI.pm

--
Mickëy

Paul Sellis wrote:

In article <3f6063f4$0$2799$,
Mickëy wrote:

remplace <input type="text" name="password">
par <input TYPE="password" name="password">

ça n'a pas fonctionné (sauf erreur de manip très possible à mon
niveau...).

Le mieu pour que ton script soit plus claire est de faire:
#!/usr/bin/perl
use CGI;
$query=new CGI;
...
print $cgi->start_html(),
$cgi->start_form(),
$cgi->textfield(
-name=>'name',
-size=>25
-maxlength=>25
),
$query->password_field(
-name=>'password',
-size=>25,
-maxlength=>25
);
print $query->submit(
-name=>'submit',
-value=>'Add'
);
...
print $cgi->end_form,
$cgi->end_html;

Là, je ne vois pas bien où je dois faire les copier/coller...
si ce n'est pas trop demander, tu peux préciser ?
Merci

--
Mickëy

Paul Sellis wrote:

J'utilise le script password.cgi.

Pour faciliter l'administration, je souhaiterais que sur la page où l'on
présente des utilisateurs déjà inscripts (Current Users), en plus de
leur nom on ait aussi leur Password non crypté.

Mais évidemment je n'y connais rien en Perl... comment faire ça ?

#!/usr/bin/perl
# Copyright by Floyd Morrissette
# Make sure you chmod 755 or make it executable by everybody.
# And of course make sure you rename this file to password.cgi
# Change the following variable to the way your forms should call cgi
scripts on your system. No trailing slash.

$action = "http://www.you-site.com/cgi-bin";

print "Content-type: text/htmlnn";
$pwd = `pwd`;
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/~!/ ~!/g; $FORM{$name} = $value;}
$directory = $FORM{'directory'};
$user = $FORM{'user'};
$path = $FORM{'path'};
$name = $FORM{'name'};
$password = $FORM{'password'};
$newpass = crypt($password, tnnntv);
if ($FORM{'submit'} eq "Add") {
&encrypt
}elsif ($FORM{'submit'} eq "Submit"){
&form2;
}elsif ($FORM{'submit'} eq "Delete"){
&delete;
}else{
&form;
}
sub form{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Password Manager</b></font></td>
</tr>
</table>
<p>Which directory would you like to manage passwords for?</p>
<form method="POST" action="$action/password.cgi">
<p>
The current full directory path for the password.cgi is
<b>$pwd</b><br><br>
Directory: <input type="text" name="directory" size="20"><br>
<input type="submit" value="Submit" name="submit"></p>
</form>
<p> </p>
</body>
</html>
HTML
}
sub form2{
print <<HTML;
<html>
<head>
<title>Password Manager</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="#008080"><font color="#FFFFFF" size="2"
face="Verdana"><b>Now
Managing Passwords for:<br> $directory</b></font></td>
</tr>
</table>
<form action ="$action/password.cgi" method="post">
<table>
<tr>
<td>New member:</td><td><input type="text" name="name"></td>
</tr>
<tr>
<td>Password:</td><td><input type="text" name="password"></td>
</tr>
<tr>
<td colspan=2><input type="submit" value="Add" name="submit"></td>
</tr>
</table>
<p>Current Users:<br>
HTML
open (FILE1, "$directory/.htaccess") || print "There does not appear to
be a .htaccess file here yet. <br>Will attempt to create when you add a
new user.n";
@ht=<FILE1>;
close(FILE1);
foreach $ht(@ht){
chomp($ht);
if ($ht =~ /require/){
@require = split(/ /, $ht);
@require = reverse(@require);
$old = pop(@require);
$old2 = pop(@require);
@require = reverse(@require);
foreach $require(@require){
print "<input type="radio" name="user"
value="$require">$require<br>n";
}
}
}
print <<HTML;
<p><br>
<input type="submit" value="Delete" name="submit">
<input type="hidden" name="directory" value="$directory">
</form>
<p> 
<p> 
<p> 
<p><br>
</form>
</body>
</html>
HTML
}
sub encrypt{
if (-e "$directory/.htaccess"){
open (PANEL, "$directory/.htaccess") || print "Can't open
$directory/.htaccessn";
@panel = <PANEL>;
close (PANEL);
open (FILE2, ">$directory/.htaccess");
foreach $panel(@panel){
chomp($panel);
if ($panel =~ /require/){
$panel = $panel.$FORM{name}." ";
}
print FILE2 "$paneln";
}
close (FILE2);
$newpass = crypt($FORM{password}, tnnntv);
open (PANEL, ">>$directory/.htpasswd") || die print "Can't open
.htpasswd";
print PANEL "$FORM{name}:$newpassn";
close (PANEL);
}else{
open (FILE, ">$directory/.htaccess") || die print "Can't open
$directory/.htaccess";
print FILE "AuthUserFile $directory/.htpasswdnAuthName
"Access"nAuthType Basicn<limit GET>nrequire user
$FORM{name}n</limit>n";
close(FILE);
open (FILE2, ">$directory/.htpasswd") || die print "Can't open
$directory/.htpasswd";
print FILE2 "$FORM{name}:$newpassn";
close(FILE2);
}
&form2;
}
sub delete{
if ($user ne ""){
open (FILE, "$directory/.htaccess");
@htaccess=<FILE>;
close(FILE);
open (FILE2, ">$directory/.htaccess");
foreach $htaccess(@htaccess){
chomp($htaccess);
$htaccess =~ s/$users//;
print FILE2 "$htaccessn";
}
close(FILE2);
open (FILE3, "$directory/.htpasswd");
@password=<FILE3>;
close(FILE3);
open (FILE4, ">$directory/.htpasswd");
foreach $password(@password){
chomp($password);
print FILE4 "$passwordn" unless ($password =~ /b$userb/);
}
}
&form2;
}

Samuel Mouniée

11/09/2003 à 20:01

Bonjour,

Mickëy wrote:

a la place de tous ton html
a chaque fois que tu a "print CODE HTML"
tu utilise la librerie CGI

man CGI ou http://search.cpan.org/author/JHI/perl-5.8.0/lib/CGI.pm

je n'utilise CGI.pm que pour la recuperation des parametres passes aux
scripts CGI ( et je ne suis pas satisfait de la maniere dont cela
fonctionne ), tout le reste je le fais a la mimine. j'envisage de faire
pour le XVII, ma propre API de recuperation de parametres. donc pourquoi
utiliser CGI.pm qui est tres lourd ?

--
Mickëy

.s'nuoM

Paul Sellis

11/09/2003 à 20:28

In article ,
Paul GABORIT wrote:

hum... c'est très possible que ce soit du gruyère.
C'est sûr !!! On peut exécuter, grâce à ce script, n'importe quelle commande !

Ceci dit il est situé dans un répertoire cgi-bin qui n'est pas
normalement pas lisible directement à partir de serveur web. C'est un
répertoire en parallèle de www.

Vous auriez un script à me recommander qui soit sécurisé et qui permette une
administration simple des mots de passe et des répertoires à protéger ?
Demandez donc sur les forums de développements de sites web. Ils ont peut-être

cela sous le coude...

vous connaissez de bons forums de développements de sites web ?

Paul Sellis

11/09/2003 à 20:46

ah... j'ai oublié :

comment décrypter un mot de passe quand on connait le résultat crypté et
la clé ?

Par exemple cet outil chez OVH a servi à obtenir un pass crypté :
http://www.ovh.com/cgi-bin/crypt.pl

comment retourner au pass original ?

1 2 3

Modifier password.cgi

10 réponses

Veuillez sélectionner un problème